Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(userspace/engine): avoid storing escaped strings in engine #3028

Merged
merged 2 commits into from
Jan 23, 2024
Merged

fix(userspace/engine): avoid storing escaped strings in engine #3028

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
31b6bfb
fix(userspace/engine): avoid storing escaped strings in engine defs
jasondellaluce Jan 22, 2024
0615b2b
test(engine): assess proper list escaping in engine collector
jasondellaluce Jan 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
27 changes: 27 additions & 0 deletions unit_tests/engine/test_rule_loader.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -941,3 +941,30 @@ TEST_F(engine_loader_test, required_engine_version_invalid)
ASSERT_FALSE(load_rules(rules_content, "rules.yaml"));
ASSERT_TRUE(check_error_message("Unable to parse engine version"));
}

// checks for issue described in https://github.com/falcosecurity/falco/pull/3028
TEST_F(engine_loader_test, list_value_with_escaping)
{
std::string rules_content = R"END(
- list: my_list
items: [non_escaped_val, "escaped val"]
)END";

ASSERT_TRUE(load_rules(rules_content, "rules.yaml"));
ASSERT_TRUE(m_load_result->successful());
ASSERT_TRUE(m_load_result->has_warnings()); // a warning for the unused list

auto rule_description = m_engine->describe_rule(nullptr, {});
ASSERT_TRUE(m_load_result->successful());
ASSERT_EQ(rule_description["rules"].size(), 0);
ASSERT_EQ(rule_description["macros"].size(), 0);
ASSERT_EQ(rule_description["lists"].size(), 1);

// escaped values must not be interpreted as list refs by mistake
ASSERT_EQ(rule_description["lists"][0]["details"]["lists"].size(), 0);

// values should be escaped correctly
ASSERT_EQ(rule_description["lists"][0]["details"]["items_compiled"].size(), 2);
ASSERT_EQ(rule_description["lists"][0]["details"]["items_compiled"][0].template get<std::string>(), "non_escaped_val");
ASSERT_EQ(rule_description["lists"][0]["details"]["items_compiled"][1].template get<std::string>(), "escaped val");
}
13 changes: 6 additions & 7 deletions userspace/engine/rule_loader_compiler.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -181,6 +181,7 @@ static bool resolve_list(std::string& cnd, const falco_list& list)
{
static std::string blanks = " \t\n\r";
static std::string delims = blanks + "(),=";
std::string tmp;
std::string new_cnd;
size_t start, end;
bool used = false;
Expand Down Expand Up @@ -212,7 +213,9 @@ static bool resolve_list(std::string& cnd, const falco_list& list)
{
sub += ", ";
}
sub += v;
tmp = v;
quote_item(tmp);
sub += tmp;
}
// if substituted list is empty, we need to
// remove a comma from the left or the right
Expand Down Expand Up @@ -339,7 +342,6 @@ void rule_loader::compiler::compile_list_infos(
const collector& col,
indexed_vector<falco_list>& out) const
{
std::string tmp;
std::list<std::string> used;
falco_list v;
for (const auto &list : col.lists())
Expand All @@ -352,17 +354,14 @@ void rule_loader::compiler::compile_list_infos(
if (ref && ref->index < list.visibility)
{
used.push_back(ref->name);
for (auto val : ref->items)
for (const auto &val : ref->items)
{
quote_item(val);
v.items.push_back(val);
}
}
else
{
tmp = item;
quote_item(tmp);
v.items.push_back(tmp);
v.items.push_back(item);
}
}
v.used = false;
Expand Down