mirror of
https://github.com/falcosecurity/falco.git
synced 2025-10-21 19:44:57 +00:00
aa073586f1
Clean up the handling of priority levels within rules. It used to be a mix of strings handled in various places. Now, in falco_common.h there's a consistent type for priority-as-number as well as a list of priority-as-string values. Priorities are passed around as numbers instead of strings. It's still permissive about capitalization. Also add the ability to load rules by severity. New falco config option "priority=<val>"/-o priority=<val> specifies the minimum priority level of rules that will be loaded. Add unit tests for same. The test suppresses INFO notifications for a rule/trace file combination that would otherwise generate them.
104 lines
2.0 KiB
C++
104 lines
2.0 KiB
C++
/*
|
|
Copyright (C) 2016 Draios inc.
|
|
|
|
This file is part of falco.
|
|
|
|
falco is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License version 2 as
|
|
published by the Free Software Foundation.
|
|
|
|
falco is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with falco. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#pragma once
|
|
|
|
#include <string>
|
|
#include <exception>
|
|
|
|
extern "C" {
|
|
#include "lua.h"
|
|
#include "lualib.h"
|
|
#include "lauxlib.h"
|
|
}
|
|
|
|
#include <sinsp.h>
|
|
|
|
//
|
|
// Most falco_* classes can throw exceptions. Unless directly related
|
|
// to low-level failures like inability to open file, etc, they will
|
|
// be of this type.
|
|
//
|
|
|
|
struct falco_exception : std::exception
|
|
{
|
|
falco_exception()
|
|
{
|
|
}
|
|
|
|
virtual ~falco_exception() throw()
|
|
{
|
|
}
|
|
|
|
falco_exception(std::string error_str)
|
|
{
|
|
m_error_str = error_str;
|
|
}
|
|
|
|
char const* what() const throw()
|
|
{
|
|
return m_error_str.c_str();
|
|
}
|
|
|
|
std::string m_error_str;
|
|
};
|
|
|
|
//
|
|
// This is the base class of falco_engine/falco_output. It is
|
|
// responsible for managing a lua state and associated inspector and
|
|
// loading a single "main" lua file into that state.
|
|
//
|
|
|
|
class falco_common
|
|
{
|
|
public:
|
|
falco_common();
|
|
virtual ~falco_common();
|
|
|
|
void init(const char *lua_main_filename, const char *source_dir);
|
|
|
|
void set_inspector(sinsp *inspector);
|
|
|
|
// Priority levels, as a vector of strings
|
|
static std::vector<std::string> priority_names;
|
|
|
|
// Same as numbers/indices into the above vector
|
|
enum priority_type
|
|
{
|
|
PRIORITY_EMERGENCY = 0,
|
|
PRIORITY_ALERT = 1,
|
|
PRIORITY_CRITICAL = 2,
|
|
PRIORITY_ERROR = 3,
|
|
PRIORITY_WARNING = 4,
|
|
PRIORITY_NOTICE = 5,
|
|
PRIORITY_INFORMATIONAL = 6,
|
|
PRIORITY_DEBUG = 7
|
|
};
|
|
|
|
protected:
|
|
lua_State *m_ls;
|
|
|
|
sinsp *m_inspector;
|
|
|
|
private:
|
|
void add_lua_path(std::string &path);
|
|
};
|
|
|
|
|
|
|