github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-25 14:22:15 +00:00
Code Issues Projects Releases Wiki Activity
2,722 Commits 121 Branches 172 Tags 104 MiB
2ee95122df
Commit Graph

2722 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mark Stemm
eded1062cd Use filter_fieldclass_info::as_string to print field info 
Instead of having a falco-specific function to print field info, use
the built-in filter_fieldclass_info::as_string() instead. This is a
better implementation (displays addl info, has better wrapping, wider
output) and having a single implementation allows for consistent
outputs between falco and other potential programs that could use the libs.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2021-12-23 17:05:39 +01:00
Luca Guerra
473b94b386 fix(build): use consistent 7-character build abbrev sha 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2021-12-23 16:23:39 +01:00
Jason Dellaluce
226d1fb728 update(OWNERS): add jasondellaluce 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2021-12-22 18:15:40 +01:00
Lorenzo Susini
6319be8146 update(rules): Add containerd socket to sensitive_mount macro 
Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
 2021-12-21 16:53:57 +01:00
Akos Kaldy
cf4672675c add Phoenix to adopters list 
Signed-off-by: Akos Kaldy <kaldyka@gmail.com>
 2021-12-20 17:44:12 +01:00
Angelo Puglisi
f035829ca2 fix(rules): typo in Create Symlink Over Sensitive Files rule output 
Signed-off-by: Angelo Puglisi <angelopuglisi86@gmail.com>
 2021-12-13 20:05:33 +01:00
Calvin Bui
cd471a78db re-add double empty newline 
Signed-off-by: Calvin Bui <3604363+calvinbui@users.noreply.github.com>
 2021-12-10 10:27:33 +01:00
Calvin Bui
65969c30f9 Add ECR repository to rules 
Signed-off-by: Calvin Bui <3604363+calvinbui@users.noreply.github.com>
 2021-12-10 10:27:33 +01:00
Federico Di Pierro
bb8b75a2cd update(userspace/falco): enforce check that content-type actually starts with "application/json" string. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
 2021-12-09 21:04:47 +01:00
Federico Di Pierro
b359f71511 fix(userspace/falco): accept 'Content-Type' header that contains "application/json", but it is not strictly equal to it. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2021-12-09 21:04:47 +01:00
Federico Di Pierro
9dcd8bccac fix(userspace/falco): in case output_file cannot be opened, throw a falco exception. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2021-12-09 21:02:48 +01:00
Jason Dellaluce
b5667cab99 chore(test): remove unused files in test directory 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2021-12-09 10:36:45 +01:00
Jason Dellaluce
2a00a4d853 rules: adding support to openat2 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2021-12-06 19:12:14 +01:00
Jason Dellaluce
697d4427a7 chore(scripts): refine removal output messages 
Signed-off-by: Jason Dellaluce jasondellaluce@gmail.com
Co-authored-by: Leonardo Grasso me@leonardograsso.com
 2021-12-06 19:09:14 +01:00
Jason Dellaluce
bf04fed71c fix(scripts): correctly remove loaded drivers 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
 2021-12-06 19:09:14 +01:00
Jason Dellaluce
c005af22cc fix: set config value and create node if not existing 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2021-12-06 19:04:15 +01:00
Jason Dellaluce
c93029ce74 fix(build): use correct libyaml variable in tests cmake 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2021-12-06 19:04:15 +01:00
Jason Dellaluce
076aabcea6 test(falco): adding unit tests for yaml_configuration 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2021-12-06 19:04:15 +01:00
Jason Dellaluce
d8c588becf update: add yaml-cpp to unit tests 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2021-12-06 19:04:15 +01:00
Jason Dellaluce
1a7611a761 chore(engine): using is_defined config method instead of private get_node 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2021-12-06 19:04:15 +01:00
Jason Dellaluce
7fb61ba4a3 refactor(engine): access config fields with new key syntax 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2021-12-06 19:04:15 +01:00
Jason Dellaluce
9ab810f431 update(engine): support accessing nested config fields 
Since now, the maximum depth supported to access config fields is two.
This adds support for accessing fields of arbitrary nesting depth.
A formal grammar has been explicited for the regular language representing
the field keys. The accessor methods have been updated accordingly.

Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2021-12-06 19:04:15 +01:00
Jason Dellaluce
7781385769 refactor(engine): support string config loading and add ad-hoc methods 
This is a change of direction from the current design, that imposes loading
the configuration from file only, and in the object constructor. Instead,
yaml_configuration objects can now be reused ad can load the YAML config
from either file or string. This also makes it easier to unit test this class.

Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2021-12-06 19:04:15 +01:00
Erick Cheng
205a8fd23b Move wget and curl to own rule 
Signed-off-by: Erick Cheng <19863605+ec4n6@users.noreply.github.com>
 2021-11-29 17:42:40 +01:00
Erick Cheng
bdba37a790 Fix remove scp and add curl 
Signed-off-by: Erick Cheng <19863605+ec4n6@users.noreply.github.com>
 2021-11-29 17:42:40 +01:00
Erick Cheng
19fb3458ef Add wget and curl to remote_file_copy_binaries 
Signed-off-by: Erick Cheng <19863605+ec4n6@users.noreply.github.com>
 2021-11-29 17:42:40 +01:00
Erick Cheng
b0565794f5 Move user_known_ingress_remote_file_copy_activities to outside condition 
Signed-off-by: Erick Cheng <19863605+ec4n6@users.noreply.github.com>
 2021-11-29 17:42:40 +01:00
Erick Cheng
66df790b9d Fix syntax error 
Signed-off-by: Erick Cheng <19863605+ec4n6@users.noreply.github.com>
 2021-11-29 17:42:40 +01:00
Erick Cheng
749d4b4512 Add more curl download checks 
Signed-off-by: Erick Cheng <19863605+ec4n6@users.noreply.github.com>
 2021-11-29 17:42:40 +01:00
Erick Cheng
851033c5f4 Add curl macro 
Signed-off-by: Erick Cheng <19863605+ec4n6@users.noreply.github.com>
 2021-11-29 17:42:40 +01:00
Erick Cheng
af6f3bfeab Move wget and curl to own rule 
Signed-off-by: Erick Cheng <19863605+ec4n6@users.noreply.github.com>
 2021-11-29 17:42:40 +01:00
Erick Cheng
c4d25b1d24 Fix remove scp and add curl 
Signed-off-by: Erick Cheng <19863605+ec4n6@users.noreply.github.com>
 2021-11-29 17:42:40 +01:00
Erick Cheng
d434853d5f Add wget and curl to remote_file_copy_binaries 
Signed-off-by: Erick Cheng <19863605+ec4n6@users.noreply.github.com>
 2021-11-29 17:42:40 +01:00
Jason Dellaluce
4c8e369691 update(build): bump fakeit version 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2021-11-22 18:25:44 +01:00
Jason Dellaluce
b15a0458b7 update(build): allow using local libs source dir 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
Co-authored-by: Federico Di Pierro <nierro92@gmail.com>
Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
 2021-11-18 16:26:18 +01:00
Jason Dellaluce
d6cb8bc4bd refactor(build): setting variable defaults according to newest libs version 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
Co-authored-by: Federico Di Pierro <nierro92@gmail.com>
Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
 2021-11-18 16:26:18 +01:00
Jason Dellaluce
2cc7fd9072 update(build): bump libs version 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
Co-authored-by: Federico Di Pierro <nierro92@gmail.com>
Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
 2021-11-18 16:26:18 +01:00
Jason Dellaluce
589829ae2f update(build): remove libscap patch 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
Co-authored-by: Federico Di Pierro <nierro92@gmail.com>
Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
 2021-11-18 16:26:18 +01:00
Jason Dellaluce
85db078dc4 chore: renaming comment references 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
Co-authored-by: Federico Di Pierro <nierro92@gmail.com>
Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
 2021-11-18 16:26:18 +01:00
sai-arigeli
23706da75e Allow append of new exceptions to rules 
Signed-off-by: Sai Arigeli <saiharisharigeli@gmail.com>

Return warnings after validation of rule exceptions

Signed-off-by: Sai Arigeli <saiharisharigeli@gmail.com>

Update FALCO_ENGINE_VERSION

Signed-off-by: Sai Arigeli <saiharisharigeli@gmail.com>
 2021-11-18 09:11:20 +01:00
Federico Di Pierro
35302f6f09 update(build): update libs to falcosecurity/libs master. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2021-11-17 17:25:24 +01:00
Federico Di Pierro
375a6f66c5 update(build): force using libs-bundled luajit. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
 2021-11-17 17:25:24 +01:00
Federico Di Pierro
e8a243d6ea wip: point to my own library for CI purposes. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2021-11-17 17:25:24 +01:00
Federico Di Pierro
7927f45d9f update(build): dropped Falco local luajit module, use the one provided by libs (upgraded) instead. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
Co-authored-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2021-11-17 17:25:24 +01:00
Federico Di Pierro
d9aff8d564 update(build): switched back to falcosecurity libs on master. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2021-11-17 16:18:23 +01:00
Federico Di Pierro
40e3fdd09c update(build): updated libs. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2021-11-17 16:18:23 +01:00
Federico Di Pierro
ba2323046a fix(build): properly use correct lib/lib64 folder for CIVETWEB_LIB variables. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2021-11-17 16:18:23 +01:00
Federico Di Pierro
5e6f30109e update(build): dropped civetweb patch. Use different ExternalProject_Add when building with bundled openssl or not, to avoid depending on an unexhistent target. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2021-11-17 16:18:23 +01:00
Federico Di Pierro
f3c3de7e05 fix(build): properly share OPENSSL_INCLUDE_DIR and OPENSSL_LIBRARIES vars to civetweb cmake. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2021-11-17 16:18:23 +01:00
Federico Di Pierro
ca61f87682 update(build): civetweb depends on openssl. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
 2021-11-17 16:18:23 +01:00