diff --git a/.gitignore b/.gitignore index aead8da8470..deecb03e536 100644 --- a/.gitignore +++ b/.gitignore @@ -9,6 +9,7 @@ test/traces-info test/job-results test/.phoronix-test-suite test/results*.json.* +test/build userspace/falco/lua/re.lua userspace/falco/lua/lpeg.so diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index c0a6ab77109..292e30d1090 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -15,7 +15,7 @@ # License for the specific language governing permissions and limitations under # the License. # -set(FALCO_TESTS_SOURCES test_base.cpp engine/test_token_bucket.cpp) +set(FALCO_TESTS_SOURCES test_base.cpp engine/test_token_bucket.cpp falco/test_webserver.cpp) set(FALCO_TESTED_LIBRARIES falco_engine) @@ -38,7 +38,10 @@ if(FALCO_BUILD_TESTS) falco_test PUBLIC "${CATCH2_INCLUDE}" "${FAKEIT_INCLUDE}" - "${PROJECT_SOURCE_DIR}/userspace/engine") + "${PROJECT_SOURCE_DIR}/userspace/engine" + "${YAMLCPP_INCLUDE_DIR}" + "${CIVETWEB_INCLUDE_DIR}" + "${PROJECT_SOURCE_DIR}/userspace/falco") include(CMakeParseArguments) include(CTest) diff --git a/tests/falco/test_webserver.cpp b/tests/falco/test_webserver.cpp new file mode 100644 index 00000000000..5f7cab57a0f --- /dev/null +++ b/tests/falco/test_webserver.cpp @@ -0,0 +1,31 @@ +/* +Copyright (C) 2016-2019 Draios Inc dba Sysdig. + +This file is part of falco. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#include "webserver.h" +#include + +TEST_CASE("webserver must accept invalid data", "[!hide][webserver][k8s_audit_handler][accept_data]") +{ + // falco_engine* engine = new falco_engine(); + // falco_outputs* outputs = new falco_outputs(engine); + // std::string errstr; + // std::string input("{\"kind\": 0}"); + //k8s_audit_handler::accept_data(engine, outputs, input, errstr); + + REQUIRE(1 == 1); +} \ No newline at end of file diff --git a/userspace/engine/falco_engine.cpp b/userspace/engine/falco_engine.cpp index 9b47f363d30..e3e8327b5f6 100644 --- a/userspace/engine/falco_engine.cpp +++ b/userspace/engine/falco_engine.cpp @@ -365,46 +365,54 @@ unique_ptr falco_engine::process_k8s_audit_event(json bool falco_engine::parse_k8s_audit_json(nlohmann::json &j, std::list &evts) { - // If the Kind is EventList, split it into individual events. - if(j.value("kind", "") == "EventList") + // Note that nlohmann::basic_json::value can throw nlohmann::basic_json::type_error (302, 306) + try { - for(auto &je : j["items"]) + // If the kind is EventList, split it into individual events + if(j.value("kind", "") == "EventList") { - evts.emplace_back(); - je["kind"] = "Event"; + for(auto &je : j["items"]) + { + evts.emplace_back(); + je["kind"] = "Event"; + + uint64_t ns = 0; + if(!sinsp_utils::parse_iso_8601_utc_string(je.value(k8s_audit_time, ""), ns)) + { + return false; + } + std::string tmp; + sinsp_utils::ts_to_string(ns, &tmp, false, true); + + evts.back().set_jevt(je, ns); + } + + return true; + } + else if(j.value("kind", "") == "Event") + { + evts.emplace_back(); uint64_t ns = 0; - if(!sinsp_utils::parse_iso_8601_utc_string(je.value(k8s_audit_time, ""), ns)) + if(!sinsp_utils::parse_iso_8601_utc_string(j.value(k8s_audit_time, ""), ns)) { return false; } - std::string tmp; - sinsp_utils::ts_to_string(ns, &tmp, false, true); - - evts.back().set_jevt(je, ns); + evts.back().set_jevt(j, ns); + return true; } - - return true; - } - else if(j.value("kind", "") == "Event") - { - evts.emplace_back(); - uint64_t ns = 0; - if(!sinsp_utils::parse_iso_8601_utc_string(j.value(k8s_audit_time, ""), ns)) + else { return false; } - - - evts.back().set_jevt(j, ns); - return true; } - else + catch(exception &e) { + // Propagate the exception + rethrow_exception(current_exception()); return false; } - } unique_ptr falco_engine::process_k8s_audit_event(json_event *ev) diff --git a/userspace/falco/webserver.cpp b/userspace/falco/webserver.cpp index 2ffd6d61526..1a6d14fadef 100644 --- a/userspace/falco/webserver.cpp +++ b/userspace/falco/webserver.cpp @@ -44,16 +44,31 @@ bool k8s_audit_handler::accept_data(falco_engine *engine, std::list jevts; json j; - try { + try + { j = json::parse(data); } - catch (json::parse_error& e) + catch(json::parse_error &e) + { + errstr = string("Could not parse data: ") + e.what(); + return false; + } + catch(json::out_of_range &e) { errstr = string("Could not parse data: ") + e.what(); return false; } - if(!engine->parse_k8s_audit_json(j, jevts)) + bool ok; + try + { + ok = engine->parse_k8s_audit_json(j, jevts); + } + catch(json::type_error &e) + { + ok = false; + } + if(!ok) { errstr = string("Data not recognized as a k8s audit event"); return false;