github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-20 20:14:35 +00:00
Code Issues Projects Releases Wiki Activity
4,912 Commits 119 Branches 172 Tags 104 MiB
master
Commit Graph

37 Commits

Author SHA1 Message Date
Mark Stemm
a44b311333 Add a source to rule_update_info 
It's possible that someone might want to override a property for a
non-syscall rule source. To assist in this, decode any source property
for rules with append/override and save it in the rule_update_info
object. For the source property only, the value for source can be
empty e.g. 'source: ' or an empty string e.g. 'source: ""'. Both of
those are considered valid but result in an empty source.

A later change will ensure that the sources match up when
appending/redefining/overriding/enabling.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2024-10-24 08:45:12 +02:00
Poiana
50b98b30e5 chore(falco): apply code formatting 
Signed-off-by: Poiana <poiana.bot@gmail.com>
 2024-09-30 13:25:31 +02:00
Federico Di Pierro
468037151a chore(userspace,unit_tests): properly report all schema validation warnings from yaml_helper::validate_node(). 
`-V` option will print all warnings, while normal run will only print foremost warning.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-09-11 13:20:31 +02:00
Federico Di Pierro
5bd2d5a63e cleanup(userspace,unit_tests): moved rule schema under engine. 
Also, moved yaml_helper under engine/ folder.
Ported rule json schema validation in the engine.

Also, updated rule_loader tests to check for validation.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-09-11 13:20:31 +02:00
Jason Dellaluce
e211e97e2a fix(userspace/engine): make sure exception fields are not optional in replace mode 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2024-05-17 14:38:57 +02:00
Gianmatteo Palmieri
eb04b1c66f fix(test): expect warning instead of error on invalid macro/list name 
Signed-off-by: Gianmatteo Palmieri <mail@gian.im>
 2024-04-17 11:27:52 +02:00
Gianmatteo Palmieri
dd59c48034 new(engine): raise warning instead of error on invalid macro/list name 
Signed-off-by: Gianmatteo Palmieri <mail@gian.im>
 2024-04-17 11:27:52 +02:00
Gianmatteo Palmieri
83910be726 new(engine): raise warning instead of error on not-unique exceptions names 
Signed-off-by: Gianmatteo Palmieri <mail@gian.im>
 2024-04-11 17:22:28 +02:00
Gianmatteo Palmieri
05c434ed89 new(engine): enforce unique exceptions names 
Signed-off-by: Gianmatteo Palmieri <mail@gian.im>
 2024-04-03 18:23:53 +02:00
Gianmatteo Palmieri
7086f35eba new(engine): add warning when appending an exception with no values 
Signed-off-by: Gianmatteo Palmieri <mail@gian.im>
 2024-03-27 09:15:13 +01:00
Gianmatteo Palmieri
7265190e66 new(engine): don't expose details in error message 
Signed-off-by: Gianmatteo Palmieri <mail@gian.im>
 2024-03-08 00:02:01 +01:00
Gianmatteo Palmieri
f00926b8af new(engine): error on invalid macro/list name 
Signed-off-by: Gianmatteo Palmieri <mail@gian.im>
 2024-03-08 00:02:01 +01:00
Samuel Gaist
f9b17b67f8 refactor(engine): fix variable / function shadowing 
Improve variable names in the code surrounding the changes.

Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-02-29 16:20:34 +01:00
Samuel Gaist
5e497a4119 fix(c++): improve const correctness 
Reported by cppcheck

Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-02-15 22:16:33 +01:00
Roberto Scolaro
ce87f2a014 refactor(userspace): remove libs relative imports 
Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>
 2024-01-31 11:51:37 +01:00
Mark Stemm
ce5a50cbb5 Add addl support for rules reader/compiler subclasses 
To support subclasses that may extend the falco rules format, add
additional error/warning/item types for an extension item.

When subclasses report errors and warnings, they can use these
codes/item types in context objects and still provide an exact
line/column context.

Also make some previously static functions in rules reader protected
methods so they can be used in sub-classes.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2024-01-30 20:24:33 +01:00
Andrea Terzolo
a6a1a9769f cleanup: restore the name of a variable 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
Co-authored-by: Luca Guerra <luca.guerra@sysdig.com>
 2024-01-11 15:37:38 +01:00
Andrea Terzolo
c308f5c7e2 cleanup: rename some error messages 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2024-01-11 15:37:38 +01:00
Andrea Terzolo
8ebdbe3e6f cleanup: use macros for default error messages 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2024-01-11 15:37:38 +01:00
Andrea Terzolo
56de6e6786 update(rule_loader): remove the warning on the required_engine_version 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2024-01-11 15:37:38 +01:00
Andrea Terzolo
5ac005bd4d update(rule_loader): deprecate all non-SemVer compatible values 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2024-01-11 15:37:38 +01:00
Andrea Terzolo
95e4c58e7f update(rule_loader): deprecate enabled usage 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2024-01-11 15:37:38 +01:00
Andrea Terzolo
4aebee684a update(rule_loader): deprecate append key and add a warning 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2024-01-11 15:37:38 +01:00
Andrea Terzolo
63736563a2 cleanup(rule_loader): remove useless include 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2024-01-11 15:37:38 +01:00
Andrea Terzolo
7cac2833b2 cleanup(rule_loader): add a common log message 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2024-01-11 15:37:38 +01:00
Luca Guerra
728c8d7d0e fix(engine): clarify error message for invalid append 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-12-22 21:49:21 +01:00
Luca Guerra
4c023b0d93 update(engine): temporary replace for error messages 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-12-22 21:49:21 +01:00
Luca Guerra
8a7ef687b1 update(engine): throw an error if an unexpected top level key is found in an override 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-12-22 21:49:21 +01:00
Luca Guerra
2db29af0e8 update(engine): clarify override error messages 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-12-22 21:49:21 +01:00
Luca Guerra
bc072502cc new(engine): add selective overrides 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-12-22 21:49:21 +01:00
Lorenzo Susini
1326ca356e update(userspace/engine): address jasondellaluce comments for maintainability 
Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
 2023-09-28 20:05:21 +02:00
Lorenzo Susini
f8cbeaaa9b update(userspace/engine): let the rule loader reader and collector be able to load rules with both numeric and semver string required_engine_version 
Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
 2023-09-28 20:05:21 +02:00
Leonardo Grasso
fe50ac22ee update: add SPDX license identifier 
See https://github.com/falcosecurity/evolution/issues/318

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2023-09-21 13:21:47 +02:00
Jason Dellaluce
eaeec7c079 fix(userspace): avoid using std namespace in sources 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-02-08 15:30:29 +01:00
Jason Dellaluce
d79d7112a0 fix(userspace/engine): catch YAML parsing and validation errors with right context 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-01-10 12:55:43 +01:00
Jason Dellaluce
89e8f70de0 refactor(userspace/engine): clean up and rename rule reader 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-09-27 10:42:59 +02:00
Jason Dellaluce
b65157af5e refactor(userspace/engine): split rule loader git history (5) 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-09-27 10:42:59 +02:00