mirror of
https://github.com/falcosecurity/falco.git
synced 2026-01-14 12:14:52 +00:00
230c22b674
Update the lua side of rule loading to reflect other changes: - install_filter renamed to create_filter_obj, and takes just a lua_parser object created via falco_rules.create_lua_parser() and uses a single lua callback "filter" instead of separate ones for syscall/k8s_audit. It can return an error, including about undefined fields - is_defined_filter, which used to be local and based on the result of sinsp_rule_utils.check_for_ignored_syscalls_events, is now a lua_callback falco_rules.is_defined_field(). - Don't need to pass down sinsp_lua_parser/json_lua_parser now, creating filters is handled via lua callbacks. - Checking for ignored syscalls/events is now done in falco itself, after loading rules. - add_xxx_filter replaced by add_filter + source. - Use is_format_valid instead of formats.formatter/formats.free_formatter. - We don't need the functions in sinsp_rule_utils any longer, so remove the file and don't import it. Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
Installation
The grammar uses the lpeg parser. For now install it using luarocks:
luarocks install lpeg.