485 Commits

Author	SHA1	Message	Date
Federico Aponte	8143a194d2	fix: nlohmann_json lib include path ... Signed-off-by: Federico Aponte <federico.aponte@sysdig.com>	2024-01-24 09:38:13 +01:00
Jason Dellaluce	ccf62a3745	fix(userspace/engine): avoid storing escaped strings in engine defs ... Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2024-01-23 11:58:09 +01:00
Andrea Terzolo	a6a1a9769f	cleanup: restore the name of a variable ... Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com> Co-authored-by: Luca Guerra <luca.guerra@sysdig.com>	2024-01-11 15:37:38 +01:00
Andrea Terzolo	c308f5c7e2	cleanup: rename some error messages ... Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>	2024-01-11 15:37:38 +01:00
Andrea Terzolo	ee78c862ad	tests: add some new tests on override replace ... Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>	2024-01-11 15:37:38 +01:00
Andrea Terzolo	8ebdbe3e6f	cleanup: use macros for default error messages ... Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>	2024-01-11 15:37:38 +01:00
Andrea Terzolo	5192921732	doc: typo in the exception ... Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>	2024-01-11 15:37:38 +01:00
Andrea Terzolo	56de6e6786	update(rule_loader): remove the warning on the required_engine_version ... Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>	2024-01-11 15:37:38 +01:00
Andrea Terzolo	b318c165da	cleanup(falco_engine): remove unused methods ... Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>	2024-01-11 15:37:38 +01:00
Andrea Terzolo	5ac005bd4d	update(rule_loader): deprecate all non-SemVer compatible values ... Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>	2024-01-11 15:37:38 +01:00
Andrea Terzolo	95e4c58e7f	update(rule_loader): deprecate enabled usage ... Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>	2024-01-11 15:37:38 +01:00
Andrea Terzolo	4aebee684a	update(rule_loader): deprecate append key and add a warning ... Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>	2024-01-11 15:37:38 +01:00
Andrea Terzolo	63736563a2	cleanup(rule_loader): remove useless include ... Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>	2024-01-11 15:37:38 +01:00
Andrea Terzolo	7cac2833b2	cleanup(rule_loader): add a common log message ... Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>	2024-01-11 15:37:38 +01:00
Mark Stemm	14d1ca3c97	Add methods to look up the factories provided in add_source() ... Add methods that allow looking up the factories provided to add_source(). This allows not having to keep track of the factories outside of the engine. Signed-off-by: Mark Stemm <mark.stemm@gmail.com>	2024-01-08 12:00:27 +01:00
Mark Stemm	07d7b9a57a	Inline find_source() as it can be called in the event path ... Inline find_source as it can be called in the event processing path. Also take the cached variant that assigns/uses m_syscall_source_idx and put it in find_source() instead of process_event(). Signed-off-by: Mark Stemm <mark.stemm@gmail.com>	2024-01-08 12:00:27 +01:00
Luca Guerra	728c8d7d0e	fix(engine): clarify error message for invalid append ... Signed-off-by: Luca Guerra <luca@guerra.sh>	2023-12-22 21:49:21 +01:00
Luca Guerra	4c023b0d93	update(engine): temporary replace for error messages ... Signed-off-by: Luca Guerra <luca@guerra.sh>	2023-12-22 21:49:21 +01:00
Luca Guerra	8a7ef687b1	update(engine): throw an error if an unexpected top level key is found in an override ... Signed-off-by: Luca Guerra <luca@guerra.sh>	2023-12-22 21:49:21 +01:00
Luca Guerra	21c629dc4d	chore(engine): bump engine version ... Signed-off-by: Luca Guerra <luca@guerra.sh>	2023-12-22 21:49:21 +01:00
Luca Guerra	2db29af0e8	update(engine): clarify override error messages ... Signed-off-by: Luca Guerra <luca@guerra.sh>	2023-12-22 21:49:21 +01:00
Luca Guerra	bc072502cc	new(engine): add selective overrides ... Signed-off-by: Luca Guerra <luca@guerra.sh>	2023-12-22 21:49:21 +01:00
Andrea Terzolo	8ff1ef752d	chore: bump falco engine version ... Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>	2023-12-18 19:01:01 +01:00
Mark Stemm	334302e525	Allow enabling rules by ruleset id in addition to name ... Add alternate enable_* methods that allow enabling rulesets by ruleset id in addition to name. This might be used by some filter_rulesets to enable/disable rules on the fly via the falco engine. Signed-off-by: Mark Stemm <mark.stemm@gmail.com>	2023-12-18 15:58:04 +01:00
Andrea Terzolo	ed346e90cd	update(falco): bump engine version and checksum ... Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>	2023-12-13 16:59:46 +01:00
Federico Aponte	e427c800f3	chore(build): fix error using find_package with ExternalProject_Add ... Signed-off-by: Federico Aponte <federico.aponte@sysdig.com>	2023-12-11 16:52:39 +01:00
Federico Aponte	5e17ba6c23	chore(build): allow usage of non-bundled nlohmann-json ... Signed-off-by: Federico Aponte <federico.aponte@sysdig.com>	2023-12-11 16:52:39 +01:00
Federico Aponte	44b7352180	cleanup: fix several warnings from a Clang build ... Signed-off-by: Federico Aponte <federico.aponte@sysdig.com>	2023-12-06 16:40:26 +01:00
Jason Dellaluce	390a13bd40	update(userspace): optimizations in validation and description steps ... Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-12-02 09:38:15 +01:00
Jason Dellaluce	e3943ccac3	refactor(userspace/engine): uniform json lib in rules description and not print from engine ... Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-12-02 09:38:15 +01:00
Luca Guerra	6411eed4a7	cleanup(falco): remove decode_uri as it is no longer used ... Signed-off-by: Luca Guerra <luca@guerra.sh>	2023-11-29 17:42:06 +01:00
Melissa Kilby	3b068919d0	update(cmake): bump libs and driver to c2fd308 plus bump falco engine version ... Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-11-28 12:57:04 +01:00
Jason Dellaluce	66a122d4ce	update(userspace/engine): bump engine version ... Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-11-16 09:26:19 +01:00
Jason Dellaluce	04e2f19915	refactor: solve compilation issues with latest libs changes ... Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-11-16 09:26:19 +01:00
Jason Dellaluce	359bd6e593	cleanup(userspace/engine): remove legacy k8saudit implementation ... Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-11-15 16:05:15 +01:00
Luca Guerra	8bf40cdf88	update(engine): port decode_uri in falco engine ... Signed-off-by: Luca Guerra <luca@guerra.sh>	2023-11-14 20:36:15 +01:00
Jason Dellaluce	f5985720f1	fix(userspace/engine): cache latest rules compilation output ... Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-11-02 20:32:07 +01:00
Jason Dellaluce	2e7cacb4e0	fix(userspace/engine): solve description of macro-only rules ... Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-11-02 16:16:06 +01:00
Luca Guerra	1e38967b18	update(engine): remove banned.h ... Signed-off-by: Luca Guerra <luca@guerra.sh>	2023-10-19 17:41:22 +02:00
Roberto Scolaro	b7cef5bab2	fix(userspace/engine): fix memory leak ... Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>	2023-10-17 21:20:15 +02:00
Melissa Kilby	dd807b19c8	feat(userspace): remove experimental outputs queue recovery strategies ... Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-10-12 13:03:46 +02:00
Lorenzo Susini	09b1f92267	update(userspace/engine): update falco engine checksum ... Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-09-28 20:05:21 +02:00
Lorenzo Susini	1326ca356e	update(userspace/engine): address jasondellaluce comments for maintainability ... Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-09-28 20:05:21 +02:00
Lorenzo Susini	f8cbeaaa9b	update(userspace/engine): let the rule loader reader and collector be able to load rules with both numeric and semver string required_engine_version ... Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-09-28 20:05:21 +02:00
Lorenzo Susini	cd6cb14c08	update(userspace/engine): convert engine version to semver string ... Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-09-28 20:05:21 +02:00
Jason Dellaluce	d3e1a1f746	chore(userspace/engine): apply codespell suggestions ... Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-09-28 12:39:20 +02:00
Jason Dellaluce	aae114c331	refactor(userspace/engine)!: rename some description details outputs ... Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-09-28 12:39:20 +02:00
Jason Dellaluce	b67ad907a7	fix(userspace/engine): solve issues with filter details resolver ... Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-09-28 12:39:20 +02:00
Jason Dellaluce	dc264a0577	fix(userspace/engine): solve issues in describing rules/macros/lists ... Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-09-28 12:39:20 +02:00
Jason Dellaluce	8f411f3d3b	refactor(userspace/engine): modularize rules files compilation ... Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-09-28 12:39:20 +02:00