github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-01 06:29:47 +00:00
Code Issues Projects Releases Wiki Activity
1,500 Commits 120 Branches 173 Tags 105 MiB
40b8e3a166
Commit Graph

1500 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mark Stemm
46b1a3c841 Fix bugs when verifying macro/rule objects. 
Fix a couple of small bugs when verifying macro/rule objects:

1) Yaml can have document separators "---", and those were mistakenly
being considered array items.

2) When reading macros and rules and using array position to find the
right document offset, the overall object order should be
used (e.g. this is the 5th object from the file) and not the array
position (e.g. this is the 3rd rule from the file).

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2019-07-30 15:56:04 +02:00
Mark Stemm
a42ec9d7c7 Tests for rule name matching using patterns 
Modify the disabled_rules_using_regex test to
disabled_rules_using_substring with an appropriate substring.

Also add a test where rule names have regex chars and allow rule names
to have regex chars when parsing falco's output in tests. These changes
are future-looking in case we want to add back support for rule
enabling/disabling using regexes.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2019-07-29 23:24:13 +02:00
Mark Stemm
3fedd00cfc Enable/disable rules using substrings not regexes 
Given the compiler we currently use, you can't actually enable/disable
regexes in falco_engine::enable_rule using a regex pattern. The regex
either will fail to compile or will compile but not actually match
strings. This is noted on the c++11 compatibility notes for gcc 4.8.2:
https://gcc.gnu.org/onlinedocs/gcc-4.8.2/libstdc++/manual/manual/status.html#status.iso.2011.

The only use of using enable_rule was treating the regex pattern as a
substring match anyway, so we can change the engine to treat the pattern
as a substring.

So change the method/supporting sub-classes to note that the argument is
a substring match, and change falco itself to refer to substrings
instead of patterns.

This fixes https://github.com/falcosecurity/falco/issues/742.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2019-07-29 23:24:13 +02:00
Leonardo Di Donato
4a4701b4fd fix(scripts/jenkins): ensure to pull docker images (falco builder and tester) 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
40111a5d6e chore: moving travis build script in scripts directory 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
323a9ef51d chore: switching back to latest falco-builder and falco-tester docker images for CI 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
49752fc81a update(scripts): jenkins pipeline improvements 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
4224329905 fix(test): correct bash shebangs 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
b7c35d3b54 chore: output falco version 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
d1c642cbd2 build: bump minimum cmake version to 3.3.2 
Ideally I'd like to have 3.5 as minimum version.
Nevertheless for the moment I bump this to 3.3.2  to match the CMake
version of the internal Jenkins CI.

Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
b369de3801 fix(docker/builder): enforce DRAIOS_DEBUG_FLAGS to DNDEBUG when BUILD_TYPE=debug 
This is a temporary fix for Travis CI (which is where we use
falco-builder docker image).

Was already done in the past (see:
9285aa59c1 (diff-354f30a63fb0907d4ad57269548329e3)).

Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
95a7cf3ea8 fix(build): ignore unused variables warnings 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
dc03dbee18 fix(build): draios debug flags before checking build type 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
8156c9214c fix(docker/tester): regression tests' scripts need xargs (findutils) 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
d11ad9a005 fix(docker/tester): switch to fedora 28 and avocado 69 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
c71703b566 update(test): better handling of build type 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
8400066ac8 update(test): ignore for generated traces 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
f18fc46a1c build: update cpack variables 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
e598606505 build: force falco version to always start with a digit 
Falco version respects the following rules:
If the current commit matches (exactly) a git tag then the
FALCO_VERSION equals it (with the initial "v" stripped out).
Otherwise FALCO_VERSION is 0.<commit hash>[.-dirty].

Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
7b2b0b14a5 chore(docker): falco-builder docker image refinements 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
e422337ed7 fix(hack): strip ^M from current falco version and call test command of falco-tester 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
c4cd9e326a docs(docker): usage and labels for falco-tester docker image 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
533e8247fd fix(docker/local): make falco version build argument mandatory 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
736aa92b5e chore: remove travis notifications 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
3e1ab78536 build: set sysdig directory to its realpath 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
38cf3c6f29 fix(docker): falco builder does not need docker 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
50f04897e5 update(docker): falco tester image 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
62be14dde6 new(docker): default usage command for falco tester image 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
c5e296576d update(docker): falco tester entrypoint performs checks in order to be more robust 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
a5b063f5fa update: detect current falco version during travis testing 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
c61c0e7020 build: always check the BUILD_TYPE within the entrypoint 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
ebcb133f00 build: docker builder's BUILD_TYPE variable is "release" by default, otherwise it can only be "debug" 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
88503a1ea9 build: CMAKE_BUILD_TYPE is "release" by default, otherwise it can only be "debug" 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
e1c2cac9c9 fix(travis): source directory 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
44f0633f47 update: falco builder image has FALCO_VERSION build arg and env var again 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
9d4ed8e33e build: falco version from git when cmake variable exists but empty 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
0d4fc4bdad update: falco version from cmake variable 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
85a94d67d3 build: falco version from git index when not defined 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
f3c3cda879 new: cmake modules for git revision description 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
e02318db7c update: centos 7 falco builder 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
9f7e3bdfcd update: usage examples for falco builder 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
2cda10caeb new: default (usage) command for falco builder image 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
7efec602e8 new: script to enable toolset 7 in falco builder containers 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
8fb4c7f2f6 update: entrypoint checks for sysdig and falco dirs 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
6e313742e7 build: attempt to be consistent when downloading things 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
e92a721521 build: install cmake at docker build phase rather than at runtime 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
d5aae4aff5 update: make travis use the hack script 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
Leonardo Di Donato
2aff2d00a3 update: move build and test commands into a separate script 
Co-authored-By: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2019-07-26 03:23:01 +02:00
ntimo
d7956a2a09 add docker.io/prom/node-exporter to falco_sensitive_mount_images 
Signed-off-by: Timo Nowitzki <git@nowitzki.me>
 2019-07-24 16:25:47 +02:00
ntimo
9308c1ee55 add docker.io/google/cadvisor to falco_sensitive_mount_images 
Signed-off-by: Timo Nowitzki <git@nowitzki.me>
 2019-07-24 16:25:47 +02:00