Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(userspace/falco): use given priority in falco_outputs::handle_msg() #1450

Merged
merged 1 commit into from
Oct 26, 2020
Merged

fix(userspace/falco): use given priority in falco_outputs::handle_msg() #1450

merged 1 commit into from
Oct 26, 2020

Conversation

leogr
Copy link
Member

@leogr leogr commented Oct 19, 2020
edited by fntlnz
Loading

What type of PR is this?

/kind bug

/kind cleanup

Any specific area of the project related to this PR?

/area engine

What this PR does / why we need it:

Hardcoded values (Critical) for message's priority were present in falco_outputs::handle_msg():

falco/userspace/falco/falco_outputs.cpp

Line 206 in 47fa7d5

jmsg["priority"] = "Critical";

falco/userspace/falco/falco_outputs.cpp

Line 219 in 47fa7d5

full_msg = timestr + ": " + falco_common::priority_names[LOG_CRIT] + " " + msg + " (";

Although that was no problem because handle_msg() is being used only for drop alerts that are always emitted with Critical priority level, it can lead to errors in the future.

Moreover, handle_msg() has a priority field already in its signature and syscall_evt_drop_mgr is already passing the expected value:

falco/userspace/falco/event_drops.cpp

Lines 138 to 144 in 47fa7d5

case ACT_ALERT:
m_outputs->handle_msg(now,
falco_outputs::PRIORITY_CRITICAL,
msg,
rule,
output_fields);
break;

So, this PR corrects the handle_msg() implementation to use the given priority.

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Since handle_msg() is only called within syscall_evt_drop_mgr and the outputted priority value is not changed, this PR does not introduce any user-facing change.

Somehow related to #1417

Does this PR introduce a user-facing change?:

fix(userspace/falco): use given priority in falco_outputs::handle_msg()

@leogr
fix(userspace/falco): use given priority for msg
ad14186 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
@poiana poiana requested review from mfdii and mstemm October 19, 2020 09:04
@poiana poiana added the size/XS label Oct 19, 2020
@leogr leogr requested review from leodido and fntlnz October 19, 2020 09:05
@leogr
Copy link
Member Author

leogr commented Oct 19, 2020

/milestone 0.27.0

@poiana poiana added this to the 0.27.0 milestone Oct 19, 2020
@poiana poiana added the lgtm label Oct 19, 2020
@poiana
Copy link

poiana commented Oct 19, 2020

LGTM label has been added.

Git tree hash: e293710c96ef89fd7e7214efb47db390ad51dc56

@poiana
Copy link

poiana commented Oct 26, 2020

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: fntlnz, leodido

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@poiana poiana merged commit 81de65e into master Oct 26, 2020
@poiana poiana deleted the fix/handle-msg-priority branch October 26, 2020 13:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leodido leodido leodido approved these changes

@fntlnz fntlnz fntlnz approved these changes

@mfdii mfdii Awaiting requested review from mfdii

@mstemm mstemm Awaiting requested review from mstemm

Assignees

@leodido leodido

@fntlnz fntlnz

Labels
approved area/engine dco-signoff: yes kind/bug kind/cleanup lgtm release-note size/XS
Projects
None yet
Milestone
0.27.0
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@leogr @poiana @leodido @fntlnz