Allow append of new exceptions to rules #1768
Conversation
|
@sai-arigeli: Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
Welcome @sai-arigeli! It looks like this is your first PR to falcosecurity/falco 🎉 |
sai-arigeli
changed the title
| exceptions = {} | ||
| end | ||
|
|
||
| if eitem['fields'] == nil then |
There was a problem hiding this comment.
You should be able to use the fields/comps variables set at the top of this block, right?
|
|
||
| -- You can't append exception fields or comps to an existing rule exception | ||
| if fields ~= nil then | ||
| return false, build_error_with_context(v['context'], "Can not append exception fields to existing rule, only values"), warnings |
There was a problem hiding this comment.
The indentation looks okay in my editor, but doesn't seem okay here. I wouldn't go crazy trying to fix it, but if you can align the indent with whatever is being used by the other parts of this file it would help with readability.
| for _, values in ipairs(eitem['values']) do | ||
| reitem['values'][#reitem['values'] + 1] = values | ||
| -- Insert the complete exception object | ||
| exceptions[#exceptions+1] = eitem |
There was a problem hiding this comment.
Don't you need to add the exceptions back to the original rule?
There was a problem hiding this comment.
The line 639 is supposed to add the entire exception to the original rule. I have tested this specific insertion to the original table on a lua playground. Will update it if necessary.
There was a problem hiding this comment.
Oh right--tables are references, so the local exceptions variable still points to the same table which is a part of the rule. See my earlier comment about assigning the exceptions variable, though.
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: sai-arigeli The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
sai-arigeli
changed the title
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
sai-arigeli
force-pushed
the
sa-falco-21nov1
branch
from
12e0e73 to
2d97d09
Compare
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
…into sa-falco-21nov1
| end | ||
| if new_exception then | ||
| local exceptions = state.rules_by_name[v['rule']]['exceptions'] | ||
| if exceptions == nil then |
There was a problem hiding this comment.
I don't think there's any need for this check given that the rule object always has exceptions--it's added on line 538. If the check on line 538 were not there, this would not actually work, as the exceptions variable would end up pointing to a local table and not the table that's a part of the rule object.
| for _, values in ipairs(eitem['values']) do | ||
| reitem['values'][#reitem['values'] + 1] = values | ||
| -- Insert the complete exception object | ||
| exceptions[#exceptions+1] = eitem |
There was a problem hiding this comment.
Oh right--tables are references, so the local exceptions variable still points to the same table which is a part of the rule. See my earlier comment about assigning the exceptions variable, though.
| end | ||
|
|
||
| if fields == nil then | ||
| return false, build_error_with_context(v['context'], "Rule exception new item "..eitem['name']..": must have fields property with a list of fields"), warnings |
There was a problem hiding this comment.
Can you try to use the local variables defined on lines 595 instead of accessing eitem['name'], eitem['fields'], etc? The prior version wasn't entirely consistent but did try to use those local variables, to make the code a bit easier to read.
If you prefer accessing the name, fields, etc. via eitem['xxx'] instead, that's also ok, but let's be consistent and remove the definitions on line 595-597.
|
@sai-arigeli: Adding label Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
…into sa-falco-21nov1 Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
|
Thanks for your pull request. Before we can look at it, you'll need to add a 'DCO signoff' to your commits. 📝 Please follow instructions in the contributing guide to update your commits with the DCO Full details of the Developer Certificate of Origin can be found at developercertificate.org. The list of commits missing DCO signoff:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
Closing this PR due to merge issues. All commits squashed and comments addressed on #1780. Please continue the review there. |
What type of PR is this?
/kind feature
Any specific area of the project related to this PR?
/area rules
What this PR does / why we need it:
PR introduces appending of new fully valid exception objects to existing rules.
Which issue(s) this PR fixes:
Fixes #
Special notes for your reviewer:
Does this PR introduce a user-facing change?: