github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-13 21:41:23 +00:00
Code Issues Projects Releases Wiki Activity

new(engine): error on invalid macro/list name

Browse Source 
Signed-off-by: Gianmatteo Palmieri <mail@gian.im>
This commit is contained in:
Gianmatteo Palmieri
2024-02-26 14:12:43 +01:00
committed by poiana
parent a473ae5eb8
commit f00926b8af
2 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
userspace/engine/rule_loader_reader.cpp
View File

@@ -25,8 +25,16 @@ limitations under the License.
#include "rule_loading_messages.h" #include "rule_loading_messages.h"
#include <libsinsp/logger.h> #include <libsinsp/logger.h>
#include <re2/re2.h>
#define THROW(cond, err, ctx) { if ((cond)) { throw rule_loader::rule_load_exception(falco::load_result::LOAD_ERR_YAML_VALIDATE, (err), (ctx)); } } #define THROW(cond, err, ctx) { if ((cond)) { throw rule_loader::rule_load_exception(falco::load_result::LOAD_ERR_YAML_VALIDATE, (err), (ctx)); } }
#define RGX_IDENTIFIER "([a-zA-Z]+[a-zA-Z0-9_]*)"
#define RGX_BARESTR "([^()\"'[:space:]=,]+)"
static re2::RE2 s_rgx_identifier(RGX_IDENTIFIER, re2::RE2::POSIX);
static re2::RE2 s_rgx_barestr(RGX_BARESTR, re2::RE2::POSIX);
// Don't call this directly, call decode_val/decode_optional_val instead. // Don't call this directly, call decode_val/decode_optional_val instead.
template <typename T> template <typename T>
static void decode_val_generic(const YAML::Node& item, const char *key, T& out, const rule_loader::context& ctx, bool optional) static void decode_val_generic(const YAML::Node& item, const char *key, T& out, const rule_loader::context& ctx, bool optional)
@@ -442,6 +450,10 @@ void rule_loader::reader::read_item(
decode_val(item, "list", name, tmp); decode_val(item, "list", name, tmp);
rule_loader::context ctx(item, rule_loader::context::LIST, name, parent); rule_loader::context ctx(item, rule_loader::context::LIST, name, parent);
bool invalid_name = !re2::RE2::FullMatch(name, s_rgx_barestr);
THROW(invalid_name, ERROR_INVALID_LIST_NAME RGX_BARESTR, ctx);
rule_loader::list_info v(ctx); rule_loader::list_info v(ctx);
bool append = false; bool append = false;
@@ -482,6 +494,10 @@ void rule_loader::reader::read_item(
decode_val(item, "macro", name, tmp); decode_val(item, "macro", name, tmp);
rule_loader::context ctx(item, rule_loader::context::MACRO, name, parent); rule_loader::context ctx(item, rule_loader::context::MACRO, name, parent);
bool invalid_name = !re2::RE2::FullMatch(name, s_rgx_identifier);
THROW(invalid_name, ERROR_INVALID_MACRO_NAME RGX_IDENTIFIER, ctx);
rule_loader::macro_info v(ctx); rule_loader::macro_info v(ctx);
v.name = name; v.name = name;

4
userspace/engine/rule_loading_messages.h
View File

@@ -21,3 +21,7 @@
#define ERROR_NO_PREVIOUS_RULE_APPEND "Rule uses 'append' or 'override.<key>: append' but no rule by that name already exists" #define ERROR_NO_PREVIOUS_RULE_APPEND "Rule uses 'append' or 'override.<key>: append' but no rule by that name already exists"
#define ERROR_NO_PREVIOUS_RULE_REPLACE "An 'override.<key>: replace' to a rule was requested but no rule by that name already exists" #define ERROR_NO_PREVIOUS_RULE_REPLACE "An 'override.<key>: replace' to a rule was requested but no rule by that name already exists"
#define ERROR_INVALID_MACRO_NAME "Macro has an invalid name. Macro names must match the Identifier regular expression: "
#define ERROR_INVALID_LIST_NAME "List has an invalid name. List names must match the BareStr regular expression: "