mirror of
https://github.com/falcosecurity/falco.git
synced 2026-03-20 11:42:06 +00:00
Compare commits
merge into: github:fix/dev_version
github:master
github:fix/http-output-on-non-linux-platforms
github:dependabot/submodules/submodules/falcosecurity-rules-048d2f8
github:feat/capture-events-filesize-limits
github:update/libs
github:3485_webserver_with_own_uid_gid
github:release/0.43.x
github:ekoops-patch-1
github:release/0.42.x
github:release/0.41.x
github:test/wip
github:new/musl_static_aarch64
github:release/0.40.x
github:release/0.39.x
github:wip/test_libs_master
github:release/0.38.x
github:generalize-indexable-ruleset-polymorphic
github:chore/test_pr1803
github:LucaGuerra-patch-1
github:release/0.37.x
github:fix_CI_5
github:chore/use_actuated_helper
github:fix_CI_4
github:bump_falco_latest_libs
github:new/static_aarch64
github:fix/use_plugin_name
github:new/mode-in-config
github:release/0.36.x
github:test_filterchecks
github:test_release_0.36.0
github:fix/workaround_glibc_bug_timer_delete
github:wip/test
github:add-load-files-method
github:test/ci
github:update/pidfile-usage-doc
github:bump_libs_andrea
github:release/0.35.x
github:remove-source-ruleset-overwrite-when-loading
github:mstemm-works-with-latest-libs
github:test/PR546
github:test/PR959
github:libs_bump
github:release/0.34.x
github:release/0.34.0
github:fix/kmod_cleanup
github:chore/move-rules-to-their-repo
github:enable_maintainers_gh_jobs
github:dev_docker
github:fix/dev_version
github:exec-hashes
github:falco_modern_probe
github:release/0.33.1
github:test_modern_probe
github:fix/docker_img_host_root_runtime
github:release/0.33.0
github:test_falco_bump
github:chore/falco_lock_file
github:fix_falco_service
github:test_deb_rpm
github:buffer_dimension
github:testing/falco-0-32-3/issue/1909
github:test/libs/pr/567
github:test/new_libs
github:release/0.32.2
github:update/remove-mesos-support
github:remove-fntlnz
github:test/libs/pr/213
github:leogr-patch-1
github:build/fix-conffiles
github:add-app-actions
github:add-app-actions-prerebase-2
github:add-grpc-rules-loading
github:fix-plugins-issue-56
github:field-properties-changes
github:embed-lua-scripts
github:new/plugin-system-api-additions-prerebase
github:embeddable-falco-engine
github:build/apply-libs-pr-41
github:build/upgrade-driver-version-mid2021
github:build/upgrade-driver-version-for-0-29-0
github:build/update-driver-version-wip
github:hotfix/grpc-in-packages
github:use-url-safe-chars-version
github:rules-fp-fixes-2021-02
github:allow-unknown-sources
github:libhawk-rules
github:build/docs
github:update/cli
github:update/logo
github:caniszczyk-patch-1
github:new/logger
github:new/inspect-per-cpu
github:new/ci-build-aarch64
github:release/0.26.2
github:temporary/test-ci-broken-tests
github:libhawk
github:add-exceptions-support-copy2
github:add-exceptions-support-copy
github:chore/remove-time-macrodefs
github:update/release-drivers
github:rules-bash-history-top-only
github:fix/scripts-modprobe
github:perf-experiments
github:fix/1272
github:fix/1272-test
github:readme-update
github:proposal/rules-engine-version-scope
github:nova-debug
github:falco-driver-loader-dockerfile
github:chore/integration-grpc-with-event-generator
github:feat/grpc-integration-tests
github:new/profiler
github:falco-arm-support
github:falco-on-arm
github:feature/inputs-mvp
github:adding-install-script
github:feat/modulecheck
github:falco-release-0-17-0
github:falco-release-0-17-1
github:add-addl-pst-owners
github:683-handle-sinsp-errors
github:allow-regex-chars-rule-names
github:backup-master
github:add-context-to-rules-errors
github:0.43.0
github:0.43.0-rc4
github:0.43.0-rc3
github:0.43.0-rc2
github:0.43.0-rc1
github:0.42.1
github:0.42.0
github:0.42.0-rc4
github:0.42.0-rc3
github:0.42.0-rc2
github:0.42.0-rc1
github:0.41.3
github:0.41.2
github:0.41.1
github:0.41.1-rc1
github:0.41.0
github:0.41.0-rc2
github:0.41.0-rc1
github:0.40.0
github:0.40.0-rc1
github:0.39.2
github:0.39.1
github:0.39.1-rc1
github:0.39.0
github:0.39.0-rc3
github:0.39.0-rc2
github:0.39.0-rc1
github:0.38.2
github:0.38.2-rc2
github:0.38.2-rc1
github:0.38.1
github:0.38.1-rc1
github:0.38.0
github:0.38.0-rc5
github:0.38.0-rc4
github:0.38.0-rc3
github:0.38.0-rc2
github:0.38.0-rc1
github:0.37.1
github:0.37.1-rc1
github:0.37.0
github:0.37.0-rc3
github:0.37.0-rc2
github:0.37.0-rc1
github:0.36.2
github:0.36.2-rc1
github:0.36.1
github:0.36.1-rc1
github:0.36.0
github:0.36.0-rc3
github:0.36.0-rc2
github:0.36.0-rc1
github:0.35.1
github:0.35.0
github:0.35.0-rc2
github:0.35.0-rc1
github:0.35.0-alpha5
github:0.35.0-alpha4
github:0.35.0-alpha3
github:0.35.0-alpha2
github:0.35.0-alpha1
github:0.34.1
github:0.34.0
github:0.33.1
github:0.33.0
github:0.32.2
github:0.32.1
github:0.32.0
github:0.31.1
github:0.31.0
github:0.30.0
github:0.29.1
github:0.29.0
github:0.28.1
github:0.28.0
github:0.27.0
github:0.26.2
github:0.26.1
github:0.26.0
github:0.25.0
github:0.24.0
github:0.23.0
github:0.22.1
github:0.22.0
github:0.21.0
github:0.20.0
github:0.19.0
github:0.18.0
github:0.17.1
github:0.17.0
github:0.16.0
github:0.15.3
github:0.15.2
github:0.15.1
github:0.15.0
github:0.14.0
github:0.13.1
github:0.13.0
github:agent/0.85.1
github:0.12.1
github:0.12.0
github:agent/0.85.0
github:agent/0.84.2
github:agent/0.84.3
github:agent/0.84.1
github:agent/0.84.0
github:0.11.1
github:0.11.0
github:agent/0.83.1
github:agent/0.83.0
github:agent/0.81.0
github:agent/0.82.0
github:agent/0.80.2
github:agent/0.80.1
github:0.10.0
github:agent/0.80.0
github:agent/0.79.0
github:agent/0.79.1
github:agent/0.78.0
github:agent/0.78.1
github:agent/0.76.4
github:agent/0.77.0
github:agent/0.76.3
github:0.9.0
github:agent/0.76.0
github:agent/0.76.1
github:agent/0.76.2
github:agent/0.75.0
github:agent/0.74.0
github:agent/0.73.2
github:agent/0.73.1
github:agent/0.73.0
github:agent/0.72.4
github:agent/0.72.0
github:agent/0.72.1
github:agent/0.72.2
github:agent/0.72.3
github:agent/0.71.0
github:agent/0.70.0
github:0.8.1
github:0.8.0
github:agent/0.69.0
github:agent/0.68.0
github:agent/0.66.0
github:agent/0.67.0
github:agent/0.65.0
github:agent/0.65.1
github:agent/0.63.0
github:agent/0.63.1
github:agent/0.64.0
github:agent/0.61.0
github:agent/0.62.0
github:0.7.0
github:0.6.1
github:agent/0.60.0
github:agent/0.59.0
github:agent/0.58.0
github:agent/0.57.0
github:agent/0.56.0
github:0.6.0
github:0.6.0-test
github:agent/0.55.0
github:agent/0.54.0
github:agent/0.53.0
github:agent/0.52.0
github:agent/0.51.0
github:agent/0.50.1
github:agent/0.50.0
github:0.5.0
github:agent/0.49.1
github:agent/0.49.0
github:agent/0.48.0
github:agent/0.47.0
github:agent/0.46.0
github:agent/0.45.0
github:agent/0.44.0
github:agent/0.43.0
github:0.4.0
github:agent/0.42.0
github:agent/0.40.0
github:agent/0.41.0
github:0.3.0
github:v0.2.0
github:v0.1.0
...
pull from: github:fix-plugins-issue-56
github:fix/http-output-on-non-linux-platforms
github:dependabot/submodules/submodules/falcosecurity-rules-048d2f8
github:master
github:feat/capture-events-filesize-limits
github:update/libs
github:3485_webserver_with_own_uid_gid
github:release/0.43.x
github:ekoops-patch-1
github:release/0.42.x
github:release/0.41.x
github:test/wip
github:new/musl_static_aarch64
github:release/0.40.x
github:release/0.39.x
github:wip/test_libs_master
github:release/0.38.x
github:generalize-indexable-ruleset-polymorphic
github:chore/test_pr1803
github:LucaGuerra-patch-1
github:release/0.37.x
github:fix_CI_5
github:chore/use_actuated_helper
github:fix_CI_4
github:bump_falco_latest_libs
github:new/static_aarch64
github:fix/use_plugin_name
github:new/mode-in-config
github:release/0.36.x
github:test_filterchecks
github:test_release_0.36.0
github:fix/workaround_glibc_bug_timer_delete
github:wip/test
github:add-load-files-method
github:test/ci
github:update/pidfile-usage-doc
github:bump_libs_andrea
github:release/0.35.x
github:remove-source-ruleset-overwrite-when-loading
github:mstemm-works-with-latest-libs
github:test/PR546
github:test/PR959
github:libs_bump
github:release/0.34.x
github:release/0.34.0
github:fix/kmod_cleanup
github:chore/move-rules-to-their-repo
github:enable_maintainers_gh_jobs
github:dev_docker
github:fix/dev_version
github:exec-hashes
github:falco_modern_probe
github:release/0.33.1
github:test_modern_probe
github:fix/docker_img_host_root_runtime
github:release/0.33.0
github:test_falco_bump
github:chore/falco_lock_file
github:fix_falco_service
github:test_deb_rpm
github:buffer_dimension
github:testing/falco-0-32-3/issue/1909
github:test/libs/pr/567
github:test/new_libs
github:release/0.32.2
github:update/remove-mesos-support
github:remove-fntlnz
github:test/libs/pr/213
github:leogr-patch-1
github:build/fix-conffiles
github:add-app-actions
github:add-app-actions-prerebase-2
github:add-grpc-rules-loading
github:fix-plugins-issue-56
github:field-properties-changes
github:embed-lua-scripts
github:new/plugin-system-api-additions-prerebase
github:embeddable-falco-engine
github:build/apply-libs-pr-41
github:build/upgrade-driver-version-mid2021
github:build/upgrade-driver-version-for-0-29-0
github:build/update-driver-version-wip
github:hotfix/grpc-in-packages
github:use-url-safe-chars-version
github:rules-fp-fixes-2021-02
github:allow-unknown-sources
github:libhawk-rules
github:build/docs
github:update/cli
github:update/logo
github:caniszczyk-patch-1
github:new/logger
github:new/inspect-per-cpu
github:new/ci-build-aarch64
github:release/0.26.2
github:temporary/test-ci-broken-tests
github:libhawk
github:add-exceptions-support-copy2
github:add-exceptions-support-copy
github:chore/remove-time-macrodefs
github:update/release-drivers
github:rules-bash-history-top-only
github:fix/scripts-modprobe
github:perf-experiments
github:fix/1272
github:fix/1272-test
github:readme-update
github:proposal/rules-engine-version-scope
github:nova-debug
github:falco-driver-loader-dockerfile
github:chore/integration-grpc-with-event-generator
github:feat/grpc-integration-tests
github:new/profiler
github:falco-arm-support
github:falco-on-arm
github:feature/inputs-mvp
github:adding-install-script
github:feat/modulecheck
github:falco-release-0-17-0
github:falco-release-0-17-1
github:add-addl-pst-owners
github:683-handle-sinsp-errors
github:allow-regex-chars-rule-names
github:backup-master
github:add-context-to-rules-errors
github:0.43.0
github:0.43.0-rc4
github:0.43.0-rc3
github:0.43.0-rc2
github:0.43.0-rc1
github:0.42.1
github:0.42.0
github:0.42.0-rc4
github:0.42.0-rc3
github:0.42.0-rc2
github:0.42.0-rc1
github:0.41.3
github:0.41.2
github:0.41.1
github:0.41.1-rc1
github:0.41.0
github:0.41.0-rc2
github:0.41.0-rc1
github:0.40.0
github:0.40.0-rc1
github:0.39.2
github:0.39.1
github:0.39.1-rc1
github:0.39.0
github:0.39.0-rc3
github:0.39.0-rc2
github:0.39.0-rc1
github:0.38.2
github:0.38.2-rc2
github:0.38.2-rc1
github:0.38.1
github:0.38.1-rc1
github:0.38.0
github:0.38.0-rc5
github:0.38.0-rc4
github:0.38.0-rc3
github:0.38.0-rc2
github:0.38.0-rc1
github:0.37.1
github:0.37.1-rc1
github:0.37.0
github:0.37.0-rc3
github:0.37.0-rc2
github:0.37.0-rc1
github:0.36.2
github:0.36.2-rc1
github:0.36.1
github:0.36.1-rc1
github:0.36.0
github:0.36.0-rc3
github:0.36.0-rc2
github:0.36.0-rc1
github:0.35.1
github:0.35.0
github:0.35.0-rc2
github:0.35.0-rc1
github:0.35.0-alpha5
github:0.35.0-alpha4
github:0.35.0-alpha3
github:0.35.0-alpha2
github:0.35.0-alpha1
github:0.34.1
github:0.34.0
github:0.33.1
github:0.33.0
github:0.32.2
github:0.32.1
github:0.32.0
github:0.31.1
github:0.31.0
github:0.30.0
github:0.29.1
github:0.29.0
github:0.28.1
github:0.28.0
github:0.27.0
github:0.26.2
github:0.26.1
github:0.26.0
github:0.25.0
github:0.24.0
github:0.23.0
github:0.22.1
github:0.22.0
github:0.21.0
github:0.20.0
github:0.19.0
github:0.18.0
github:0.17.1
github:0.17.0
github:0.16.0
github:0.15.3
github:0.15.2
github:0.15.1
github:0.15.0
github:0.14.0
github:0.13.1
github:0.13.0
github:agent/0.85.1
github:0.12.1
github:0.12.0
github:agent/0.85.0
github:agent/0.84.2
github:agent/0.84.3
github:agent/0.84.1
github:agent/0.84.0
github:0.11.1
github:0.11.0
github:agent/0.83.1
github:agent/0.83.0
github:agent/0.81.0
github:agent/0.82.0
github:agent/0.80.2
github:agent/0.80.1
github:0.10.0
github:agent/0.80.0
github:agent/0.79.0
github:agent/0.79.1
github:agent/0.78.0
github:agent/0.78.1
github:agent/0.76.4
github:agent/0.77.0
github:agent/0.76.3
github:0.9.0
github:agent/0.76.0
github:agent/0.76.1
github:agent/0.76.2
github:agent/0.75.0
github:agent/0.74.0
github:agent/0.73.2
github:agent/0.73.1
github:agent/0.73.0
github:agent/0.72.4
github:agent/0.72.0
github:agent/0.72.1
github:agent/0.72.2
github:agent/0.72.3
github:agent/0.71.0
github:agent/0.70.0
github:0.8.1
github:0.8.0
github:agent/0.69.0
github:agent/0.68.0
github:agent/0.66.0
github:agent/0.67.0
github:agent/0.65.0
github:agent/0.65.1
github:agent/0.63.0
github:agent/0.63.1
github:agent/0.64.0
github:agent/0.61.0
github:agent/0.62.0
github:0.7.0
github:0.6.1
github:agent/0.60.0
github:agent/0.59.0
github:agent/0.58.0
github:agent/0.57.0
github:agent/0.56.0
github:0.6.0
github:0.6.0-test
github:agent/0.55.0
github:agent/0.54.0
github:agent/0.53.0
github:agent/0.52.0
github:agent/0.51.0
github:agent/0.50.1
github:agent/0.50.0
github:0.5.0
github:agent/0.49.1
github:agent/0.49.0
github:agent/0.48.0
github:agent/0.47.0
github:agent/0.46.0
github:agent/0.45.0
github:agent/0.44.0
github:agent/0.43.0
github:0.4.0
github:agent/0.42.0
github:agent/0.40.0
github:agent/0.41.0
github:0.3.0
github:v0.2.0
github:v0.1.0
1 Commits
fix/dev_ve
...
fix-plugin
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Mark Stemm
|
1df80fd94b |
Escape double-quotes in aws cloudtrail rule
The rule Delete Bucket Public Access Block has a predicate
`json.value[/requestParameters/publicAccessBlock]=""` to match
an event snippet like this:
```
"requestParameters": {
"publicAccessBlock": "",
```
The cloudtrail plugin properly returns `""` for this field, but the
yaml representation was a literal back-to-back quote, which gets
interpreted by the yaml parser to be an empty string.
Escaping the back-to-back quote fixes the ambiguity.
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
|
1 changed files with 1 additions and 1 deletions
|
|
@@ -335,7 +335,7 @@
|
|||
desc: Detect deleting blocking public access to bucket.
|
||||
condition:
|
||||
ct.name="PutBucketPublicAccessBlock" and not ct.error exists and
|
||||
json.value[/requestParameters/publicAccessBlock]="" and
|
||||
json.value[/requestParameters/publicAccessBlock]='""' and
|
||||
(json.value[/requestParameters/PublicAccessBlockConfiguration/RestrictPublicBuckets]=false or
|
||||
json.value[/requestParameters/PublicAccessBlockConfiguration/BlockPublicPolicy]=false or
|
||||
json.value[/requestParameters/PublicAccessBlockConfiguration/BlockPublicAcls]=false or
|
||||
|
|
|
|||
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.