github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-10-23 04:50:29 +00:00
Code Issues Projects Releases Wiki Activity
2,887 Commits 124 Branches 178 Tags
e751bf79c35838bd0f95077ed45ef910e7c81830
Commit Graph

16 Commits

Author SHA1 Message Date
Andrea Terzolo
e751bf79c3 fix(userspace/engine): improve rule loader source checks for macros and lists 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2022-05-24 15:54:17 +02:00
Federico Di Pierro
39f55f4b5c update(userspace): split filterchecks list for each source idx. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-05-21 16:33:38 +02:00
Jason Dellaluce
67d2fe45a5 refactor: add k8saudit plugin and adapt config, tests, and rulesets 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-04-29 20:47:19 +02:00
Jason Dellaluce
42fcc7291f refactor(userspace/falco): remove k8s audit references from falco 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-04-29 20:47:19 +02:00
Mark Stemm
e909babe20 fix: add implied exception comp to item for single item variant 
When adding an implied "in" comparison to an exception using the
single value form, add it to item, not items.

This fixes #1984.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2022-04-28 14:42:24 +02:00
Jason Dellaluce
a16eac221e refactor(userspace/engine): apply C++ best practices to newest engine classes 
This include making a coherent use of const, remove private inheritance, and adding virtual destructors.

Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-04-27 16:22:59 +02:00
Jason Dellaluce
be177795c2 refactor(userspace/engine): use supported_operators helper from libsinsp filter parser 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-04-27 16:22:59 +02:00
Jason Dellaluce
37d03cf7bc chore(userspace/engine): fix typo spotted with codespell 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-04-21 18:50:58 +02:00
Jason Dellaluce
95727b268f new(userspace/engine): add a resolver to generate warnings from a filter AST 
The first warnings we support involve the unsafe comparisons with <NA>, which were present
in the legacy regression tests for PSPs.

Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-04-21 18:50:58 +02:00
Jason Dellaluce
b8a95d262f refactor(userspace/engine): polish evttype resolver and use it in rule loader 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-04-19 16:29:40 +02:00
Jason Dellaluce
f638706ba3 chore(userspace/engine): renamings and code polishing in rule_loader and rule_reader 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-04-15 10:54:58 +02:00
Jason Dellaluce
9ed7d57838 refactor(userspace/engine): reduce responsibilities of rule_loader 
The rule_loader is now simply responsible of collecting list/macro/rule definitions and then compiling them as falco_rules. The ruleset file reading code will be moved to another class

Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-04-15 10:54:58 +02:00
Jason Dellaluce
2934ef29b9 chore(userspace/engine): fix indentations and use improve indexed_vector 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-04-11 12:22:18 +02:00
Jason Dellaluce
47426fbe0d update(userspace/engine): minor improvements and bug fixes on engine and rule loader 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-04-11 12:22:18 +02:00
Jason Dellaluce
e50d22f013 fix(userspace/engine): solve integration test errors 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-04-11 12:22:18 +02:00
Jason Dellaluce
43020d8a7d refactor(userspace/engine): re-implement the rule loader in C++ 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-04-11 12:22:18 +02:00