The format of error responses has changed to include a summary of errors
and/or warnings. This changed many test cases that were looking for
specific outputs.
Update to add counts and other minor formatting changes.
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
When parsing a rules file, if a top level object is not one of the known
types rule, macro, list, required_engine_version, instead of failing
parsing, add a warning instead.
This adds some forwards-compatibility to rules files.
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
Add the notion of warnings when loading rules, which are printed if
verbose is true:
- load_rules now returns a tuple (success, required engine version,
error array, warnings array) instead of (true, required engine
version) or (false, error string)
- build_error/build_error_with_context now returns an array instead of
string value.
- warnings are combined across calls to load_rules_doc
- Current warnings include:
- a rule that contains an unknown filter
- a macro not referred to by any rule
- a list not referred to by any rule/macro/list
Any errors/warnings are concatenated into the exception if success was
false. Any errors/warnings will be printed if verbose is true.
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
If an exception item has a single value for fields, all the values are
combined together into a single set to build an expression field
cmp (val1, val2, ...)
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
Instead of oveloading the exception item name as the key of the object,
just have a flat array of object with a name property.
A bit more verbose, but makes it easier to understand what the schema is.
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
A rule exception can now have a comps property that allows fields to be
matched against items using an operator of =. If not defined, equality
is implied.
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
- Clean up npm examples so they are valid.
- Small punctuation changes.
- Emphasize that the strings related to field values are arbitrary.
- Emphasize that exceptions only use equality matching.
- Emphasize that you'll need to upgrade falco to use these new features.
- Capitalize Falco everywhere.
- Change language related to backwards compatibility.
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
This proposes adding exceptions as a first class object to falco rules
files.
It adds a new key "exceptions" to rule objects that allows a rule
writer to define tuples of field names that comprise an exception, and a
new top level object "exception" that contains lists of tuples of field
values that define exceptions to rules.
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
Fixes#1269
Add two new fields in the version service for falco's engine version and
the checksum of all of the fields it understands.
This will require rebuilding/re-releasing all the clients.
Signed-off-by: Spencer Krum <nibz@spencerkrum.com>
Have some cmake variables (e.g. *_INCLUDE and *_LIB) marked as advanced,
in order to have a cleaner ccmake menu.
Signed-off-by: Angelo Puglisi <angelopuglisi86@gmail.com>
Because of https://gitlab.kitware.com/cmake/cmake/-/issues/16419, every
time one compiles, some external projects gets updated causing rebuild.
Have EP_UPDATE_DISCONNECTED option (default OFF) to be able to control
that behaviour.
Signed-off-by: Angelo Puglisi <angelopuglisi86@gmail.com>
Co-authored-by: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
