github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-09 12:43:31 +00:00
Code Issues Projects Releases Wiki Activity
4,919 Commits 118 Branches 173 Tags 104 MiB
master
Commit Graph

166 Commits

Author SHA1 Message Date
Andrea Terzolo
00b7c56d54 cleanup: rename modern-ebpf into modern_ebpf 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-11-27 15:01:00 +01:00
Andrea Terzolo
4443e9d64f fix: fix some broken tests 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-11-27 15:01:00 +01:00
Federico Di Pierro
b92e0d6134 chore(userspace,unit_tests): renamed engine.replay.trace_file to engine.replay.capture_file. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-11-27 15:01:00 +01:00
Andrea Terzolo
898ba68b3b test: don't test load config if we are under wasm 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-11-27 15:01:00 +01:00
Andrea Terzolo
96f474a29c docs: fix codespell 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-11-27 15:01:00 +01:00
Andrea Terzolo
1b14fed380 tests: call the callback action only once 
moreover this commit corrects `cpus_for_each_syscall_buffer` into test
configs

Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-11-27 15:01:00 +01:00
Andrea Terzolo
be16af7fe0 cleanup: rename cpus_for_each_syscall_buffer 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-11-27 15:01:00 +01:00
Andrea Terzolo
588a94578a fix: take into consideration that load_yaml is called more than once 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-11-27 15:01:00 +01:00
Andrea Terzolo
bc8f61ca68 tests: add a basic test to check config precedence 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-11-27 15:01:00 +01:00
Andrea Terzolo
1ee6569a5d fix: use only new config instead of old command line options 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-11-27 15:01:00 +01:00
Andrea Terzolo
f3f56db5ca cleanup: some renaming from bpf to ebpf 
the idea is to use only the word `ebpf` in Falco

Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-11-27 15:01:00 +01:00
Federico Di Pierro
4127764129 chore(userspace): renamed driver. config to engine.; renamed engine.replay.scap_file to engine.replay.trace_file. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-11-27 15:01:00 +01:00
Federico Di Pierro
4f1b950e0d chore(userspace,falco.yaml): rename new config key to driver.kind. 
Moreover, renamed driver kinds to use better naming, and move driver's related
config keys under `driver.$kind`.

Added DEPRECTATION notices on CLI options, and in falco.yaml.

DEPRECATED options (both CLI and config ones) will have priority over the new ones,
to retain compatibility with existing configs.

DEPRECATED options will be dropped in Falco 0.38.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-11-27 15:01:00 +01:00
Jason Dellaluce
04e2f19915 refactor: solve compilation issues with latest libs changes 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-11-16 09:26:19 +01:00
Luca Guerra
f073a6ee88 update(engine): add tests for decode_url() 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-11-14 20:36:15 +01:00
Roberto Scolaro
115729a86a fix(unit_test): new macro for env var setting 
Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>
 2023-11-13 10:59:47 +01:00
Roberto Scolaro
5db29f4692 fix(unit_tests/falco): enable env test on win32 
Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>
 2023-11-13 10:59:47 +01:00
Samuel Gaist
d074728994 feat(userspace/falco): add configuration support for IPV6 webserver listen address 
The IPV6 capabilities is provided through cpp-httplib.

Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2023-11-03 09:09:08 +01:00
Samuel Gaist
fac48cd145 test(configuration): implement basic webserver listen address test 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2023-11-03 09:09:08 +01:00
Leonardo Grasso
fe50ac22ee update: add SPDX license identifier 
See https://github.com/falcosecurity/evolution/issues/318

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2023-09-21 13:21:47 +02:00
Daniel Wright
513f122aff feat: support parsing of system environment variables in yaml 
In order to allow the user to supply environment variables in standard
ways performed in other applications the get_scalar function has been
extended to support defining an environment variable in the format
`${FOO}`. Environment variables can be escaped via defining as `$${FOO}`.
As this handles some additional complexity, a unit test has been  added
to cover this new functionality

Signed-off-by: Daniel Wright <danielwright@bitgo.com>
 2023-09-06 11:45:00 +02:00
Melissa Kilby
6cdb740786 cleanup(userspace): update parse_prometheus_interval 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-08-25 15:20:45 +02:00
Jason Dellaluce
527c42c030 chore: polish conditional compilation flags for emscripten 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-08-24 10:30:40 +02:00
rohith-raju
e8ee850dee update(ci,cmake): add support for emscripten build 
Signed-off-by: rohith-raju <rohithraju488@gmail.com>
 2023-08-24 10:30:40 +02:00
rohith-raju
105f2f6ee3 update(unit_tests): use typecast as wasm can't handle 64 bit int 
Signed-off-by: rohith-raju <rohithraju488@gmail.com>
 2023-08-24 10:30:40 +02:00
Jason Dellaluce
aa6061681d update: adapt code to multi-platform builds 
Co-authored-by: Rohith Raju <rohithraju488@gmail.com>
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-08-24 10:30:40 +02:00
Andrea Terzolo
1a359f5806 fix: add a check on online CPUs 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2023-05-25 10:23:10 +02:00
Melissa Kilby
9b341b2c49 new(unit_tests): tests for prometheus compliant time durations 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-05-23 09:58:34 +02:00
Lorenzo Susini
a269866976 test(unit_tests/engine): test filter_details_resolver class 
Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
 2023-05-19 15:56:05 +02:00
Jason Dellaluce
9bfce8cfae update(userspace): make sure that async event is always matched in rules 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-05-19 12:15:04 +02:00
Jason Dellaluce
1f4919bfe1 update: improve control and UX of ignored events 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-04-27 11:10:14 +02:00
Jason Dellaluce
8926022035 update: adapt Falco to new sinsp event source management 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-04-26 12:59:13 +02:00
Jason Dellaluce
91cca0bd0e update(cmake): bump libs and drivers to 5b4dd9e2ae0cd2efeaf9da37d8c29631241d448c9ce5b0e35d8dd7f81d814034 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-04-04 19:39:53 +02:00
Jason Dellaluce
06d36d6e1b test(userspace/falco): leverage new sc_set_to_event_names API and solve last few todos 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-04-04 19:39:53 +02:00
Melissa Kilby
306d76d06b cleanup(unit_tests): try making test_configure_interesting_sets more robust 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-04-04 17:55:52 +02:00
Melissa Kilby
78daafb56c cleanup(app_actions): finalize base_syscalls.repair option 
Co-authored-by: Jason Dellaluce <jasondellaluce@gmail.com>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-03-30 19:08:33 +02:00
Jason Dellaluce
2b93a79521 refactor: apply review suggestions 
Co-authored-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-03-30 19:08:33 +02:00
Melissa Kilby
3e0f0d3692 cleanup(unit_tests): revert some test extensions in interim 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-03-30 19:08:33 +02:00
Melissa Kilby
ea3571564b cleanup(unit_tests): add selection_custom_base_set_repair tests 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-03-30 19:08:33 +02:00
Melissa Kilby
e360175c15 fix(app_actions): enforce PPM_SC_SCHED_PROCESS_EXIT for base_syscalls.custom_set 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-03-30 19:08:33 +02:00
Jason Dellaluce
b32c0b9283 fix(unit_tests): adapt to connect4 corner cases 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-03-09 09:39:12 +01:00
Jason Dellaluce
3ab7c7d753 chore: fix typos 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-03-09 09:39:12 +01:00
Jason Dellaluce
b225549679 test(unit_test): adapt and grow tests on configure_intertesting_sets 
The test now take in accoint pre/post-conditions of the actions,
usage of the -A option, and the newly-introduced base_syscall
user configuration. This also makes sure that the event selection
properly handles generic events and options/configs precedence.

Co-authored-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-03-09 09:39:12 +01:00
Jason Dellaluce
a7f521b4b8 chore(unit_tests): move existing test in right directory 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-03-09 09:39:12 +01:00
Jason Dellaluce
5ed5c63202 refactor: adapt event set configuration changes to new libs definition 
Co-authored-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-02-21 14:31:28 +01:00
Jason Dellaluce
4706cd8b4e cleanup: solve std namespace issues and remove unused imports 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-02-21 14:31:28 +01:00
Jason Dellaluce
34ea7a8245 cleanup(userspace/engine): drop filtr_evttype_resolver 
Its logic was ported into libsinsp in:
3d8550e70e

Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-02-21 14:31:28 +01:00
Melissa Kilby
3b5633a3e5 cleanup(unit_tests): remove some rebase leftovers 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-02-21 14:31:28 +01:00
Melissa Kilby
72439b2eed cleanup(app_actions): adjust configure_interesting_sets 
* address reviewers feedback
* improve clarity around new -A and -i behavior
* additional cleanup (e.g. use generic set operations only)
* extend unit tests

Note: sinsp ppm sc API is undergoing a refactor, therefore current lookups are interim
and will subsequently be refactored as well.

Co-authored-by: Jason Dellaluce <jasondellaluce@gmail.com>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-02-21 14:31:28 +01:00
Melissa Kilby
f77f8667a1 cleanup(tests): add unit tests for configure_interesting_sets 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2023-02-21 14:31:28 +01:00
Jason Dellaluce
34ed5a5fc9 chore: fix typos 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-02-21 11:09:29 +01:00
Jason Dellaluce
f34ef41e8a test(userspace/falco): add tests for atomic signal handler 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-02-21 11:09:29 +01:00
Jason Dellaluce
94882f3fd2 test(unit_tests): add tests for select_event_sources action 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-02-15 10:51:35 +01:00
Jason Dellaluce
9fd6bbf2bf update(unit_tests): link test suite to falco app cmake target 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-02-15 10:51:35 +01:00
Jason Dellaluce
a7ef45852c fix(unit_tests): invert libraries and dependencies in CMakeLists 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-02-15 10:51:35 +01:00
Jason Dellaluce
6ecc708e2b fix(unit_tests): adapt new evttype resolvers to gtest 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-02-14 12:47:07 +01:00
Federico Di Pierro
75dc8c050c new(userspace,tests): add proper support for generic events indexing. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-02-13 14:54:03 +01:00
Andrea Terzolo
0d62fb9133 ci: remove unit tests from circleCI 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2023-02-10 11:41:24 +01:00
Andrea Terzolo
d7e498caf9 fix after rebase 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2023-02-10 11:41:24 +01:00
Andrea Terzolo
5e5869357a tests: add Configuration tests 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2023-02-10 11:41:24 +01:00
Andrea Terzolo
71d7c574e0 tests: add Ruleset tests 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2023-02-10 11:41:24 +01:00
Andrea Terzolo
0f83411f05 tests: add PluginRequirements tests 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2023-02-10 11:41:24 +01:00
Andrea Terzolo
696a744004 tests: add WarningResolver tests 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2023-02-10 11:41:24 +01:00
Andrea Terzolo
8059e28af5 tests: add MacroResolver tests 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2023-02-10 11:41:24 +01:00
Andrea Terzolo
1faa35552a tests: add EvtTypeResolver tests 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2023-02-10 11:41:24 +01:00
Andrea Terzolo
88bac44f05 test: first scaffolfing of the initial structure 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2023-02-10 11:41:24 +01:00