github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2026-04-09 13:33:07 +00:00
Code Issues Projects Releases Wiki Activity
2,964 Commits 130 Branches 185 Tags
1f2e6d46292bd2e5c433c303ee04bd26673edf21
Commit Graph

806 Commits

Author SHA1 Message Date
Mark Stemm
5d7bed8d74 Copying falco.cpp to open_inspector.cpp to preserve history (step 1, copying file) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
64b7092f56 Copying falco.cpp to daemonize.cpp to preserve history (step 2, restoring falco.cpp) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
a9417d60df Copying falco.cpp to daemonize.cpp to preserve history (step 1, copying file) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
365b97a9db Copying falco.cpp to validate_rules_files.cpp to preserve history (step 2, restoring falco.cpp) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
70dc7360c9 Copying falco.cpp to validate_rules_files.cpp to preserve history (step 1, copying file) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
b845fccc72 Copying falco.cpp to start_webserver.cpp to preserve history (step 2, restoring falco.cpp) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
d4def892be Copying falco.cpp to start_webserver.cpp to preserve history (step 1, copying file) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
6b9714eadc Copying falco.cpp to start_grpc_server.cpp to preserve history (step 2, restoring falco.cpp) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
54ef2a2b1e Copying falco.cpp to start_grpc_server.cpp to preserve history (step 1, copying file) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
5496741aae Copying falco.cpp to print_version.cpp to preserve history (step 2, restoring falco.cpp) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
c975df57a0 Copying falco.cpp to print_version.cpp to preserve history (step 1, copying file) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
8634d8b3a2 Copying falco.cpp to print_support.cpp to preserve history (step 2, restoring falco.cpp) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
4ca13bc0f0 Copying falco.cpp to print_support.cpp to preserve history (step 1, copying file) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
de58872b2e Copying falco.cpp to print_ignored_events.cpp to preserve history (step 2, restoring falco.cpp) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
2963bbab98 Copying falco.cpp to print_ignored_events.cpp to preserve history (step 1, copying file) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
f5c18399e1 Copying falco.cpp to print_help.cpp to preserve history (step 2, restoring falco.cpp) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
35261c4a3a Copying falco.cpp to print_help.cpp to preserve history (step 1, copying file) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
78a297ac62 Copying falco.cpp to load_rules_files.cpp to preserve history (step 2, restoring falco.cpp) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
9325658d5b Copying falco.cpp to load_rules_files.cpp to preserve history (step 1, copying file) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
2d53fecf4b Copying falco.cpp to load_plugins.cpp to preserve history (step 2, restoring falco.cpp) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
0f8386326e Copying falco.cpp to load_plugins.cpp to preserve history (step 1, copying file) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
2e8d3c6486 Copying falco.cpp to load_config.cpp to preserve history (step 2, restoring falco.cpp) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
444daef2f0 Copying falco.cpp to load_config.cpp to preserve history (step 1, copying file) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
88b951abe2 Copying falco.cpp to list_plugins.cpp to preserve history (step 2, restoring falco.cpp) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
4a818eeeec Copying falco.cpp to list_plugins.cpp to preserve history (step 1, copying file) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
8c40b18428 Copying falco.cpp to list_fields.cpp to preserve history (step 2, restoring falco.cpp) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
91a7bcae86 Copying falco.cpp to list_fields.cpp to preserve history (step 1, copying file) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
9d9fb2538d Copying falco.cpp to init_outputs.cpp to preserve history (step 2, restoring falco.cpp) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
98a2224ee5 Copying falco.cpp to init_outputs.cpp to preserve history (step 1, copying file) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
ccbc8ec196 Copying falco.cpp to init_inspector.cpp to preserve history (step 2, restoring falco.cpp) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
344dc3930b Copying falco.cpp to init_inspector.cpp to preserve history (step 1, copying file) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
431b8885b4 Copying falco.cpp to init_falco_engine.cpp to preserve history (step 2, restoring falco.cpp) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
22674f6bf8 Copying falco.cpp to init_falco_engine.cpp to preserve history (step 1, copying file) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
ae7c8190d3 Copying falco.cpp to create_signal_handlers.cpp to preserve history (step 2, restoring falco.cpp) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
da7efbc96e Copying falco.cpp to create_signal_handlers.cpp to preserve history (step 1, copying file) 
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
9de80b7b92 Application changes to support actions 
Changes to the falco::app::application object to support actions:

- All of the code that was in falco_init is now in methods of
  application. (A later commit actually moves the code from falco_init
  and into the split-up methods, this commit just declares them).
- Methods return an application::run_result object, which is a tuple
  of success/errstr/proceed. proceed=false is used to short circuit
  calling methods (think --help, --list, --support, etc.)
- application now has a run() method which runs the methods in an order
  that honors any implicit dependencies (e.g. you have to init an
  inspector before you open it, you have to do almost everything else
  before processing events, etc.)
- There are a few methods devoted to teardown, they are always called
  after the group of run methods are called.
- State that needs to be saved between methods, or saved between the
  run and teardown functions, is in a
  falco::app::application::state object.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
0a51f4f1f1 Convert direct pointer refs to shared_ptr 
Some objects used by falco (falco outputs, falco_formats, etc) were
using raw pointer references, which isn't great.

So convert use of raw pointers (originally passed from falco_init or
functions it called) with shared_ptr, as they are now held in
application state.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Mark Stemm
62d4fffcb2 Add missing pragma 
Without this, if webserver is included more than once you get
duplicate defined classes.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-22 13:27:52 +02:00
Leonardo Grasso
b4d9261ce2 build: define "falco" component 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2022-04-22 09:41:56 +02:00
Jason Dellaluce
0bf53f0f88 refactor(userspace/engine): restrict unsafe-na-check warning to k8s audit fields 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-04-21 18:50:58 +02:00
Jason Dellaluce
37d03cf7bc chore(userspace/engine): fix typo spotted with codespell 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-04-21 18:50:58 +02:00
Jason Dellaluce
95727b268f new(userspace/engine): add a resolver to generate warnings from a filter AST 
The first warnings we support involve the unsafe comparisons with <NA>, which were present
in the legacy regression tests for PSPs.

Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-04-21 18:50:58 +02:00
Mateusz Gozdek
1fdfbd3a3d Fix more typos 
Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>
 2022-04-20 12:21:27 +02:00
Jason Dellaluce
13256fb7ef update(userspace/engine): bump engine version to 12 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-04-19 16:29:40 +02:00
Jason Dellaluce
d9d23cd31d update: bump libs version to b19f87e8aee663e4987a3db54570725e071ed105 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-04-19 16:29:40 +02:00
Jason Dellaluce
b8a95d262f refactor(userspace/engine): polish evttype resolver and use it in rule loader 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-04-19 16:29:40 +02:00
Jason Dellaluce
dd3d235d7f refactor(tests): adapting test_rulesets to new method signatures 
At the same time, this also simplifies the unit test cases by using the SCENARIO construct of catch2,
which allows sharing a setup phases between different unit tests, and removes a bunch of repeated LOC in our case.

Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-04-19 16:29:40 +02:00
Jason Dellaluce
b5870a8656 new(userspace/engine): add a resolver class to search evttypes from filters and event names 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-04-19 16:29:40 +02:00
Jason Dellaluce
f638706ba3 chore(userspace/engine): renamings and code polishing in rule_loader and rule_reader 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-04-15 10:54:58 +02:00
Jason Dellaluce
e1a5427874 update(userspace): add method to clear rule loader state 
Once all rule files have been loaded, and all the rules have been compiled into filters and inserted in the engine rulesets, the loader definitions are maintained in memory without really being used. This commit adds a convenience method to clear the loader state and free-up some memory when engine consumers do not require such information in memory anymore.

Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-04-15 10:54:58 +02:00