From 89f581e36a2b78d3961c09e89f5eb12d758951af Mon Sep 17 00:00:00 2001 From: Jason Dellaluce Date: Fri, 19 Jul 2024 13:36:16 +0000 Subject: [PATCH 1/6] update(cmake): bump libs and driver to latest master Signed-off-by: Jason Dellaluce --- cmake/modules/driver.cmake | 4 ++-- cmake/modules/falcosecurity-libs.cmake | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cmake/modules/driver.cmake b/cmake/modules/driver.cmake index 8bfb77d442d..1f6238c8200 100644 --- a/cmake/modules/driver.cmake +++ b/cmake/modules/driver.cmake @@ -34,8 +34,8 @@ else() # In case you want to test against another driver version (or branch, or commit) just pass the variable - # ie., `cmake -DDRIVER_VERSION=dev ..` if(NOT DRIVER_VERSION) - set(DRIVER_VERSION "473bf06780abf9b00923c90d779e4ff16f19903a") - set(DRIVER_CHECKSUM "SHA256=aa45432acd385881365a8aee7bfe1982fd6278aa7b23466d6864c2ffda5216dd") + set(DRIVER_VERSION "ae6b268d84298c0908a169cdbea7781a596beda1") + set(DRIVER_CHECKSUM "SHA256=d86c930b60dd31cdf8257f95739a8e0a38adfdd99659c4d136b7a487e87c0dbd") endif() # cd /path/to/build && cmake /path/to/source diff --git a/cmake/modules/falcosecurity-libs.cmake b/cmake/modules/falcosecurity-libs.cmake index 1f5b3978c27..b1e7bbefa79 100644 --- a/cmake/modules/falcosecurity-libs.cmake +++ b/cmake/modules/falcosecurity-libs.cmake @@ -35,8 +35,8 @@ else() # In case you want to test against another falcosecurity/libs version (or branch, or commit) just pass the variable - # ie., `cmake -DFALCOSECURITY_LIBS_VERSION=dev ..` if(NOT FALCOSECURITY_LIBS_VERSION) - set(FALCOSECURITY_LIBS_VERSION "473bf06780abf9b00923c90d779e4ff16f19903a") - set(FALCOSECURITY_LIBS_CHECKSUM "SHA256=aa45432acd385881365a8aee7bfe1982fd6278aa7b23466d6864c2ffda5216dd") + set(FALCOSECURITY_LIBS_VERSION "ae6b268d84298c0908a169cdbea7781a596beda1") + set(FALCOSECURITY_LIBS_CHECKSUM "SHA256=d86c930b60dd31cdf8257f95739a8e0a38adfdd99659c4d136b7a487e87c0dbd") endif() # cd /path/to/build && cmake /path/to/source From e446075769694fc947e585d27e09fb1b8ebb1b5f Mon Sep 17 00:00:00 2001 From: Jason Dellaluce Date: Fri, 19 Jul 2024 13:36:43 +0000 Subject: [PATCH 2/6] fix(unit_tests): adapt tests to new engine warning formats Signed-off-by: Jason Dellaluce --- unit_tests/engine/test_rule_loader.cpp | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/unit_tests/engine/test_rule_loader.cpp b/unit_tests/engine/test_rule_loader.cpp index 7636192b150..6d76e830afe 100644 --- a/unit_tests/engine/test_rule_loader.cpp +++ b/unit_tests/engine/test_rule_loader.cpp @@ -1034,7 +1034,7 @@ TEST_F(test_falco_engine, exceptions_values_rhs_field_ambiguous) ASSERT_TRUE(load_rules(rules_content, "rules.yaml")); EXPECT_EQ(get_compiled_rule_condition("test_rule"), "(evt.type = open and not proc.name = proc.pname)"); - EXPECT_TRUE(check_warning_message("string 'proc.pname' may be a valid field wrongly interpreted as a string value")); + EXPECT_TRUE(check_warning_message("'proc.pname' may be a valid field misused as a const string value")); } TEST_F(test_falco_engine, exceptions_values_rhs_field_ambiguous_quoted) @@ -1050,7 +1050,7 @@ TEST_F(test_falco_engine, exceptions_values_rhs_field_ambiguous_quoted) ASSERT_TRUE(load_rules(rules_content, "rules.yaml")); EXPECT_EQ(get_compiled_rule_condition("test_rule"), "(evt.type = open and not proc.name = proc.pname)"); - EXPECT_TRUE(check_warning_message("string 'proc.pname' may be a valid field wrongly interpreted as a string value")); + EXPECT_TRUE(check_warning_message("'proc.pname' may be a valid field misused as a const string value")); } TEST_F(test_falco_engine, exceptions_values_rhs_field_ambiguous_space_quoted) @@ -1066,7 +1066,7 @@ TEST_F(test_falco_engine, exceptions_values_rhs_field_ambiguous_space_quoted) ASSERT_TRUE(load_rules(rules_content, "rules.yaml")); EXPECT_EQ(get_compiled_rule_condition("test_rule"), "(evt.type = open and not proc.name = \"proc.pname \")"); - EXPECT_TRUE(check_warning_message("string 'proc.pname ' may be a valid field wrongly interpreted as a string value")); + EXPECT_TRUE(check_warning_message("'proc.pname ' may be a valid field misused as a const string value")); } TEST_F(test_falco_engine, exceptions_values_rhs_transformer) @@ -1112,7 +1112,7 @@ TEST_F(test_falco_engine, exceptions_values_transformer_space) ASSERT_TRUE(load_rules(rules_content, "rules.yaml")); EXPECT_EQ(get_compiled_rule_condition("test_rule"), "(evt.type = open and not proc.name = \"toupper( proc.pname)\")"); - EXPECT_TRUE(check_warning_message("string 'toupper( proc.pname)' may be a valid field transformer wrongly interpreted as a string value")); + EXPECT_TRUE(check_warning_message("'toupper( proc.pname)' may be a valid field transformer misused as a const string value")); } TEST_F(test_falco_engine, exceptions_values_transformer_space_quoted) @@ -1128,7 +1128,7 @@ TEST_F(test_falco_engine, exceptions_values_transformer_space_quoted) ASSERT_TRUE(load_rules(rules_content, "rules.yaml")); EXPECT_EQ(get_compiled_rule_condition("test_rule"), "(evt.type = open and not proc.name = \"toupper( proc.pname)\")"); - EXPECT_TRUE(check_warning_message("string 'toupper( proc.pname)' may be a valid field transformer wrongly interpreted as a string value")); + EXPECT_TRUE(check_warning_message("'toupper( proc.pname)' may be a valid field transformer misused as a const string value")); } TEST_F(test_falco_engine, exceptions_fields_transformer) From 9d2923d85e5bcb0d4bf14cea73e742a386201b4b Mon Sep 17 00:00:00 2001 From: Luca Guerra Date: Mon, 22 Jul 2024 15:23:19 +0000 Subject: [PATCH 3/6] update(cmake): bump libs and drivers to fix compilation issue Signed-off-by: Luca Guerra --- cmake/modules/driver.cmake | 4 ++-- cmake/modules/falcosecurity-libs.cmake | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cmake/modules/driver.cmake b/cmake/modules/driver.cmake index 1f6238c8200..9a580f9125f 100644 --- a/cmake/modules/driver.cmake +++ b/cmake/modules/driver.cmake @@ -34,8 +34,8 @@ else() # In case you want to test against another driver version (or branch, or commit) just pass the variable - # ie., `cmake -DDRIVER_VERSION=dev ..` if(NOT DRIVER_VERSION) - set(DRIVER_VERSION "ae6b268d84298c0908a169cdbea7781a596beda1") - set(DRIVER_CHECKSUM "SHA256=d86c930b60dd31cdf8257f95739a8e0a38adfdd99659c4d136b7a487e87c0dbd") + set(DRIVER_VERSION "81f451e1d46666a5336ba4024b765101e137fccc") + set(DRIVER_CHECKSUM "SHA256=a1e22e667984d01c4bda483d0781aeeda2667739e379b8c8c05f8649e7d56747") endif() # cd /path/to/build && cmake /path/to/source diff --git a/cmake/modules/falcosecurity-libs.cmake b/cmake/modules/falcosecurity-libs.cmake index b1e7bbefa79..04b3744c155 100644 --- a/cmake/modules/falcosecurity-libs.cmake +++ b/cmake/modules/falcosecurity-libs.cmake @@ -35,8 +35,8 @@ else() # In case you want to test against another falcosecurity/libs version (or branch, or commit) just pass the variable - # ie., `cmake -DFALCOSECURITY_LIBS_VERSION=dev ..` if(NOT FALCOSECURITY_LIBS_VERSION) - set(FALCOSECURITY_LIBS_VERSION "ae6b268d84298c0908a169cdbea7781a596beda1") - set(FALCOSECURITY_LIBS_CHECKSUM "SHA256=d86c930b60dd31cdf8257f95739a8e0a38adfdd99659c4d136b7a487e87c0dbd") + set(FALCOSECURITY_LIBS_VERSION "81f451e1d46666a5336ba4024b765101e137fccc") + set(FALCOSECURITY_LIBS_CHECKSUM "SHA256=a1e22e667984d01c4bda483d0781aeeda2667739e379b8c8c05f8649e7d56747") endif() # cd /path/to/build && cmake /path/to/source From 2b83e32a92f6592077ada1b32278fdf9377d261f Mon Sep 17 00:00:00 2001 From: Luca Guerra Date: Tue, 20 Aug 2024 16:05:40 +0000 Subject: [PATCH 4/6] update(build): update libs to latest master Signed-off-by: Luca Guerra --- cmake/modules/driver.cmake | 4 ++-- cmake/modules/falcosecurity-libs.cmake | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cmake/modules/driver.cmake b/cmake/modules/driver.cmake index 9a580f9125f..a931dd8813b 100644 --- a/cmake/modules/driver.cmake +++ b/cmake/modules/driver.cmake @@ -34,8 +34,8 @@ else() # In case you want to test against another driver version (or branch, or commit) just pass the variable - # ie., `cmake -DDRIVER_VERSION=dev ..` if(NOT DRIVER_VERSION) - set(DRIVER_VERSION "81f451e1d46666a5336ba4024b765101e137fccc") - set(DRIVER_CHECKSUM "SHA256=a1e22e667984d01c4bda483d0781aeeda2667739e379b8c8c05f8649e7d56747") + set(DRIVER_VERSION "9d76298020e9dbde6b5d8e4f36b17c1ad6a4a4c7") + set(DRIVER_CHECKSUM "SHA256=4e5ad4bbcf7b106891f6aefb71d07fe4a060d8e5c6b4ec111fefbdce6e4231e7") endif() # cd /path/to/build && cmake /path/to/source diff --git a/cmake/modules/falcosecurity-libs.cmake b/cmake/modules/falcosecurity-libs.cmake index 04b3744c155..a52b112136d 100644 --- a/cmake/modules/falcosecurity-libs.cmake +++ b/cmake/modules/falcosecurity-libs.cmake @@ -35,8 +35,8 @@ else() # In case you want to test against another falcosecurity/libs version (or branch, or commit) just pass the variable - # ie., `cmake -DFALCOSECURITY_LIBS_VERSION=dev ..` if(NOT FALCOSECURITY_LIBS_VERSION) - set(FALCOSECURITY_LIBS_VERSION "81f451e1d46666a5336ba4024b765101e137fccc") - set(FALCOSECURITY_LIBS_CHECKSUM "SHA256=a1e22e667984d01c4bda483d0781aeeda2667739e379b8c8c05f8649e7d56747") + set(FALCOSECURITY_LIBS_VERSION "9d76298020e9dbde6b5d8e4f36b17c1ad6a4a4c7") + set(FALCOSECURITY_LIBS_CHECKSUM "SHA256=4e5ad4bbcf7b106891f6aefb71d07fe4a060d8e5c6b4ec111fefbdce6e4231e7") endif() # cd /path/to/build && cmake /path/to/source From 94f94c7cdc34b47d40f61104ba5f1d5f8b12004c Mon Sep 17 00:00:00 2001 From: Luca Guerra Date: Tue, 20 Aug 2024 16:06:03 +0000 Subject: [PATCH 5/6] update(falco): update metrics interface Signed-off-by: Luca Guerra --- userspace/falco/falco_metrics.cpp | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/userspace/falco/falco_metrics.cpp b/userspace/falco/falco_metrics.cpp index 874f2ac08ef..103f18c9842 100644 --- a/userspace/falco/falco_metrics.cpp +++ b/userspace/falco/falco_metrics.cpp @@ -118,7 +118,7 @@ std::string falco_metrics::to_text(const falco::app::state& state) if (agent_info) { - additional_wrapper_metrics.emplace_back(libs_metrics_collector.new_metric("start_ts", + additional_wrapper_metrics.emplace_back(libs::metrics::libsinsp_metrics::new_metric("start_ts", METRICS_V2_MISC, METRIC_VALUE_TYPE_U64, METRIC_VALUE_UNIT_TIME_TIMESTAMP_NS, @@ -127,20 +127,20 @@ std::string falco_metrics::to_text(const falco::app::state& state) } if (machine_info) { - additional_wrapper_metrics.emplace_back(libs_metrics_collector.new_metric("host_boot_ts", + additional_wrapper_metrics.emplace_back(libs::metrics::libsinsp_metrics::new_metric("host_boot_ts", METRICS_V2_MISC, METRIC_VALUE_TYPE_U64, METRIC_VALUE_UNIT_TIME_TIMESTAMP_NS, METRIC_VALUE_METRIC_TYPE_NON_MONOTONIC_CURRENT, machine_info->boot_ts_epoch)); - additional_wrapper_metrics.emplace_back(libs_metrics_collector.new_metric("host_num_cpus", + additional_wrapper_metrics.emplace_back(libs::metrics::libsinsp_metrics::new_metric("host_num_cpus", METRICS_V2_MISC, METRIC_VALUE_TYPE_U32, METRIC_VALUE_UNIT_COUNT, METRIC_VALUE_METRIC_TYPE_NON_MONOTONIC_CURRENT, machine_info->num_cpus)); } - additional_wrapper_metrics.emplace_back(libs_metrics_collector.new_metric("outputs_queue_num_drops", + additional_wrapper_metrics.emplace_back(libs::metrics::libsinsp_metrics::new_metric("outputs_queue_num_drops", METRICS_V2_MISC, METRIC_VALUE_TYPE_U64, METRIC_VALUE_UNIT_COUNT, @@ -150,7 +150,7 @@ std::string falco_metrics::to_text(const falco::app::state& state) if (agent_info) { auto now = std::chrono::duration_cast(std::chrono::system_clock::now().time_since_epoch()).count(); - additional_wrapper_metrics.emplace_back(libs_metrics_collector.new_metric("duration_sec", + additional_wrapper_metrics.emplace_back(libs::metrics::libsinsp_metrics::new_metric("duration_sec", METRICS_V2_MISC, METRIC_VALUE_TYPE_U64, METRIC_VALUE_UNIT_TIME_S_COUNT, @@ -179,7 +179,7 @@ std::string falco_metrics::to_text(const falco::app::state& state) auto count = rules_by_id[i]->load(); if (count > 0) { - auto metric = libs_metrics_collector.new_metric("rules_counters", + auto metric = libs::metrics::libsinsp_metrics::new_metric("rules_counters", METRICS_V2_RULE_COUNTERS, METRIC_VALUE_TYPE_U64, METRIC_VALUE_UNIT_COUNT, From ed5c4640250bfe4e6145b7c87f7fa73e48d2702c Mon Sep 17 00:00:00 2001 From: Federico Di Pierro Date: Mon, 26 Aug 2024 15:19:49 +0200 Subject: [PATCH 6/6] fix(cmake,userspace/falco): bumped libs to latest master. Also, fixes some newly introduced API breaks. Signed-off-by: Federico Di Pierro --- cmake/modules/driver.cmake | 4 ++-- cmake/modules/falcosecurity-libs.cmake | 4 ++-- userspace/falco/app/actions/helpers_inspector.cpp | 4 ++-- userspace/falco/app/actions/init_inspectors.cpp | 6 +----- 4 files changed, 7 insertions(+), 11 deletions(-) diff --git a/cmake/modules/driver.cmake b/cmake/modules/driver.cmake index a931dd8813b..27adf7bdf80 100644 --- a/cmake/modules/driver.cmake +++ b/cmake/modules/driver.cmake @@ -34,8 +34,8 @@ else() # In case you want to test against another driver version (or branch, or commit) just pass the variable - # ie., `cmake -DDRIVER_VERSION=dev ..` if(NOT DRIVER_VERSION) - set(DRIVER_VERSION "9d76298020e9dbde6b5d8e4f36b17c1ad6a4a4c7") - set(DRIVER_CHECKSUM "SHA256=4e5ad4bbcf7b106891f6aefb71d07fe4a060d8e5c6b4ec111fefbdce6e4231e7") + set(DRIVER_VERSION "d3d43cf9e8b274c1c2ea234dc41ac242c3f392c1") + set(DRIVER_CHECKSUM "SHA256=aedc4120d335ee2ebf7f3c2e6346fc985ca09a49d14ff7c6249a033e47d160bf") endif() # cd /path/to/build && cmake /path/to/source diff --git a/cmake/modules/falcosecurity-libs.cmake b/cmake/modules/falcosecurity-libs.cmake index a52b112136d..a4915cce065 100644 --- a/cmake/modules/falcosecurity-libs.cmake +++ b/cmake/modules/falcosecurity-libs.cmake @@ -35,8 +35,8 @@ else() # In case you want to test against another falcosecurity/libs version (or branch, or commit) just pass the variable - # ie., `cmake -DFALCOSECURITY_LIBS_VERSION=dev ..` if(NOT FALCOSECURITY_LIBS_VERSION) - set(FALCOSECURITY_LIBS_VERSION "9d76298020e9dbde6b5d8e4f36b17c1ad6a4a4c7") - set(FALCOSECURITY_LIBS_CHECKSUM "SHA256=4e5ad4bbcf7b106891f6aefb71d07fe4a060d8e5c6b4ec111fefbdce6e4231e7") + set(FALCOSECURITY_LIBS_VERSION "d3d43cf9e8b274c1c2ea234dc41ac242c3f392c1") + set(FALCOSECURITY_LIBS_CHECKSUM "SHA256=aedc4120d335ee2ebf7f3c2e6346fc985ca09a49d14ff7c6249a033e47d160bf") endif() # cd /path/to/build && cmake /path/to/source diff --git a/userspace/falco/app/actions/helpers_inspector.cpp b/userspace/falco/app/actions/helpers_inspector.cpp index 0767500170f..765844524e7 100644 --- a/userspace/falco/app/actions/helpers_inspector.cpp +++ b/userspace/falco/app/actions/helpers_inspector.cpp @@ -65,7 +65,7 @@ falco::app::run_result falco::app::actions::open_live_inspector( { auto cfg = s.plugin_configs.at(p->name()); falco_logger::log(falco_logger::level::INFO, "Opening '" + source + "' source with plugin '" + cfg->m_name + "'"); - inspector->open_plugin(cfg->m_name, cfg->m_open_params); + inspector->open_plugin(cfg->m_name, cfg->m_open_params, sinsp_plugin_platform::SINSP_PLATFORM_HOSTINFO); return run_result::ok(); } } @@ -83,7 +83,7 @@ falco::app::run_result falco::app::actions::open_live_inspector( { auto cfg = s.plugin_configs.at(p->name()); falco_logger::log(falco_logger::level::INFO, "Opening '" + source + "' source with plugin '" + cfg->m_name + "'"); - inspector->open_plugin(cfg->m_name, cfg->m_open_params); + inspector->open_plugin(cfg->m_name, cfg->m_open_params, sinsp_plugin_platform::SINSP_PLATFORM_FULL); return run_result::ok(); } } diff --git a/userspace/falco/app/actions/init_inspectors.cpp b/userspace/falco/app/actions/init_inspectors.cpp index 672aaa23939..fe18f98b32c 100644 --- a/userspace/falco/app/actions/init_inspectors.cpp +++ b/userspace/falco/app/actions/init_inspectors.cpp @@ -126,11 +126,7 @@ falco::app::run_result falco::app::actions::init_inspectors(falco::app::state& s } else { - src_info->inspector = std::make_shared(false, - "", - "", - "", - s.config->m_metrics_flags & METRICS_V2_STATE_COUNTERS); + src_info->inspector = std::make_shared(s.config->m_metrics_flags & METRICS_V2_STATE_COUNTERS); } // do extra preparation for the syscall source