github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-26 06:42:08 +00:00
Code Issues Projects Releases Wiki Activity
4,513 Commits 121 Branches 172 Tags 104 MiB
f18ea1e8b7
Commit Graph

4513 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Henri DF
6569f0372d Grammar: support function-call syntax in outputs 
This change adds syntax support for function call outputs. For example:

... | syslog(evt, WARN)

Regular outputs are still allowed and parsed in the same way.
 2016-02-28 14:28:00 -08:00
Henri DF
733548b80b Grammar: fix commas in lists 
commas were (unintentionally) optional in lists. so a list like (a b c)
was a valid three-element list.
 2016-02-28 14:24:54 -08:00
Henri DF
b46e996ea1 Merge pull request #8 from draios/array-accessor-grammar 
Grammar: parse array lookup in fields
 2016-02-28 13:23:38 -08:00
Henri DF
96942f8034 Grammar: parse array lookup in fields 2016-02-28 13:20:35 -08:00
Henri DF
e75041c4b9 Update README.md 2016-02-26 09:56:52 -08:00
Henri DF
ae08d6ca8f Merge pull request #7 from draios/compiler-fixes 
Compiler fixes
 2016-02-25 10:55:18 -08:00
Henri DF
4053b7241e Fix 'in' clause expansion 2016-02-25 10:54:42 -08:00
Henri DF
eaeb360b31 Fix macro expansion 2016-02-25 10:54:28 -08:00
Henri DF
d62ea1df24 Support for comments in rules files 2016-02-24 15:47:19 -08:00
Henri DF
ffac848c89 Merge pull request #6 from draios/cleanups 
Cleanups
 2016-02-24 10:33:11 -08:00
Henri DF
2428231c7a Remove unneeded code from digwatch main 2016-02-24 10:32:14 -08:00
Henri DF
1a70d12525 whitespace 2016-02-24 09:17:26 -08:00
Henri DF
5f43446bfa compiler.lua: Move macro checking into own file 2016-02-24 09:03:55 -08:00
Henri DF
a2ec9870de compiler.lua: consistently use 'ast' instead of 'node' 2016-02-24 08:46:33 -08:00
Henri DF
e725be968e rule_loader.lua: add/improve comments 2016-02-24 08:46:12 -08:00
Henri DF
ef3b2728f5 Merge pull request #5 from draios/replumb-events 
Support output formats
 2016-02-24 08:43:28 -08:00
Henri DF
a9d0268390 Move format handling into own class 2016-02-23 18:55:20 -08:00
Henri DF
636429c674 Move lua_State creation to digwatch main 2016-02-23 18:43:41 -08:00
Henri DF
3e73f01472 Always print events 
Before this change, events were only printed if they had all the
fields (same behavior as with sysdig when the output format doesn't have
a leading "*"). With this change, all events are printed; those that
don't have all fields are prefixed with a notification.
 2016-02-23 18:15:43 -08:00
Henri DF
2f105932fa parser-smoke.sh: add a test 2016-02-23 11:35:11 -08:00
Henri DF
87186df85a digwatch: use appropriate formatter for each event 2016-02-23 10:21:25 -08:00
Henri DF
a3976281a8 Pass rule indices down into filters 
This allows to match events back up with the display output they are
associated with.
 2016-02-23 18:09:52 +00:00
Henri DF
406f079621 Deep copy macro ASTs when expanding 
So that we can individually tag expressions that originate from the same macro (see next commit).
 2016-02-23 18:09:52 +00:00
Henri DF
3a56c1a0e4 AST: Rule node always has an Output child node 2016-02-23 18:09:52 +00:00
Henri DF
a7d0132154 Add 'sysdig.set_formatter' and use it in compiler 
This allows the compiler to define per-rule formats. They are currently
instantiated and stored on the c++ side, but not being made use of yet.
 2016-02-23 18:09:51 +00:00
Henri DF
426097241d Move compiler state and AST grafting to rule_loader.lua 
This is needed so that rule_loader (which should be renamed in a later pass..) can tag
filters with their index.
 2016-02-22 18:07:54 -08:00
Henri DF
5ba821aaef Fix handling of nested ASTs 2016-02-22 16:26:15 -08:00
Henri DF
d759e3b942 Fix macro expansion bug introduced with Rules 2016-02-22 16:01:40 -08:00
Henri DF
c31411b4cc Merge pull request #4 from draios/parser-work 
Parser work
 2016-02-22 13:32:12 -08:00
Henri DF
bba5aa6974 Add support for output formats 2016-02-22 21:31:21 +00:00
Henri DF
05362e2c68 compiler: don't fail on empty lines 2016-02-22 21:31:21 +00:00
Henri DF
7853260f38 fix test script 2016-02-22 21:31:21 +00:00
Henri DF
e5637d0cee specify lua5.1 in test.lua 2016-02-22 21:31:21 +00:00
Henri DF
b41794f6a9 Update README.md 2016-02-21 20:31:33 -08:00
Henri DF
5a3c191c97 Update README.md 2016-02-21 20:29:47 -08:00
Henri DF
37da302b39 Update README.md 2016-02-21 15:11:13 -08:00
Henri DF
8d7efbfc6b Merge pull request #3 from draios/lua-move 
Lua move
 2016-02-21 13:44:01 -08:00
Henri DF
c7bafc9a49 Move lua/ to userspace/digwatch 2016-02-21 13:43:08 -08:00
Henri DF
e50dd885c2 Remove cruft from lua/rule_loader.lua 2016-02-21 13:40:34 -08:00
Henri DF
601ad3b620 Merge pull request #2 from draios/digwatch-scaffolding 
Digwatch initial implementation
 2016-02-20 21:27:36 -08:00
Henri DF
3d58c3c9ae Compile and load digwatch rules! 2016-02-20 21:25:41 -08:00
Henri DF
e1cdd62f2f Change representation of relational ops in AST 2016-02-20 21:17:00 -08:00
Henri DF
9fef5a7b29 Rework loading of Lua and rules files 2016-02-20 16:21:56 -08:00
Henri DF
9b89116a26 Add config_digwatch.h.in 2016-02-20 13:38:57 -08:00
Henri DF
19cb8cc4f2 sysdig-parser.lua -> compiler.lua 2016-02-20 19:31:20 +00:00
Henri DF
9899680064 Lua parser refactoring 
Move compiler loading out of libsinsp/lua_parser.cpp and into a new
class in digwatch/rules.cpp.

This way the libsinsp support is strictly about providing a lua API for
scripts to setup filters. Loading the actual parser and rules is logic
that belongs in the app (digwatch in this case, maybe sysdig down the
line) rather than there.
 2016-02-19 20:30:23 -08:00
Henri DF
c63657acad typoes 2016-02-19 16:26:12 -08:00
Henri DF
208930fd55 Simplify error handling in digwatch main 2016-02-19 14:50:51 -08:00
Henri DF
32ad5673c6 Pass filter object into sinsp::set_filter() 2016-02-18 21:09:26 -08:00
Henri DF
4c371e5b1d Add curl dependency 2016-02-19 01:58:17 +00:00