github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-28 15:47:25 +00:00
Code Issues Projects Releases Wiki Activity
4,324 Commits 121 Branches 172 Tags 104 MiB
48a7f3bcb4
Commit Graph

4324 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Henri DF
3195c8abea formats.{cpp,h}: Get rid of global vars 2016-03-01 21:54:18 +00:00
Henri DF
0cdbdf9215 minor include cleanups 2016-03-01 10:49:19 -08:00
Henri DF
3feaa86db0 Merge pull request #10 from draios/support-function-outputs 
Support function outputs
 2016-02-29 20:38:45 -08:00
Henri DF
6a99c1a978 Basic support for function calls in outputs 2016-02-29 20:15:50 -08:00
Henri DF
1b7a5bd119 compiler: keep source in FunctionCall ASTs 2016-02-29 13:37:16 -08:00
Henri DF
55b2490314 coding convention 2016-02-28 21:14:46 -08:00
Henri DF
1c04ed7874 rework digwatch event output handling 
the high-level change is that events matching a rule are now send into a
lua "on_event" function for handling, rather than doing the handling
down in c++.

more specifics:

before, the lua "load_rule" function registered formatters with
associated IDs with the c++ side, which later used this state to
reconcile events with formats and print output accordingly.

now, no such state is kept on the c++ side. the lua "load_rule" function
maintains the id->formatters map, and uses it to print outputs when it
receives events.

this change simplifies the existing flow and will also make the forthcoming
implementation of function outputs far simpler than it would have been
in the current setup.
 2016-02-28 21:06:29 -08:00
Henri DF
f71de57a90 fix unused vars warning in digwatch.cpp 2016-02-28 20:28:47 -08:00
Henri DF
31a0065c3c Example ruleset 2016-02-28 16:19:47 -08:00
Henri DF
c695051990 rule_loader.lua: comments cleanups 2016-02-28 23:50:10 +00:00
Henri DF
fe880c2c53 Merge pull request #9 from draios/grammar-output-functioncalls 
Function calls in outputs (grammar only)
 2016-02-28 14:30:31 -08:00
Henri DF
6569f0372d Grammar: support function-call syntax in outputs 
This change adds syntax support for function call outputs. For example:

... | syslog(evt, WARN)

Regular outputs are still allowed and parsed in the same way.
 2016-02-28 14:28:00 -08:00
Henri DF
733548b80b Grammar: fix commas in lists 
commas were (unintentionally) optional in lists. so a list like (a b c)
was a valid three-element list.
 2016-02-28 14:24:54 -08:00
Henri DF
b46e996ea1 Merge pull request #8 from draios/array-accessor-grammar 
Grammar: parse array lookup in fields
 2016-02-28 13:23:38 -08:00
Henri DF
96942f8034 Grammar: parse array lookup in fields 2016-02-28 13:20:35 -08:00
Henri DF
e75041c4b9 Update README.md 2016-02-26 09:56:52 -08:00
Henri DF
ae08d6ca8f Merge pull request #7 from draios/compiler-fixes 
Compiler fixes
 2016-02-25 10:55:18 -08:00
Henri DF
4053b7241e Fix 'in' clause expansion 2016-02-25 10:54:42 -08:00
Henri DF
eaeb360b31 Fix macro expansion 2016-02-25 10:54:28 -08:00
Henri DF
d62ea1df24 Support for comments in rules files 2016-02-24 15:47:19 -08:00
Henri DF
ffac848c89 Merge pull request #6 from draios/cleanups 
Cleanups
 2016-02-24 10:33:11 -08:00
Henri DF
2428231c7a Remove unneeded code from digwatch main 2016-02-24 10:32:14 -08:00
Henri DF
1a70d12525 whitespace 2016-02-24 09:17:26 -08:00
Henri DF
5f43446bfa compiler.lua: Move macro checking into own file 2016-02-24 09:03:55 -08:00
Henri DF
a2ec9870de compiler.lua: consistently use 'ast' instead of 'node' 2016-02-24 08:46:33 -08:00
Henri DF
e725be968e rule_loader.lua: add/improve comments 2016-02-24 08:46:12 -08:00
Henri DF
ef3b2728f5 Merge pull request #5 from draios/replumb-events 
Support output formats
 2016-02-24 08:43:28 -08:00
Henri DF
a9d0268390 Move format handling into own class 2016-02-23 18:55:20 -08:00
Henri DF
636429c674 Move lua_State creation to digwatch main 2016-02-23 18:43:41 -08:00
Henri DF
3e73f01472 Always print events 
Before this change, events were only printed if they had all the
fields (same behavior as with sysdig when the output format doesn't have
a leading "*"). With this change, all events are printed; those that
don't have all fields are prefixed with a notification.
 2016-02-23 18:15:43 -08:00
Henri DF
2f105932fa parser-smoke.sh: add a test 2016-02-23 11:35:11 -08:00
Henri DF
87186df85a digwatch: use appropriate formatter for each event 2016-02-23 10:21:25 -08:00
Henri DF
a3976281a8 Pass rule indices down into filters 
This allows to match events back up with the display output they are
associated with.
 2016-02-23 18:09:52 +00:00
Henri DF
406f079621 Deep copy macro ASTs when expanding 
So that we can individually tag expressions that originate from the same macro (see next commit).
 2016-02-23 18:09:52 +00:00
Henri DF
3a56c1a0e4 AST: Rule node always has an Output child node 2016-02-23 18:09:52 +00:00
Henri DF
a7d0132154 Add 'sysdig.set_formatter' and use it in compiler 
This allows the compiler to define per-rule formats. They are currently
instantiated and stored on the c++ side, but not being made use of yet.
 2016-02-23 18:09:51 +00:00
Henri DF
426097241d Move compiler state and AST grafting to rule_loader.lua 
This is needed so that rule_loader (which should be renamed in a later pass..) can tag
filters with their index.
 2016-02-22 18:07:54 -08:00
Henri DF
5ba821aaef Fix handling of nested ASTs 2016-02-22 16:26:15 -08:00
Henri DF
d759e3b942 Fix macro expansion bug introduced with Rules 2016-02-22 16:01:40 -08:00
Henri DF
c31411b4cc Merge pull request #4 from draios/parser-work 
Parser work
 2016-02-22 13:32:12 -08:00
Henri DF
bba5aa6974 Add support for output formats 2016-02-22 21:31:21 +00:00
Henri DF
05362e2c68 compiler: don't fail on empty lines 2016-02-22 21:31:21 +00:00
Henri DF
7853260f38 fix test script 2016-02-22 21:31:21 +00:00
Henri DF
e5637d0cee specify lua5.1 in test.lua 2016-02-22 21:31:21 +00:00
Henri DF
b41794f6a9 Update README.md 2016-02-21 20:31:33 -08:00
Henri DF
5a3c191c97 Update README.md 2016-02-21 20:29:47 -08:00
Henri DF
37da302b39 Update README.md 2016-02-21 15:11:13 -08:00
Henri DF
8d7efbfc6b Merge pull request #3 from draios/lua-move 
Lua move
 2016-02-21 13:44:01 -08:00
Henri DF
c7bafc9a49 Move lua/ to userspace/digwatch 2016-02-21 13:43:08 -08:00
Henri DF
e50dd885c2 Remove cruft from lua/rule_loader.lua 2016-02-21 13:40:34 -08:00