github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-01 00:52:16 +00:00
Code Issues Projects Releases Wiki Activity

Add addl support for rules reader/compiler subclasses

Browse Source 
To support subclasses that may extend the falco rules format, add
additional error/warning/item types for an extension item.

When subclasses report errors and warnings, they can use these
codes/item types in context objects and still provide an exact
line/column context.

Also make some previously static functions in rules reader protected
methods so they can be used in sub-classes.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
This commit is contained in:
Mark Stemm 2024-01-11 13:02:10 -08:00 committed by poiana
parent eed5b906a8
commit ce5a50cbb5
5 changed files with 31 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
userspace/engine/falco_load_result.h
View File

@ -34,7 +34,8 @@ public:
LOAD_ERR_YAML_VALIDATE, LOAD_ERR_YAML_VALIDATE,
LOAD_ERR_COMPILE_CONDITION, LOAD_ERR_COMPILE_CONDITION,
LOAD_ERR_COMPILE_OUTPUT, LOAD_ERR_COMPILE_OUTPUT,
LOAD_ERR_VALIDATE LOAD_ERR_VALIDATE,
LOAD_ERR_EXTENSION
}; };
// The error code as a string // The error code as a string
@ -55,7 +56,8 @@ public:
LOAD_UNUSED_MACRO, LOAD_UNUSED_MACRO,
LOAD_UNUSED_LIST, LOAD_UNUSED_LIST,
LOAD_UNKNOWN_ITEM, LOAD_UNKNOWN_ITEM,
LOAD_DEPRECATED_ITEM LOAD_DEPRECATED_ITEM,
LOAD_WARNING_EXTENSION
}; };
virtual ~load_result() = default; virtual ~load_result() = default;

3
userspace/engine/rule_loader.cpp
View File

@ -42,7 +42,8 @@ static const std::string item_type_strings[] = {
"rule output", "rule output",
"rule output expression", "rule output expression",
"rule priority", "rule priority",
"overrides" "overrides",
"extension item"
}; };
const std::string& rule_loader::context::item_type_as_string(enum item_type it) const std::string& rule_loader::context::item_type_as_string(enum item_type it)

3
userspace/engine/rule_loader.h
View File

@ -58,7 +58,8 @@ namespace rule_loader
RULE_OUTPUT, RULE_OUTPUT,
RULE_OUTPUT_EXPRESSION, RULE_OUTPUT_EXPRESSION,
RULE_PRIORITY, RULE_PRIORITY,
OVERRIDE OVERRIDE,
EXTENSION_ITEM
}; };
static const std::string& item_type_as_string(enum item_type it); static const std::string& item_type_as_string(enum item_type it);

14
userspace/engine/rule_loader_reader.cpp
View File

@ -56,21 +56,27 @@ static void decode_val_generic(const YAML::Node& item, const char *key, std::opt
} }
template <typename T> template <typename T>
static void decode_val(const YAML::Node& item, const char *key, T& out, const rule_loader::context& ctx) void rule_loader::reader::decode_val(const YAML::Node& item, const char *key, T& out, const rule_loader::context& ctx)
{ {
bool optional = false; bool optional = false;
decode_val_generic(item, key, out, ctx, optional); decode_val_generic(item, key, out, ctx, optional);
} }
template void rule_loader::reader::decode_val<std::string>(const YAML::Node& item, const char *key, std::string& out, const rule_loader::context& ctx);
template <typename T> template <typename T>
static void decode_optional_val(const YAML::Node& item, const char *key, T& out, const rule_loader::context& ctx) void rule_loader::reader::decode_optional_val(const YAML::Node& item, const char *key, T& out, const rule_loader::context& ctx)
{ {
bool optional = true; bool optional = true;
decode_val_generic(item, key, out, ctx, optional); decode_val_generic(item, key, out, ctx, optional);
} }
template void rule_loader::reader::decode_optional_val<std::string>(const YAML::Node& item, const char *key, std::string& out, const rule_loader::context& ctx);
template void rule_loader::reader::decode_optional_val<bool>(const YAML::Node& item, const char *key, bool& out, const rule_loader::context& ctx);
// Don't call this directly, call decode_items/decode_tags instead. // Don't call this directly, call decode_items/decode_tags instead.
template <typename T> template <typename T>
static void decode_seq(const YAML::Node& item, const char *key, static void decode_seq(const YAML::Node& item, const char *key,
@ -289,7 +295,7 @@ static void read_rule_exceptions(
rule_loader::context tmp(ex, rule_loader::context::EXCEPTION, "", exes_ctx); rule_loader::context tmp(ex, rule_loader::context::EXCEPTION, "", exes_ctx);
THROW(!ex.IsMap(), "Rule exception must be a mapping", tmp); THROW(!ex.IsMap(), "Rule exception must be a mapping", tmp);
decode_val(ex, "name", name, tmp); rule_loader::reader::decode_val(ex, "name", name, tmp);
// Now use a real context including the exception name. // Now use a real context including the exception name.
rule_loader::context ex_ctx(ex, rule_loader::context::EXCEPTION, name, parent); rule_loader::context ex_ctx(ex, rule_loader::context::EXCEPTION, name, parent);
@ -346,7 +352,7 @@ inline static bool check_update_expected(std::set<std::string>& expected_keys, c
return true; return true;
} }
static void read_item( void rule_loader::reader::read_item(
rule_loader::configuration& cfg, rule_loader::configuration& cfg,
rule_loader::collector& collector, rule_loader::collector& collector,
const YAML::Node& item, const YAML::Node& item,

13
userspace/engine/rule_loader_reader.h
View File

@ -57,6 +57,19 @@ public:
+ std::to_string(minor) + "." + std::to_string(minor) + "."
+ std::to_string(FALCO_ENGINE_VERSION_PATCH)); + std::to_string(FALCO_ENGINE_VERSION_PATCH));
} }
template <typename T>
static void decode_val(const YAML::Node& item, const char *key, T& out, const rule_loader::context& ctx);
template <typename T>
static void decode_optional_val(const YAML::Node& item, const char *key, T& out, const rule_loader::context& ctx);
protected:
virtual void read_item(rule_loader::configuration& cfg,
rule_loader::collector& collector,
const YAML::Node& item,
const rule_loader::context& parent);
}; };
}; // namespace rule_loader }; // namespace rule_loader