update: changelog 0.20.0

Signed-off-by: rajibmitra <fiorm.github@gmail.com>
Verify checksum after downloading sysdig tarball
2026-03-25 14:13:41 +00:00 · 2020-02-24 11:05:15 +01:00 · 2020-02-23 17:10:44 +01:00 · 2020-02-13 18:01:39 +01:00 · 2020-02-13 18:01:39 +01:00 · 2020-02-13 18:01:39 +01:00
28 changed files with 91 additions and 34 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,32 @@

 This file documents all notable changes to Falco. The release numbering uses [semantic versioning](http://semver.org).

+## v0.20.0
+
+Released on 2020-02-24
+
+### Major Changes
+
+* fix: memory leak introduced in 0.18.0 happening while using json events and the kubernetes audit endpoint [[#1041](https://github.com/falcosecurity/falco/pull/1041)]
+* new: grpc version api [[#872](https://github.com/falcosecurity/falco/pull/872)]
+
+
+### Bug Fixes
+
+* fix: the base64 output format (-b) now works with both json and normal output. [[#1033](https://github.com/falcosecurity/falco/pull/1033)]
+* fix: version follows semver 2 bnf [[#872](https://github.com/falcosecurity/falco/pull/872)]
+
+### Rule Changes
+
+* rule(write below etc): add "dsc_host" as a ms oms program [[#1028](https://github.com/falcosecurity/falco/pull/1028)]
+* rule(write below etc): let mcafee write to /etc/cma.d  [[#1028](https://github.com/falcosecurity/falco/pull/1028)]
+* rule(write below etc): let avinetworks supervisor write some ssh cfg [[#1028](https://github.com/falcosecurity/falco/pull/1028)]
+* rule(write below etc): alow writes to /etc/pki from openshift secrets dir [[#1028](https://github.com/falcosecurity/falco/pull/1028)]
+* rule(write below root): let runc write to /exec.fifo [[#1028](https://github.com/falcosecurity/falco/pull/1028)]
+* rule(change thread namespace): let cilium-cni change namespaces [[#1028](https://github.com/falcosecurity/falco/pull/1028)]
+* rule(run shell untrusted): let puma reactor spawn shells [[#1028](https://github.com/falcosecurity/falco/pull/1028)]
+
+
 ## v0.19.0

 Released on 2020-01-23
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -9,6 +9,8 @@
  - [Pull Requests](#pull-requests)
    - [Commit convention](#commit-convention)
      - [Rule type](#rule-type)
+  - [Coding Guidelines](#coding-guidelines)
+    - [C++](#c)
  - [Developer Certificate Of Origin](#developer-certificate-of-origin)

 ## Code of Conduct
@@ -120,6 +122,13 @@ If you are changing only a macro, the commit will look like this:
 rule(macro user_known_write_monitored_dir_conditions): make sure conditions are great
 ```

+## Coding Guidelines
+
+### C++
+
+* File `userspace/engine/banned.h` defines some functions as invalid tokens. These functions are not allowed to be used in the codebase. Whenever creating a new cpp file, include the `"banned.h"` headers. This ensures that the banned functions are not compiled.
+
+  A complete list of banned functions can be found [here](./userspace/engine/banned.h).

 ## Developer Certificate Of Origin

--- a/README.md
+++ b/README.md
@@ -7,7 +7,7 @@

 #### Latest release

-**v0.19.0**
+**v0.20.0**
 Read the [change log](CHANGELOG.md)

 [![Build Status](https://img.shields.io/circleci/build/github/falcosecurity/falco/master?style=for-the-badge)](https://circleci.com/gh/falcosecurity/falco) [![CII Best Practices Summary](https://img.shields.io/cii/summary/2317?label=CCI%20Best%20Practices&style=for-the-badge)](https://bestpractices.coreinfrastructure.org/projects/2317) [![GitHub](https://img.shields.io/github/license/falcosecurity/falco?style=for-the-badge)](COPYING)
--- a/cmake/modules/sysdig-repo/CMakeLists.txt
+++ b/cmake/modules/sysdig-repo/CMakeLists.txt
@@ -22,12 +22,13 @@ include(ExternalProject)
 # In case you want to test against another sysdig version just pass the variable - ie., `cmake -DSYSDIG_VERSION=dev ..`
 if(NOT SYSDIG_VERSION)
  set(SYSDIG_VERSION "146a431edf95829ac11bfd9c85ba3ef08789bffe")
+  set(SYSDIG_CHECKSUM "SHA256=6e477ac5fe9d3110b870bd4495f01541373a008c375a1934a2d1c46798b6bad6")
 endif()

 ExternalProject_Add(
  sysdig
  URL "https://github.com/draios/sysdig/archive/${SYSDIG_VERSION}.tar.gz"
-  # URL_HASH SHA256=bd09607aa8beb863db07e695863f7dc543e2d39e7153005759d26a340ff66fa5
+  URL_HASH "${SYSDIG_CHECKSUM}"
  CONFIGURE_COMMAND ""
  BUILD_COMMAND ""
  INSTALL_COMMAND ""
--- a/cmake/modules/sysdig.cmake
+++ b/cmake/modules/sysdig.cmake
@@ -22,7 +22,7 @@ endif()

 file(MAKE_DIRECTORY ${SYSDIG_CMAKE_WORKING_DIR})
 # cd /path/to/build && cmake /path/to/source
-execute_process(COMMAND "${CMAKE_COMMAND}" ${SYSDIG_CMAKE_SOURCE_DIR} WORKING_DIRECTORY ${SYSDIG_CMAKE_WORKING_DIR})
+execute_process(COMMAND "${CMAKE_COMMAND}" -DSYSDIG_VERSION=${SYSDIG_VERSION} ${SYSDIG_CMAKE_SOURCE_DIR} WORKING_DIRECTORY ${SYSDIG_CMAKE_WORKING_DIR})

 # todo(leodido, fntlnz) > use the following one when CMake version will be >= 3.13

--- a/docker/kernel/linuxkit/Dockerfile
+++ b/docker/kernel/linuxkit/Dockerfile
@@ -1,13 +1,13 @@
 ARG ALPINE_VERSION=3.10
 ARG KERNEL_VERSION=4.9.184
-ARG FALCO_VERSION=0.19.0
+ARG FALCO_VERSION=0.20.0

 FROM linuxkit/kernel:${KERNEL_VERSION} AS ksrc
 FROM falcosecurity/falco:${FALCO_VERSION}-minimal as falco
 FROM alpine:${ALPINE_VERSION} AS probe-build
 LABEL maintainer="opensource@sysdig.com"
 ARG KERNEL_VERSION=4.9.184
-ARG FALCO_VERSION=0.19.0
+ARG FALCO_VERSION=0.20.0
 ENV FALCO_VERSION=${FALCO_VERSION}
 ENV KERNEL_VERSION=${KERNEL_VERSION}

@@ -32,7 +32,7 @@ RUN apk add --no-cache --update \
  autoconf

 FROM alpine:${ALPINE_VERSION}
-ARG FALCO_VERSION=0.19.0
+ARG FALCO_VERSION=0.20.0
 ENV FALCO_VERSION=${FALCO_VERSION}
 COPY --from=probe-build /usr/src/falco-${FALCO_VERSION}/falco-probe.ko /
 CMD ["insmod","/falco-probe.ko"]
--- a/docker/minimal/Dockerfile
+++ b/docker/minimal/Dockerfile
@@ -2,7 +2,7 @@ FROM ubuntu:18.04 as ubuntu

 LABEL maintainer="opensource@sysdig.com"

-ARG FALCO_VERSION=0.19.0
+ARG FALCO_VERSION=0.20.0

 ENV FALCO_VERSION=${FALCO_VERSION}

--- a/integrations/k8s-using-daemonset/k8s-with-rbac/falco-daemonset-configmap-slim.yaml
+++ b/integrations/k8s-using-daemonset/k8s-with-rbac/falco-daemonset-configmap-slim.yaml
@@ -20,7 +20,7 @@ spec:
            privileged: true
          #env:
          #  - name: FALCOCTL_FALCO_VERSION
-          #    value: 0.19.0
+          #    value: 0.20.0
          #  - name: FALCOCTL_FALCO_PROBE_URL
          #    value:
          #  - name: FALCOCTL_FALCO_PROBE_REPO
@@ -31,7 +31,7 @@ spec:
              readOnly: true
      containers:
        - name: falco
-          image: falcosecurity/falco:0.19.0-slim
+          image: falcosecurity/falco:0.20.0-slim
          securityContext:
            privileged: true
 # Uncomment the 3 lines below to enable eBPF support for Falco.
--- a/userspace/engine/banned.h
+++ b/userspace/engine/banned.h
@@ -21,5 +21,30 @@ limitations under the License.
 // function is used.
 #define BAN(function) using_##function##_is_banned

+// BAN_ALTERNATIVE is same as BAN but the message also provides an alternative
+// function that the user could use instead of the banned function.
+#define BAN_ALTERNATIVE(function, alternative) using_##function##_is_banned__use_##alternative##_instead
+
 #undef strcpy
 #define strcpy(a, b) BAN(strcpy)
+
+#undef vsprintf
+#define vsprintf(a, b, c) BAN_ALTERNATIVE(vsprintf, vsnprintf)
+
+#undef sprintf
+#define sprintf(a, b, ...) BAN_ALTERNATIVE(sprintf, snprintf)
+
+#undef strcat
+#define strcat(a, b) BAN(strcat)
+
+#undef strncat
+#define strncat(a, b, c) BAN(strncat)
+
+#undef strncpy
+#define strncpy(a, b, c) BAN(strncpy)
+
+#undef swprintf
+#define swprintf(a, b, c, ...) BAN_ALTERNATIVE(swprintf, snprintf)
+
+#undef vswprintf
+#define vswprintf(a, b, c, d) BAN_ALTERNATIVE(vswprintf, vsnprintf)
--- a/userspace/engine/falco_common.cpp
+++ b/userspace/engine/falco_common.cpp
@@ -18,7 +18,7 @@ limitations under the License.

 #include "config_falco_engine.h"
 #include "falco_common.h"
-#include "banned.h"
+#include "banned.h" // This raises a compilation error when certain functions are used

 std::vector<std::string> falco_common::priority_names = {
 	"Emergency",
--- a/userspace/engine/falco_engine.cpp
+++ b/userspace/engine/falco_engine.cpp
@@ -32,7 +32,7 @@ extern "C" {
 }

 #include "utils.h"
-#include "banned.h"
+#include "banned.h" // This raises a compilation error when certain functions are used


 string lua_on_event = "on_event";
--- a/userspace/engine/falco_utils.cpp
+++ b/userspace/engine/falco_utils.cpp
@@ -18,7 +18,7 @@ limitations under the License.
 */

 #include "falco_utils.h"
-#include "banned.h"
+#include "banned.h" // This raises a compilation error when certain functions are used

 namespace falco
 {
--- a/userspace/engine/formats.cpp
+++ b/userspace/engine/formats.cpp
@@ -18,7 +18,7 @@ limitations under the License.

 #include "formats.h"
 #include "falco_engine.h"
-#include "banned.h"
+#include "banned.h" // This raises a compilation error when certain functions are used


 sinsp* falco_formats::s_inspector = NULL;
--- a/userspace/engine/json_evt.cpp
+++ b/userspace/engine/json_evt.cpp
@@ -21,7 +21,7 @@ limitations under the License.

 #include "falco_common.h"
 #include "json_evt.h"
-#include "banned.h"
+#include "banned.h" // This raises a compilation error when certain functions are used

 using json = nlohmann::json;
 using namespace std;
--- a/userspace/engine/rules.cpp
+++ b/userspace/engine/rules.cpp
@@ -24,7 +24,7 @@ extern "C" {
 }

 #include "falco_engine.h"
-#include "banned.h"
+#include "banned.h" // This raises a compilation error when certain functions are used

 const static struct luaL_reg ll_falco_rules [] =
 {
--- a/userspace/engine/ruleset.cpp
+++ b/userspace/engine/ruleset.cpp
@@ -15,7 +15,7 @@ limitations under the License.
 */

 #include "ruleset.h"
-#include "banned.h"
+#include "banned.h" // This raises a compilation error when certain functions are used

 using namespace std;

--- a/userspace/engine/token_bucket.cpp
+++ b/userspace/engine/token_bucket.cpp
@@ -20,7 +20,7 @@ limitations under the License.

 #include "token_bucket.h"
 #include "utils.h"
-#include "banned.h"
+#include "banned.h" // This raises a compilation error when certain functions are used

 token_bucket::token_bucket():
 	token_bucket(sinsp_utils::get_current_time_ns)
--- a/userspace/falco/configuration.cpp
+++ b/userspace/falco/configuration.cpp
@@ -23,7 +23,7 @@ limitations under the License.

 #include "configuration.h"
 #include "logger.h"
-#include "banned.h"
+#include "banned.h" // This raises a compilation error when certain functions are used

 using namespace std;

--- a/userspace/falco/event_drops.cpp
+++ b/userspace/falco/event_drops.cpp
@@ -15,7 +15,7 @@ limitations under the License.
 */

 #include "event_drops.h"
-#include "banned.h"
+#include "banned.h" // This raises a compilation error when certain functions are used

 syscall_evt_drop_mgr::syscall_evt_drop_mgr():
 	m_num_syscall_evt_drops(0),
--- a/userspace/falco/falco.cpp
+++ b/userspace/falco/falco.cpp
@@ -45,7 +45,7 @@ limitations under the License.
 #include "statsfilewriter.h"
 #include "webserver.h"
 #include "grpc_server.h"
-#include "banned.h"
+#include "banned.h" // This raises a compilation error when certain functions are used

 typedef function<void(sinsp* inspector)> open_t;

--- a/userspace/falco/falco_outputs.cpp
+++ b/userspace/falco/falco_outputs.cpp
@@ -23,7 +23,7 @@ limitations under the License.
 #include "formats.h"
 #include "logger.h"
 #include "falco_output_queue.h"
-#include "banned.h"
+#include "banned.h" // This raises a compilation error when certain functions are used

 using namespace std;
 using namespace falco::output;
--- a/userspace/falco/grpc_context.cpp
+++ b/userspace/falco/grpc_context.cpp
@@ -17,7 +17,7 @@ limitations under the License.
 #include <sstream>

 #include "grpc_context.h"
-#include "banned.h"
+#include "banned.h" // This raises a compilation error when certain functions are used

 falco::grpc::context::context(::grpc::ServerContext* ctx):
 	m_ctx(ctx)
--- a/userspace/falco/grpc_server.cpp
+++ b/userspace/falco/grpc_server.cpp
@@ -24,7 +24,7 @@ limitations under the License.
 #include "grpc_server.h"
 #include "grpc_request_context.h"
 #include "utils.h"
-#include "banned.h"
+#include "banned.h" // This raises a compilation error when certain functions are used

 #define REGISTER_STREAM(req, res, svc, rpc, impl, num)                          \
 	std::vector<request_stream_context<svc, req, res>> rpc##_contexts(num); \
--- a/userspace/falco/grpc_server_impl.cpp
+++ b/userspace/falco/grpc_server_impl.cpp
@@ -17,7 +17,7 @@ limitations under the License.
 #include "config_falco.h"
 #include "grpc_server_impl.h"
 #include "falco_output_queue.h"
-#include "banned.h"
+#include "banned.h" // This raises a compilation error when certain functions are used

 bool falco::grpc::server_impl::is_running()
 {
--- a/userspace/falco/logger.cpp
+++ b/userspace/falco/logger.cpp
@@ -19,7 +19,7 @@ limitations under the License.
 #include "chisel_api.h"

 #include "falco_common.h"
-#include "banned.h"
+#include "banned.h" // This raises a compilation error when certain functions are used

 const static struct luaL_reg ll_falco [] =
 {
@@ -131,12 +131,8 @@ void falco_logger::log(int priority, const string msg)
 		{
 			char buf[sizeof "YYYY-MM-DDTHH:MM:SS-0000"];
 			struct tm *gtm = std::gmtime(&result);
-			if(gtm == NULL ||
-			   (strftime(buf, sizeof(buf), "%FT%T%z", gtm) == 0))
-			{
-				sprintf(buf, "N/A");
-			}
-			else
+			if(gtm != NULL &&
+			   (strftime(buf, sizeof(buf), "%FT%T%z", gtm) != 0))
 			{
 				fprintf(stderr, "%s: %s", buf, msg.c_str());
 			}
--- a/userspace/falco/statsfilewriter.cpp
+++ b/userspace/falco/statsfilewriter.cpp
@@ -18,7 +18,7 @@ limitations under the License.
 #include <signal.h>

 #include "statsfilewriter.h"
-#include "banned.h"
+#include "banned.h" // This raises a compilation error when certain functions are used

 using namespace std;

--- a/userspace/falco/utils.cpp
+++ b/userspace/falco/utils.cpp
@@ -15,7 +15,7 @@ limitations under the License.
 */

 #include "utils.h"
-#include "banned.h"
+#include "banned.h" // This raises a compilation error when certain functions are used

 void falco::utils::read(const std::string& filename, std::string& data)
 {
--- a/userspace/falco/webserver.cpp
+++ b/userspace/falco/webserver.cpp
@@ -20,7 +20,7 @@ limitations under the License.
 #include "falco_common.h"
 #include "webserver.h"
 #include "json_evt.h"
-#include "banned.h"
+#include "banned.h" // This raises a compilation error when certain functions are used

 using json = nlohmann::json;
 using namespace std;
Author	SHA1	Message	Date
rajibmitra	d77080a8c2	update: changelog 0.20.0 Signed-off-by: rajibmitra <fiorm.github@gmail.com>	2020-02-24 11:05:15 +01:00
Anders F Björklund	defaf7bddb	Verify checksum after downloading sysdig tarball Also it seemed that any of value of -DSYSDIG_VERSION failed to propagate, from first cmake to second cmake. Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>	2020-02-23 17:10:44 +01:00
Vaibhav	e46641d24d	docs(userspace): Add banned functions to coding guidelines for c++. This updates the `CONTRIBUTING.md` in order to include `"banned.h"` in every cpp file which invalidates certain functions, hence, banned. Fixes #1035 Signed-off-by: Vaibhav <vrongmeal@gmail.com>	2020-02-13 18:01:39 +01:00
Vaibhav	03bf027e5c	feat(userspace): Add comments to explain "banned.h". Fixes #1035 Signed-off-by: Vaibhav <vrongmeal@gmail.com>	2020-02-13 18:01:39 +01:00
Vaibhav	7ed3e1d927	feat(userspace): Add `BAN_ALTERNATIVE` macro to `banned.h`. BAN_ALTERNATIVE is same as BAN but the message also provides an alternative function that the user could use instead of the banned function. Fixes #1035 Signed-off-by: Vaibhav <vrongmeal@gmail.com>	2020-02-13 18:01:39 +01:00
Vaibhav	1c80c1f458	feat(userspace): Add more functions to `banned.h`. These include: * vsprintf() * sprintf() * strcat() * strncat() * strncpy() * swprintf() * vswprintf() This also changes `userspace/falco/logger.cpp` to remove a `sprintf` statement. The statement did not affect the codebase in any form so it was simply removed rather than being substituted. Fixes #1035 Signed-off-by: Vaibhav <vrongmeal@gmail.com>	2020-02-13 18:01:39 +01:00