Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support alternate rules loader #3008

Merged
merged 6 commits into from
Jan 30, 2024
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Add addl support for rules reader/compiler subclasses
To support subclasses that may extend the falco rules format, add
additional error/warning/item types for an extension item.

When subclasses report errors and warnings, they can use these
codes/item types in context objects and still provide an exact
line/column context.

Also make some previously static functions in rules reader protected
methods so they can be used in sub-classes.

Signed-off-by: Mark Stemm <[email protected]>
mstemm committed Jan 30, 2024
commit e559bad45810e88705fb46b376c641e9aaf6f400
6 changes: 4 additions & 2 deletions userspace/engine/falco_load_result.h
Original file line number Diff line number Diff line change
@@ -34,7 +34,8 @@ class load_result {
LOAD_ERR_YAML_VALIDATE,
LOAD_ERR_COMPILE_CONDITION,
LOAD_ERR_COMPILE_OUTPUT,
LOAD_ERR_VALIDATE
LOAD_ERR_VALIDATE,
LOAD_ERR_EXTENSION
};

// The error code as a string
@@ -55,7 +56,8 @@ class load_result {
LOAD_UNUSED_MACRO,
LOAD_UNUSED_LIST,
LOAD_UNKNOWN_ITEM,
LOAD_DEPRECATED_ITEM
LOAD_DEPRECATED_ITEM,
LOAD_WARNING_EXTENSION
};

virtual ~load_result() = default;
3 changes: 2 additions & 1 deletion userspace/engine/rule_loader.cpp
Original file line number Diff line number Diff line change
@@ -42,7 +42,8 @@ static const std::string item_type_strings[] = {
"rule output",
"rule output expression",
"rule priority",
"overrides"
"overrides",
"extension item"
};

const std::string& rule_loader::context::item_type_as_string(enum item_type it)
3 changes: 2 additions & 1 deletion userspace/engine/rule_loader.h
Original file line number Diff line number Diff line change
@@ -58,7 +58,8 @@ namespace rule_loader
RULE_OUTPUT,
RULE_OUTPUT_EXPRESSION,
RULE_PRIORITY,
OVERRIDE
OVERRIDE,
EXTENSION_ITEM
};

static const std::string& item_type_as_string(enum item_type it);
14 changes: 10 additions & 4 deletions userspace/engine/rule_loader_reader.cpp
Original file line number Diff line number Diff line change
@@ -56,21 +56,27 @@ static void decode_val_generic(const YAML::Node& item, const char *key, std::opt
}

template <typename T>
static void decode_val(const YAML::Node& item, const char *key, T& out, const rule_loader::context& ctx)
void rule_loader::reader::decode_val(const YAML::Node& item, const char *key, T& out, const rule_loader::context& ctx)
{
bool optional = false;

decode_val_generic(item, key, out, ctx, optional);
}

template void rule_loader::reader::decode_val<std::string>(const YAML::Node& item, const char *key, std::string& out, const rule_loader::context& ctx);

template <typename T>
static void decode_optional_val(const YAML::Node& item, const char *key, T& out, const rule_loader::context& ctx)
void rule_loader::reader::decode_optional_val(const YAML::Node& item, const char *key, T& out, const rule_loader::context& ctx)
{
bool optional = true;

decode_val_generic(item, key, out, ctx, optional);
}

template void rule_loader::reader::decode_optional_val<std::string>(const YAML::Node& item, const char *key, std::string& out, const rule_loader::context& ctx);

template void rule_loader::reader::decode_optional_val<bool>(const YAML::Node& item, const char *key, bool& out, const rule_loader::context& ctx);

// Don't call this directly, call decode_items/decode_tags instead.
template <typename T>
static void decode_seq(const YAML::Node& item, const char *key,
@@ -289,7 +295,7 @@ static void read_rule_exceptions(
rule_loader::context tmp(ex, rule_loader::context::EXCEPTION, "", exes_ctx);

THROW(!ex.IsMap(), "Rule exception must be a mapping", tmp);
decode_val(ex, "name", name, tmp);
rule_loader::reader::decode_val(ex, "name", name, tmp);

// Now use a real context including the exception name.
rule_loader::context ex_ctx(ex, rule_loader::context::EXCEPTION, name, parent);
@@ -346,7 +352,7 @@ inline static bool check_update_expected(std::set<std::string>& expected_keys, c
return true;
}

static void read_item(
void rule_loader::reader::read_item(
rule_loader::configuration& cfg,
rule_loader::collector& collector,
const YAML::Node& item,
13 changes: 13 additions & 0 deletions userspace/engine/rule_loader_reader.h
Original file line number Diff line number Diff line change
@@ -57,6 +57,19 @@ class reader
+ std::to_string(minor) + "."
+ std::to_string(FALCO_ENGINE_VERSION_PATCH));
}

template <typename T>
static void decode_val(const YAML::Node& item, const char *key, T& out, const rule_loader::context& ctx);

template <typename T>
static void decode_optional_val(const YAML::Node& item, const char *key, T& out, const rule_loader::context& ctx);

protected:

virtual void read_item(rule_loader::configuration& cfg,
rule_loader::collector& collector,
const YAML::Node& item,
const rule_loader::context& parent);
};

}; // namespace rule_loader