github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-31 14:11:41 +00:00
Code Issues Projects Releases Wiki Activity

cleanup(falco): apply review suggestion about extra_output_field_t

Browse Source 
Signed-off-by: Luca Guerra <luca@guerra.sh>
Co-authored-by: Federico Di Pierro <nierro92@gmail.com>
This commit is contained in:
Luca Guerra 2024-09-06 16:15:43 +00:00 committed by poiana
parent aeb4126ce2
commit ddc736057f
7 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
userspace/engine/falco_common.h
View File

@ -72,3 +72,5 @@ namespace falco_common
bool parse_rule_matching(const std::string& v, rule_matching& out);
};
typedef std::unordered_map<std::string, std::pair<std::string, bool>> extra_output_field_t;

2
userspace/engine/falco_engine.h
View File

@ -221,7 +221,7 @@ public:
std::string format;
std::set<std::string> exception_fields;
std::set<std::string> tags;
std::unordered_map<std::string, std::pair<std::string, bool>> extra_output_fields;
extra_output_field_t extra_output_fields;
};
//

2
userspace/engine/falco_rule.h
View File

@ -79,7 +79,7 @@ struct falco_rule
std::string name;
std::string description;
std::string output;
std::unordered_map<std::string, std::pair<std::string, bool>> extra_output_fields;
extra_output_field_t extra_output_fields;
std::set<std::string> tags;
std::set<std::string> exception_fields;
falco_common::priority_type priority;

2
userspace/engine/formats.cpp
View File

@ -35,7 +35,7 @@ falco_formats::~falco_formats()
std::string falco_formats::format_event(sinsp_evt *evt, const std::string &rule, const std::string &source,
const std::string &level, const std::string &format, const std::set<std::string> &tags,
const std::string &hostname, const std::unordered_map<std::string, std::pair<std::string, bool>> &extra_fields) const
const std::string &hostname, const extra_output_field_t &extra_fields) const
{
std::string line;

2
userspace/engine/formats.h
View File

@ -31,7 +31,7 @@ public:
std::string format_event(sinsp_evt *evt, const std::string &rule, const std::string &source,
const std::string &level, const std::string &format, const std::set<std::string> &tags,
const std::string &hostname, const std::unordered_map<std::string, std::pair<std::string, bool>> &extra_fields) const;
const std::string &hostname, const extra_output_field_t &extra_fields) const;
std::string format_string(sinsp_evt *evt, const std::string &format, const std::string &source) const;

2
userspace/falco/falco_outputs.cpp
View File

@ -128,7 +128,7 @@ void falco_outputs::add_output(const falco::outputs::config &oc)
void falco_outputs::handle_event(sinsp_evt *evt, const std::string &rule, const std::string &source,
falco_common::priority_type priority, const std::string &format, std::set<std::string> &tags,
std::unordered_map<std::string, std::pair<std::string, bool>> &extra_fields)
extra_output_field_t &extra_fields)
{
falco_outputs::ctrl_msg cmsg = {};
cmsg.ts = evt->get_ts();

2
userspace/falco/falco_outputs.h
View File

@ -60,7 +60,7 @@ public:
*/
void handle_event(sinsp_evt *evt, const std::string &rule, const std::string &source,
falco_common::priority_type priority, const std::string &format, std::set<std::string> &tags,
std::unordered_map<std::string, std::pair<std::string, bool>> &extra_fields);
extra_output_field_t &extra_fields);
/*!
\brief Format then send a generic message to all outputs.