Change filter_warning_resolver to use warning codes

Now that we have a result struct and set of warning codes, change the filter_warning_resolver to use them. This involves populating a set of warning codes instead of strings. Also, the methods to format warnings into human-readable strings is now in the falco_load_result static methods, so move the text there and remove the methods here. Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
2025-09-19 17:14:26 +00:00 · 2022-06-15 16:25:39 -07:00
parent 0066ba49ea
commit bb44d992ab
3 changed files with 10 additions and 51 deletions
--- a/tests/engine/test_filter_warning_resolver.cpp
+++ b/tests/engine/test_filter_warning_resolver.cpp
@@ -19,7 +19,7 @@ limitations under the License.

 static bool warns(const std::string& condition)
 {
-	std::set<std::string> w;
+	std::set<falco::load_result::warning_code> w;
 	auto ast = libsinsp::filter::parser(condition).parse();
 	filter_warning_resolver().run(ast, w);
 	delete ast;
--- a/userspace/engine/filter_warning_resolver.cpp
+++ b/userspace/engine/filter_warning_resolver.cpp
@@ -17,8 +17,9 @@ limitations under the License.
 #include <sinsp.h>
 #include "filter_warning_resolver.h"

+using namespace falco;
+
 static const char* no_value = "<NA>";
-static const char* warn_unsafe_na_check = "unsafe-na-check";

 static inline bool is_unsafe_field(const string& f)
 {
@@ -34,7 +35,7 @@ static inline bool is_equality_operator(const string& op)

 bool filter_warning_resolver::run(
 	libsinsp::filter::ast::expr* filter,
-	std::set<string>& warnings) const
+	std::set<load_result::warning_code>& warnings) const
 {
 	visitor v;
 	auto size = warnings.size();
@@ -44,22 +45,6 @@ bool filter_warning_resolver::run(
 	return warnings.size() > size;
 }

-// todo(jasondellaluce): use an hard-coded map once we support more warnings
-bool filter_warning_resolver::format(
-	const std::string& code,
-	std::string& out) const
-{
-	if (code == warn_unsafe_na_check)
-	{
-		out = "comparing a field value with <NA> is unsafe and can lead to "
-			"unpredictable behavior of the rule condition. If you need to "
-			" check for the existence of a field, consider using the "
-			"'exists' operator instead.";
-		return true;
-	}
-	return false;
-}
-
 void filter_warning_resolver::visitor::visit(
 	libsinsp::filter::ast::binary_check_expr* e)
 {
@@ -76,7 +61,7 @@ void filter_warning_resolver::visitor::visit(
 {
 	if (m_is_equality_check && e->value == no_value)
 	{
-		m_warnings->insert(warn_unsafe_na_check);
+		m_warnings->insert(load_result::LOAD_UNSAFE_NA_CHECK);
 	}
 }

@@ -86,6 +71,6 @@ void filter_warning_resolver::visitor::visit(
 	if (m_is_equality_check
 		&& std::find(e->values.begin(), e->values.end(), no_value) != e->values.end())
 	{
-		m_warnings->insert(warn_unsafe_na_check);
+		m_warnings->insert(load_result::LOAD_UNSAFE_NA_CHECK);
 	}
 }
--- a/userspace/engine/filter_warning_resolver.h
+++ b/userspace/engine/filter_warning_resolver.h
@@ -21,6 +21,7 @@ limitations under the License.
 #include <set>
 #include <memory>
 #include "falco_common.h"
+#include "falco_load_result.h"

 /*!
 	\brief Searches for bad practices in filter conditions and
@@ -42,40 +43,13 @@ public:
 	*/
 	bool run(
 		libsinsp::filter::ast::expr* filter,
-		std::set<std::string>& warnings) const;
-	
-	/*!
-		\brief Given a warning code retrieved through run(), returns
-		a verbose message describing the problem of the warning.
-		\param code The warning code string
-		\param out The string to be filled-out with the warning message
-		\return true if the warning code is recognized, false otherwise
-	*/
-	bool format(const std::string& code, std::string& out) const;
-
-	/*!
-		\brief Given a warning code retrieved through run(), returns
-		a verbose message describing the problem of the warning.
-		\param code The warning code string
-		\return The warning message string
-		\throw falco_exception if the warning code is not recognized
-
-	*/
-	inline std::string format(const std::string& code) const
-	{
-		std::string v;
-		if (!format(code, v))
-		{
-			throw falco_exception("unrecognized warning code: " + code);
-		}
-		return v;
-	}
+		std::set<falco::load_result::warning_code>& warnings) const;

 private:
 	struct visitor : public libsinsp::filter::ast::base_expr_visitor
 	{
 		bool m_is_equality_check;
-		std::set<std::string>* m_warnings;
+		std::set<falco::load_result::warning_code>* m_warnings;

 		void visit(libsinsp::filter::ast::value_expr* e) override;
 		void visit(libsinsp::filter::ast::list_expr* e) override;