Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(userspace/engine): avoid storing escaped strings in engine #3028

Merged
merged 2 commits into from Jan 23, 2024
Merged

fix(userspace/engine): avoid storing escaped strings in engine #3028

merged 2 commits into from Jan 23, 2024

Conversation

jasondellaluce
Copy link
Contributor

What type of PR is this?

/kind bug

Any specific area of the project related to this PR?

/area engine

What this PR does / why we need it:

When the engine compiles list infos, we have a small bug for which we store forcefully-quoted strings in the engine's data structures instead of quoting them only at the time of their usage (at list refs resolution time). After investigating, this doesn't seem to affect the runtime-evaluated rules data structures, but it's clearly visible with the -L functionality and reproduced on list items that are YAML-escaped or contain spaces.

Example:

# rules_sample.yaml
- list: my_list
  items: [non_escaped_val, "escaped val"]
$ falco -L -o json_output=true -r rules_sample | jq .
{
  "lists": [
    {
      "details": {
        "items_compiled": [
          "non_escaped_val",
          "\"escaped val\""
        ],
        "lists": [
          "escaped val"
        ],
        "plugins": [],
        "used": false
      },
      "info": {
        "items": [
          "non_escaped_val"
        ],
        "name": "my_list"
      }
    }
  ],
  "macros": [],
  "required_engine_version": "0.0.0",
  "required_plugin_versions": [],
  "rules": []
}

Here, "escaped val" is interpreted as a list reference and is not properly escaped when printed as a value.

Which issue(s) this PR fixes:

Special notes for your reviewer:

With these changes, the same example now correctly prints as:

{
  "lists": [
    {
      "details": {
        "items_compiled": [
          "non_escaped_val",
          "escaped val"
        ],
        "lists": [],
        "plugins": [],
        "used": false
      },
      "info": {
        "items": [
          "non_escaped_val",
          "escaped val"
        ],
        "name": "my_list"
      }
    }
  ],
  "macros": [],
  "required_engine_version": "0.0.0",
  "required_plugin_versions": [],
  "rules": []
}

Does this PR introduce a user-facing change?:

fix(userspace/engine): avoid storing escaped strings in engine defs

@jasondellaluce
fix(userspace/engine): avoid storing escaped strings in engine defs
31b6bfb 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
@poiana poiana requested review from Kaizhe and leogr January 22, 2024 10:45
@github-actions GitHub Actions
Copy link

This PR may bring feature or behavior changes in the Falco engine and may require the engine version to be bumped.

Please double check userspace/engine/falco_engine_version.h file. See versioning for FALCO_ENGINE_VERSION.

/hold

@jasondellaluce
Copy link
Contributor Author

/unhold

False positive on the engine version checks.

Andreagit97
Andreagit97 reviewed Jan 22, 2024
View reviewed changes
Copy link
Member

@Andreagit97 Andreagit97 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Can we add a simple unit test like the one you used in the PR description?

@Andreagit97 Andreagit97 modified the milestones: 0.37.0, 0.38.0 Jan 22, 2024
@jasondellaluce
test(engine): assess proper list escaping in engine collector
0615b2b 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
@poiana poiana added size/M and removed size/S labels Jan 22, 2024
@jasondellaluce
Copy link
Contributor Author

LGTM! Can we add a simple unit test like the one you used in the PR description?

Definitely! Just added one.

Andreagit97
Andreagit97 approved these changes Jan 23, 2024
View reviewed changes
Copy link
Member

@Andreagit97 Andreagit97 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

@poiana poiana added the lgtm label Jan 23, 2024
@poiana
Copy link

poiana commented Jan 23, 2024

LGTM label has been added.

Git tree hash: c8022055cdd4f1d0d1e5e9d5a5831088e1ad8c6f

@Andreagit97 Andreagit97 modified the milestones: 0.38.0, 0.37.0 Jan 23, 2024
@poiana
Copy link

poiana commented Jan 23, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Andreagit97, jasondellaluce, LucaGuerra

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [Andreagit97,LucaGuerra,jasondellaluce]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@poiana poiana merged commit acba90d into master Jan 23, 2024
30 checks passed
@poiana poiana deleted the fix/string-escaping-description branch January 23, 2024 10:58
@FedeDP FedeDP mentioned this pull request Jan 23, 2024
Merged
@Andreagit97 Andreagit97 mentioned this pull request Jan 24, 2024
Closed
29 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LucaGuerra LucaGuerra LucaGuerra approved these changes

@Andreagit97 Andreagit97 Andreagit97 approved these changes

@Kaizhe Kaizhe Awaiting requested review from Kaizhe

@leogr leogr Awaiting requested review from leogr

Assignees

@LucaGuerra LucaGuerra

@Andreagit97 Andreagit97

Labels
approved area/engine dco-signoff: yes kind/bug lgtm release-note size/M
Projects
Falco Roadmap
Status: Done
Milestone
0.37.0
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@jasondellaluce @poiana @LucaGuerra @Andreagit97