diff --git a/tests/engine/test_filter_warning_resolver.cpp b/tests/engine/test_filter_warning_resolver.cpp index 224bf098..0057a3fc 100644 --- a/tests/engine/test_filter_warning_resolver.cpp +++ b/tests/engine/test_filter_warning_resolver.cpp @@ -19,7 +19,7 @@ limitations under the License. static bool warns(const std::string& condition) { - std::set w; + std::set w; auto ast = libsinsp::filter::parser(condition).parse(); filter_warning_resolver().run(ast, w); delete ast; diff --git a/userspace/engine/filter_warning_resolver.cpp b/userspace/engine/filter_warning_resolver.cpp index dbece71f..e6a9deb6 100644 --- a/userspace/engine/filter_warning_resolver.cpp +++ b/userspace/engine/filter_warning_resolver.cpp @@ -17,8 +17,9 @@ limitations under the License. #include #include "filter_warning_resolver.h" +using namespace falco; + static const char* no_value = ""; -static const char* warn_unsafe_na_check = "unsafe-na-check"; static inline bool is_unsafe_field(const string& f) { @@ -34,7 +35,7 @@ static inline bool is_equality_operator(const string& op) bool filter_warning_resolver::run( libsinsp::filter::ast::expr* filter, - std::set& warnings) const + std::set& warnings) const { visitor v; auto size = warnings.size(); @@ -44,22 +45,6 @@ bool filter_warning_resolver::run( return warnings.size() > size; } -// todo(jasondellaluce): use an hard-coded map once we support more warnings -bool filter_warning_resolver::format( - const std::string& code, - std::string& out) const -{ - if (code == warn_unsafe_na_check) - { - out = "comparing a field value with is unsafe and can lead to " - "unpredictable behavior of the rule condition. If you need to " - " check for the existence of a field, consider using the " - "'exists' operator instead."; - return true; - } - return false; -} - void filter_warning_resolver::visitor::visit( libsinsp::filter::ast::binary_check_expr* e) { @@ -76,7 +61,7 @@ void filter_warning_resolver::visitor::visit( { if (m_is_equality_check && e->value == no_value) { - m_warnings->insert(warn_unsafe_na_check); + m_warnings->insert(load_result::LOAD_UNSAFE_NA_CHECK); } } @@ -86,6 +71,6 @@ void filter_warning_resolver::visitor::visit( if (m_is_equality_check && std::find(e->values.begin(), e->values.end(), no_value) != e->values.end()) { - m_warnings->insert(warn_unsafe_na_check); + m_warnings->insert(load_result::LOAD_UNSAFE_NA_CHECK); } -} \ No newline at end of file +} diff --git a/userspace/engine/filter_warning_resolver.h b/userspace/engine/filter_warning_resolver.h index 9cc74709..e3231044 100644 --- a/userspace/engine/filter_warning_resolver.h +++ b/userspace/engine/filter_warning_resolver.h @@ -21,6 +21,7 @@ limitations under the License. #include #include #include "falco_common.h" +#include "falco_load_result.h" /*! \brief Searches for bad practices in filter conditions and @@ -42,40 +43,13 @@ public: */ bool run( libsinsp::filter::ast::expr* filter, - std::set& warnings) const; - - /*! - \brief Given a warning code retrieved through run(), returns - a verbose message describing the problem of the warning. - \param code The warning code string - \param out The string to be filled-out with the warning message - \return true if the warning code is recognized, false otherwise - */ - bool format(const std::string& code, std::string& out) const; - - /*! - \brief Given a warning code retrieved through run(), returns - a verbose message describing the problem of the warning. - \param code The warning code string - \return The warning message string - \throw falco_exception if the warning code is not recognized - - */ - inline std::string format(const std::string& code) const - { - std::string v; - if (!format(code, v)) - { - throw falco_exception("unrecognized warning code: " + code); - } - return v; - } + std::set& warnings) const; private: struct visitor : public libsinsp::filter::ast::base_expr_visitor { bool m_is_equality_check; - std::set* m_warnings; + std::set* m_warnings; void visit(libsinsp::filter::ast::value_expr* e) override; void visit(libsinsp::filter::ast::list_expr* e) override;