github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-14 04:16:17 +00:00
Code Issues Projects Releases Wiki Activity

update(userspace/engine): remove warnings for missing exceptions

Browse Source 
We want users to continue using rules without having to use exceptions.
Exceptions are an additional feature for more advanced use-cases, having
a warning in there will mean that everyone now adds an empty exception
to avoid the warning.

Co-Authored-By: Leonardo Grasso <me@leonardograsso.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
This commit is contained in:
Lorenzo Fontana 2021-04-07 17:13:52 +02:00 committed by poiana
parent 194cdf7873
commit bd562a1ed9
4 changed files with 1 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
test/falco_tests.yaml
View File

@ -356,8 +356,6 @@ trace_files: !mux
condition: evt.type=fork condition: evt.type=fork
priority: INFO priority: INFO
--- ---
1 warnings:
Rule no output rule: consider adding an exceptions property to define supported exceptions fields
validate_rules_file: validate_rules_file:
- rules/invalid_rule_without_output.yaml - rules/invalid_rule_without_output.yaml
trace_file: trace_files/cat_write.scap trace_file: trace_files/cat_write.scap
@ -413,8 +411,6 @@ trace_files: !mux
condition: evt.type=open condition: evt.type=open
append: true append: true
--- ---
1 warnings:
Rule my_rule: consider adding an exceptions property to define supported exceptions fields
validate_rules_file: validate_rules_file:
- rules/rule_append_failure.yaml - rules/rule_append_failure.yaml
trace_file: trace_files/cat_write.scap trace_file: trace_files/cat_write.scap
@ -542,9 +538,6 @@ trace_files: !mux
priority: INFO priority: INFO
append: false append: false
--- ---
2 warnings:
Rule some rule: consider adding an exceptions property to define supported exceptions fields
Rule some rule: consider adding an exceptions property to define supported exceptions fields
validate_rules_file: validate_rules_file:
- rules/invalid_overwrite_rule_multiple_docs.yaml - rules/invalid_overwrite_rule_multiple_docs.yaml
trace_file: trace_files/cat_write.scap trace_file: trace_files/cat_write.scap
@ -567,9 +560,6 @@ trace_files: !mux
priority: INFO priority: INFO
append: true append: true
--- ---
2 warnings:
Rule some rule: consider adding an exceptions property to define supported exceptions fields
Rule some rule: consider adding an exceptions property to define supported exceptions fields
validate_rules_file: validate_rules_file:
- rules/invalid_append_rule_multiple_docs.yaml - rules/invalid_append_rule_multiple_docs.yaml
trace_file: trace_files/cat_write.scap trace_file: trace_files/cat_write.scap
@ -627,8 +617,6 @@ trace_files: !mux
output: "An open was seen %not_a_real_field" output: "An open was seen %not_a_real_field"
priority: WARNING priority: WARNING
--- ---
1 warnings:
Rule rule_with_invalid_output: consider adding an exceptions property to define supported exceptions fields
validate_rules_file: validate_rules_file:
- rules/invalid_rule_output.yaml - rules/invalid_rule_output.yaml
trace_file: trace_files/cat_write.scap trace_file: trace_files/cat_write.scap

9
test/falco_tests_exceptions.yaml
View File

@ -185,15 +185,6 @@ trace_files: !mux
- rules/exceptions/append_item_not_in_rule.yaml - rules/exceptions/append_item_not_in_rule.yaml
trace_file: trace_files/cat_write.scap trace_file: trace_files/cat_write.scap
rule_without_exception:
exit_status: 0
stderr_contains: |+
1 warnings:
Rule My Rule: consider adding an exceptions property to define supported exceptions fields
validate_rules_file:
- rules/exceptions/rule_without_exception.yaml
trace_file: trace_files/cat_write.scap
rule_exception_no_values: rule_exception_no_values:
detect: True detect: True
detect_level: WARNING detect_level: WARNING

21
test/rules/exceptions/rule_without_exception.yaml
View File

@ -1,21 +0,0 @@
#
# Copyright (C) 2020 The Falco Authors.
#
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
- rule: My Rule
desc: Some desc
condition: evt.type=open and proc.name=cat
output: Some output
priority: error

4
userspace/engine/lua/rule_loader.lua
View File

@ -522,10 +522,8 @@ function load_rules_doc(rules_mgr, doc, load_state)
v['source'] = "syscall" v['source'] = "syscall"
end end
-- Add an empty exceptions property to the rule if not -- Add an empty exceptions property to the rule if not defined
-- defined, but add a warning about defining one
if v['exceptions'] == nil then if v['exceptions'] == nil then
warnings[#warnings + 1] = "Rule "..v['rule']..": consider adding an exceptions property to define supported exceptions fields"
v['exceptions'] = {} v['exceptions'] = {}
end end