github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2026-02-21 22:27:51 +00:00
Code Issues Projects Releases Wiki Activity

Add addl support for rules reader/compiler subclasses

Browse Source 
To support subclasses that may extend the falco rules format, add
additional error/warning/item types for an extension item.

When subclasses report errors and warnings, they can use these
codes/item types in context objects and still provide an exact
line/column context.

Also make some previously static functions in rules reader protected
methods so they can be used in sub-classes.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
This commit is contained in:
Mark Stemm
2024-01-11 13:02:10 -08:00
committed by poiana
parent eed5b906a8
commit ce5a50cbb5
5 changed files with 31 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
userspace/engine/rule_loader_reader.cpp
View File

@@ -56,21 +56,27 @@ static void decode_val_generic(const YAML::Node& item, const char *key, std::opt
}
template <typename T>
static void decode_val(const YAML::Node& item, const char *key, T& out, const rule_loader::context& ctx)
void rule_loader::reader::decode_val(const YAML::Node& item, const char *key, T& out, const rule_loader::context& ctx)
{
bool optional = false;
decode_val_generic(item, key, out, ctx, optional);
}
template void rule_loader::reader::decode_val<std::string>(const YAML::Node& item, const char *key, std::string& out, const rule_loader::context& ctx);
template <typename T>
static void decode_optional_val(const YAML::Node& item, const char *key, T& out, const rule_loader::context& ctx)
void rule_loader::reader::decode_optional_val(const YAML::Node& item, const char *key, T& out, const rule_loader::context& ctx)
{
bool optional = true;
decode_val_generic(item, key, out, ctx, optional);
}
template void rule_loader::reader::decode_optional_val<std::string>(const YAML::Node& item, const char *key, std::string& out, const rule_loader::context& ctx);
template void rule_loader::reader::decode_optional_val<bool>(const YAML::Node& item, const char *key, bool& out, const rule_loader::context& ctx);
// Don't call this directly, call decode_items/decode_tags instead.
template <typename T>
static void decode_seq(const YAML::Node& item, const char *key,
@@ -289,7 +295,7 @@ static void read_rule_exceptions(
rule_loader::context tmp(ex, rule_loader::context::EXCEPTION, "", exes_ctx);
THROW(!ex.IsMap(), "Rule exception must be a mapping", tmp);
decode_val(ex, "name", name, tmp);
rule_loader::reader::decode_val(ex, "name", name, tmp);
// Now use a real context including the exception name.
rule_loader::context ex_ctx(ex, rule_loader::context::EXCEPTION, name, parent);
@@ -346,7 +352,7 @@ inline static bool check_update_expected(std::set<std::string>& expected_keys, c
return true;
}
static void read_item(
void rule_loader::reader::read_item(
rule_loader::configuration& cfg,
rule_loader::collector& collector,
const YAML::Node& item,