From b71230ed08b1136237ebe04f84137ce54fabf196 Mon Sep 17 00:00:00 2001 From: Melissa Kilby Date: Wed, 8 May 2024 12:42:47 +0000 Subject: [PATCH 1/5] new(utils): add new helper to calculate file sha256sum Signed-off-by: Melissa Kilby --- userspace/engine/falco_utils.cpp | 31 +++++++++++++++++++++++++++++++ userspace/engine/falco_utils.h | 2 ++ 2 files changed, 33 insertions(+) diff --git a/userspace/engine/falco_utils.cpp b/userspace/engine/falco_utils.cpp index 2322f8dddeb..593d1688f08 100644 --- a/userspace/engine/falco_utils.cpp +++ b/userspace/engine/falco_utils.cpp @@ -22,6 +22,7 @@ limitations under the License. #include #include +#include #include #include @@ -117,6 +118,36 @@ uint64_t parse_prometheus_interval(std::string interval_str) return interval; } +std::string calculate_file_sha256sum(const std::string& filename) +{ + std::ifstream file(filename, std::ios::binary); + if (!file.is_open()) + { + return ""; + } + + SHA256_CTX sha256_context; + SHA256_Init(&sha256_context); + + constexpr size_t buffer_size = 4096; + char buffer[buffer_size]; + while (file.read(buffer, buffer_size)) + { + SHA256_Update(&sha256_context, buffer, buffer_size); + } + SHA256_Update(&sha256_context, buffer, file.gcount()); + + unsigned char digest[SHA256_DIGEST_LENGTH]; + SHA256_Final(digest, &sha256_context); + + std::stringstream ss; + for (int i = 0; i < SHA256_DIGEST_LENGTH; ++i) + { + ss << std::hex << std::setw(2) << std::setfill('0') << static_cast(digest[i]); + } + return ss.str(); +} + std::string wrap_text(const std::string& in, uint32_t indent, uint32_t line_len) { std::istringstream is(in); diff --git a/userspace/engine/falco_utils.h b/userspace/engine/falco_utils.h index 9f26355479d..d46c81f276f 100644 --- a/userspace/engine/falco_utils.h +++ b/userspace/engine/falco_utils.h @@ -27,6 +27,8 @@ namespace falco::utils { uint64_t parse_prometheus_interval(std::string interval_str); +std::string calculate_file_sha256sum(const std::string& filename); + std::string wrap_text(const std::string& in, uint32_t indent, uint32_t linelen); void readfile(const std::string& filename, std::string& data); From 7cc49fa633a2dcc73d2c81898bbda3a10cbff13e Mon Sep 17 00:00:00 2001 From: Melissa Kilby Date: Wed, 8 May 2024 12:43:03 +0000 Subject: [PATCH 2/5] new(metrics): add file sha256sum metrics for loaded config and rules files Signed-off-by: Melissa Kilby --- .../falco/app/actions/load_rules_files.cpp | 2 ++ userspace/falco/configuration.cpp | 6 +++++ userspace/falco/configuration.h | 4 +++ userspace/falco/falco_metrics.cpp | 25 +++++++++++++++++++ userspace/falco/stats_writer.cpp | 25 +++++++++++++++++++ 5 files changed, 62 insertions(+) diff --git a/userspace/falco/app/actions/load_rules_files.cpp b/userspace/falco/app/actions/load_rules_files.cpp index 3ccd7a09d7c..a1ec164b5d9 100644 --- a/userspace/falco/app/actions/load_rules_files.cpp +++ b/userspace/falco/app/actions/load_rules_files.cpp @@ -17,6 +17,7 @@ limitations under the License. #include "actions.h" #include "helpers.h" +#include "falco_utils.h" #include @@ -83,6 +84,7 @@ falco::app::run_result falco::app::actions::load_rules_files(falco::app::state& { falco_logger::log(falco_logger::level::WARNING,res->as_string(true, rc) + "\n"); } + s.config->m_loaded_rules_filenames_sha256sum.push_back(falco::utils::calculate_file_sha256sum(filename)); } // note: we have an egg-and-chicken problem here. We would like to check diff --git a/userspace/falco/configuration.cpp b/userspace/falco/configuration.cpp index 2985b7e5750..b8c987d8add 100644 --- a/userspace/falco/configuration.cpp +++ b/userspace/falco/configuration.cpp @@ -160,6 +160,11 @@ void falco_configuration::merge_configs_files(const std::string& config_name, st } } } + + for(auto &filename : m_loaded_configs_filenames) + { + m_loaded_configs_filenames_sha256sum.push_back(falco::utils::calculate_file_sha256sum(filename)); + } } void falco_configuration::init_logger() @@ -270,6 +275,7 @@ void falco_configuration::load_yaml(const std::string& config_name) m_rules_filenames.clear(); m_loaded_rules_filenames.clear(); + m_loaded_rules_filenames_sha256sum.clear(); m_loaded_rules_folders.clear(); for(auto &file : rules_files) { diff --git a/userspace/falco/configuration.h b/userspace/falco/configuration.h index 15a822911d0..e124cf316a3 100644 --- a/userspace/falco/configuration.h +++ b/userspace/falco/configuration.h @@ -105,6 +105,8 @@ class falco_configuration // Config list as passed by the user. Filenames. std::list m_loaded_configs_filenames; + // sha256 of the loaded configs files + std::list m_loaded_configs_filenames_sha256sum; // Config list as passed by the user. Folders. std::list m_loaded_configs_folders; @@ -112,6 +114,8 @@ class falco_configuration std::list m_rules_filenames; // Actually loaded rules, with folders inspected std::list m_loaded_rules_filenames; + // sha256 of the loaded rules files + std::list m_loaded_rules_filenames_sha256sum; // List of loaded rule folders std::list m_loaded_rules_folders; bool m_json_output; diff --git a/userspace/falco/falco_metrics.cpp b/userspace/falco/falco_metrics.cpp index 03202719f58..72d72fa56e9 100644 --- a/userspace/falco/falco_metrics.cpp +++ b/userspace/falco/falco_metrics.cpp @@ -20,6 +20,7 @@ limitations under the License. #include "app/state.h" #include +#include /*! \class falco_metrics @@ -82,6 +83,30 @@ std::string falco_metrics::to_text(const falco::app::state& state) prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus("kernel_release", "falcosecurity", "falco", {{"kernel_release", agent_info->uname_r}}); prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus("hostname", "falcosecurity", "evt", {{"hostname", machine_info->hostname}}); + auto it_filename = state.config.get()->m_loaded_rules_filenames.begin(); + auto it_sha256 = state.config.get()->m_loaded_rules_filenames_sha256sum.begin(); + while (it_filename != state.config.get()->m_loaded_rules_filenames.end() && it_sha256 != state.config.get()->m_loaded_rules_filenames_sha256sum.end()) + { + std::string metric_name_file_sha256 = *it_filename; + RE2::GlobalReplace(&metric_name_file_sha256, R"([.\\/]|yaml|yml)", ""); + metric_name_file_sha256 = "sha256_rule_file_" + metric_name_file_sha256; + prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus(metric_name_file_sha256, "falcosecurity", "falco", {{metric_name_file_sha256, *it_sha256}}); + ++it_filename; + ++it_sha256; + } + + it_filename = state.config.get()->m_loaded_configs_filenames.begin(); + it_sha256 = state.config.get()->m_loaded_configs_filenames_sha256sum.begin(); + while (it_filename != state.config.get()->m_loaded_configs_filenames.end() && it_sha256 != state.config.get()->m_loaded_configs_filenames_sha256sum.end()) + { + std::string metric_name_file_sha256 = *it_filename; + RE2::GlobalReplace(&metric_name_file_sha256, R"([.\\/]|yaml|yml)", ""); + metric_name_file_sha256 = "sha256_config_file_" + metric_name_file_sha256; + prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus(metric_name_file_sha256, "falcosecurity", "falco", {{metric_name_file_sha256, *it_sha256}}); + ++it_filename; + ++it_sha256; + } + for (const std::string& source: inspector->event_sources()) { prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus("evt_source", "falcosecurity", "falco", {{"evt_source", source}}); diff --git a/userspace/falco/stats_writer.cpp b/userspace/falco/stats_writer.cpp index 799083072df..ae3d5950ec1 100644 --- a/userspace/falco/stats_writer.cpp +++ b/userspace/falco/stats_writer.cpp @@ -23,6 +23,7 @@ limitations under the License. #include #include +#include #include "falco_common.h" #include "stats_writer.h" @@ -328,6 +329,30 @@ void stats_writer::collector::get_metrics_output_fields_wrapper( output_fields["falco.host_num_cpus"] = machine_info->num_cpus; output_fields["falco.outputs_queue_num_drops"] = m_writer->m_outputs->get_outputs_queue_num_drops(); + auto it_filename = m_writer->m_config->m_loaded_rules_filenames.begin(); + auto it_sha256 = m_writer->m_config->m_loaded_rules_filenames_sha256sum.begin(); + while (it_filename != m_writer->m_config->m_loaded_rules_filenames.end() && it_sha256 != m_writer->m_config->m_loaded_rules_filenames_sha256sum.end()) + { + std::string metric_name_file_sha256 = *it_filename; + RE2::GlobalReplace(&metric_name_file_sha256, R"([.\\/]|yaml|yml)", ""); + metric_name_file_sha256 = "falco.sha256_rule_file." + metric_name_file_sha256; + output_fields[metric_name_file_sha256] = *it_sha256; + ++it_filename; + ++it_sha256; + } + + it_filename = m_writer->m_config->m_loaded_configs_filenames.begin(); + it_sha256 = m_writer->m_config->m_loaded_configs_filenames_sha256sum.begin(); + while (it_filename != m_writer->m_config->m_loaded_configs_filenames.end() && it_sha256 != m_writer->m_config->m_loaded_configs_filenames_sha256sum.end()) + { + std::string metric_name_file_sha256 = *it_filename; + RE2::GlobalReplace(&metric_name_file_sha256, R"([.\\/]|yaml|yml)", ""); + metric_name_file_sha256 = "falco.sha256_config_file." + metric_name_file_sha256; + output_fields[metric_name_file_sha256] = *it_sha256; + ++it_filename; + ++it_sha256; + } + output_fields["evt.source"] = src; for (size_t i = 0; i < sizeof(all_driver_engines) / sizeof(const char*); i++) { From 30d5ca29c1925199684caf1323dfbfb4b351706f Mon Sep 17 00:00:00 2001 From: Melissa Kilby Date: Thu, 9 May 2024 16:48:11 +0000 Subject: [PATCH 3/5] cleanup(metrics): use filesystem lib to derive file names + build fix Signed-off-by: Melissa Kilby --- userspace/engine/falco_utils.cpp | 5 ++++- userspace/engine/falco_utils.h | 2 ++ userspace/falco/app/actions/load_rules_files.cpp | 2 ++ userspace/falco/configuration.cpp | 2 ++ userspace/falco/falco_metrics.cpp | 13 ++++++++----- userspace/falco/stats_writer.cpp | 14 ++++++++------ 6 files changed, 26 insertions(+), 12 deletions(-) diff --git a/userspace/engine/falco_utils.cpp b/userspace/engine/falco_utils.cpp index 593d1688f08..3804b094e92 100644 --- a/userspace/engine/falco_utils.cpp +++ b/userspace/engine/falco_utils.cpp @@ -22,8 +22,9 @@ limitations under the License. #include #include +#if defined(__linux__) #include - +#endif #include #include #include @@ -118,6 +119,7 @@ uint64_t parse_prometheus_interval(std::string interval_str) return interval; } +#if defined(__linux__) std::string calculate_file_sha256sum(const std::string& filename) { std::ifstream file(filename, std::ios::binary); @@ -147,6 +149,7 @@ std::string calculate_file_sha256sum(const std::string& filename) } return ss.str(); } +#endif std::string wrap_text(const std::string& in, uint32_t indent, uint32_t line_len) { diff --git a/userspace/engine/falco_utils.h b/userspace/engine/falco_utils.h index d46c81f276f..7b08a89aa6f 100644 --- a/userspace/engine/falco_utils.h +++ b/userspace/engine/falco_utils.h @@ -27,7 +27,9 @@ namespace falco::utils { uint64_t parse_prometheus_interval(std::string interval_str); +#if defined(__linux__) std::string calculate_file_sha256sum(const std::string& filename); +#endif std::string wrap_text(const std::string& in, uint32_t indent, uint32_t linelen); diff --git a/userspace/falco/app/actions/load_rules_files.cpp b/userspace/falco/app/actions/load_rules_files.cpp index a1ec164b5d9..902ac3b5b7d 100644 --- a/userspace/falco/app/actions/load_rules_files.cpp +++ b/userspace/falco/app/actions/load_rules_files.cpp @@ -84,7 +84,9 @@ falco::app::run_result falco::app::actions::load_rules_files(falco::app::state& { falco_logger::log(falco_logger::level::WARNING,res->as_string(true, rc) + "\n"); } +#if defined(__linux__) s.config->m_loaded_rules_filenames_sha256sum.push_back(falco::utils::calculate_file_sha256sum(filename)); +#endif } // note: we have an egg-and-chicken problem here. We would like to check diff --git a/userspace/falco/configuration.cpp b/userspace/falco/configuration.cpp index b8c987d8add..3bc34722890 100644 --- a/userspace/falco/configuration.cpp +++ b/userspace/falco/configuration.cpp @@ -161,10 +161,12 @@ void falco_configuration::merge_configs_files(const std::string& config_name, st } } +#if defined(__linux__) for(auto &filename : m_loaded_configs_filenames) { m_loaded_configs_filenames_sha256sum.push_back(falco::utils::calculate_file_sha256sum(filename)); } +#endif } void falco_configuration::init_logger() diff --git a/userspace/falco/falco_metrics.cpp b/userspace/falco/falco_metrics.cpp index 72d72fa56e9..e5348f39436 100644 --- a/userspace/falco/falco_metrics.cpp +++ b/userspace/falco/falco_metrics.cpp @@ -20,7 +20,8 @@ limitations under the License. #include "app/state.h" #include -#include + +namespace fs = std::filesystem; /*! \class falco_metrics @@ -83,12 +84,13 @@ std::string falco_metrics::to_text(const falco::app::state& state) prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus("kernel_release", "falcosecurity", "falco", {{"kernel_release", agent_info->uname_r}}); prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus("hostname", "falcosecurity", "evt", {{"hostname", machine_info->hostname}}); +#if defined(__linux__) auto it_filename = state.config.get()->m_loaded_rules_filenames.begin(); auto it_sha256 = state.config.get()->m_loaded_rules_filenames_sha256sum.begin(); while (it_filename != state.config.get()->m_loaded_rules_filenames.end() && it_sha256 != state.config.get()->m_loaded_rules_filenames_sha256sum.end()) { - std::string metric_name_file_sha256 = *it_filename; - RE2::GlobalReplace(&metric_name_file_sha256, R"([.\\/]|yaml|yml)", ""); + fs::path fs_path = *it_filename; + std::string metric_name_file_sha256 = fs_path.filename().stem(); metric_name_file_sha256 = "sha256_rule_file_" + metric_name_file_sha256; prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus(metric_name_file_sha256, "falcosecurity", "falco", {{metric_name_file_sha256, *it_sha256}}); ++it_filename; @@ -99,13 +101,14 @@ std::string falco_metrics::to_text(const falco::app::state& state) it_sha256 = state.config.get()->m_loaded_configs_filenames_sha256sum.begin(); while (it_filename != state.config.get()->m_loaded_configs_filenames.end() && it_sha256 != state.config.get()->m_loaded_configs_filenames_sha256sum.end()) { - std::string metric_name_file_sha256 = *it_filename; - RE2::GlobalReplace(&metric_name_file_sha256, R"([.\\/]|yaml|yml)", ""); + fs::path fs_path = *it_filename; + std::string metric_name_file_sha256 = fs_path.filename().stem(); metric_name_file_sha256 = "sha256_config_file_" + metric_name_file_sha256; prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus(metric_name_file_sha256, "falcosecurity", "falco", {{metric_name_file_sha256, *it_sha256}}); ++it_filename; ++it_sha256; } +#endif for (const std::string& source: inspector->event_sources()) { diff --git a/userspace/falco/stats_writer.cpp b/userspace/falco/stats_writer.cpp index ae3d5950ec1..0bb37a2bd43 100644 --- a/userspace/falco/stats_writer.cpp +++ b/userspace/falco/stats_writer.cpp @@ -23,7 +23,6 @@ limitations under the License. #include #include -#include #include "falco_common.h" #include "stats_writer.h" @@ -32,6 +31,8 @@ limitations under the License. #include #include +namespace fs = std::filesystem; + // note: ticker_t is an uint16_t, which is enough because we don't care about // overflows here. Threads calling stats_writer::handle() will just // check that this value changed since their last observation. @@ -329,12 +330,13 @@ void stats_writer::collector::get_metrics_output_fields_wrapper( output_fields["falco.host_num_cpus"] = machine_info->num_cpus; output_fields["falco.outputs_queue_num_drops"] = m_writer->m_outputs->get_outputs_queue_num_drops(); +#if defined(__linux__) auto it_filename = m_writer->m_config->m_loaded_rules_filenames.begin(); auto it_sha256 = m_writer->m_config->m_loaded_rules_filenames_sha256sum.begin(); while (it_filename != m_writer->m_config->m_loaded_rules_filenames.end() && it_sha256 != m_writer->m_config->m_loaded_rules_filenames_sha256sum.end()) { - std::string metric_name_file_sha256 = *it_filename; - RE2::GlobalReplace(&metric_name_file_sha256, R"([.\\/]|yaml|yml)", ""); + fs::path fs_path = *it_filename; + std::string metric_name_file_sha256 = fs_path.filename().stem(); metric_name_file_sha256 = "falco.sha256_rule_file." + metric_name_file_sha256; output_fields[metric_name_file_sha256] = *it_sha256; ++it_filename; @@ -345,14 +347,14 @@ void stats_writer::collector::get_metrics_output_fields_wrapper( it_sha256 = m_writer->m_config->m_loaded_configs_filenames_sha256sum.begin(); while (it_filename != m_writer->m_config->m_loaded_configs_filenames.end() && it_sha256 != m_writer->m_config->m_loaded_configs_filenames_sha256sum.end()) { - std::string metric_name_file_sha256 = *it_filename; - RE2::GlobalReplace(&metric_name_file_sha256, R"([.\\/]|yaml|yml)", ""); + fs::path fs_path = *it_filename; + std::string metric_name_file_sha256 = fs_path.filename().stem(); metric_name_file_sha256 = "falco.sha256_config_file." + metric_name_file_sha256; output_fields[metric_name_file_sha256] = *it_sha256; ++it_filename; ++it_sha256; } - +#endif output_fields["evt.source"] = src; for (size_t i = 0; i < sizeof(all_driver_engines) / sizeof(const char*); i++) { From 1067bf1b21102a24cf969792ff6ab01367150ff7 Mon Sep 17 00:00:00 2001 From: Melissa Kilby Date: Thu, 9 May 2024 17:04:22 +0000 Subject: [PATCH 4/5] chore: fix non linux build metrics Signed-off-by: Melissa Kilby --- userspace/engine/falco_utils.cpp | 4 ++-- userspace/engine/falco_utils.h | 2 +- userspace/falco/app/actions/load_rules_files.cpp | 2 +- userspace/falco/configuration.cpp | 2 +- userspace/falco/falco_metrics.cpp | 2 +- userspace/falco/stats_writer.cpp | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/userspace/engine/falco_utils.cpp b/userspace/engine/falco_utils.cpp index 3804b094e92..926e2f933b6 100644 --- a/userspace/engine/falco_utils.cpp +++ b/userspace/engine/falco_utils.cpp @@ -22,7 +22,7 @@ limitations under the License. #include #include -#if defined(__linux__) +#if defined(__linux__) and !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__) #include #endif #include @@ -119,7 +119,7 @@ uint64_t parse_prometheus_interval(std::string interval_str) return interval; } -#if defined(__linux__) +#if defined(__linux__) and !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__) std::string calculate_file_sha256sum(const std::string& filename) { std::ifstream file(filename, std::ios::binary); diff --git a/userspace/engine/falco_utils.h b/userspace/engine/falco_utils.h index 7b08a89aa6f..35a6a928d4a 100644 --- a/userspace/engine/falco_utils.h +++ b/userspace/engine/falco_utils.h @@ -27,7 +27,7 @@ namespace falco::utils { uint64_t parse_prometheus_interval(std::string interval_str); -#if defined(__linux__) +#if defined(__linux__) and !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__) std::string calculate_file_sha256sum(const std::string& filename); #endif diff --git a/userspace/falco/app/actions/load_rules_files.cpp b/userspace/falco/app/actions/load_rules_files.cpp index 902ac3b5b7d..21c28b76ab9 100644 --- a/userspace/falco/app/actions/load_rules_files.cpp +++ b/userspace/falco/app/actions/load_rules_files.cpp @@ -84,7 +84,7 @@ falco::app::run_result falco::app::actions::load_rules_files(falco::app::state& { falco_logger::log(falco_logger::level::WARNING,res->as_string(true, rc) + "\n"); } -#if defined(__linux__) +#if defined(__linux__) and !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__) s.config->m_loaded_rules_filenames_sha256sum.push_back(falco::utils::calculate_file_sha256sum(filename)); #endif } diff --git a/userspace/falco/configuration.cpp b/userspace/falco/configuration.cpp index 3bc34722890..b4f0dc767da 100644 --- a/userspace/falco/configuration.cpp +++ b/userspace/falco/configuration.cpp @@ -161,7 +161,7 @@ void falco_configuration::merge_configs_files(const std::string& config_name, st } } -#if defined(__linux__) +#if defined(__linux__) and !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__) for(auto &filename : m_loaded_configs_filenames) { m_loaded_configs_filenames_sha256sum.push_back(falco::utils::calculate_file_sha256sum(filename)); diff --git a/userspace/falco/falco_metrics.cpp b/userspace/falco/falco_metrics.cpp index e5348f39436..54cc7e1f25a 100644 --- a/userspace/falco/falco_metrics.cpp +++ b/userspace/falco/falco_metrics.cpp @@ -84,7 +84,7 @@ std::string falco_metrics::to_text(const falco::app::state& state) prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus("kernel_release", "falcosecurity", "falco", {{"kernel_release", agent_info->uname_r}}); prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus("hostname", "falcosecurity", "evt", {{"hostname", machine_info->hostname}}); -#if defined(__linux__) +#if defined(__linux__) and !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__) auto it_filename = state.config.get()->m_loaded_rules_filenames.begin(); auto it_sha256 = state.config.get()->m_loaded_rules_filenames_sha256sum.begin(); while (it_filename != state.config.get()->m_loaded_rules_filenames.end() && it_sha256 != state.config.get()->m_loaded_rules_filenames_sha256sum.end()) diff --git a/userspace/falco/stats_writer.cpp b/userspace/falco/stats_writer.cpp index 0bb37a2bd43..9117a68a524 100644 --- a/userspace/falco/stats_writer.cpp +++ b/userspace/falco/stats_writer.cpp @@ -330,7 +330,7 @@ void stats_writer::collector::get_metrics_output_fields_wrapper( output_fields["falco.host_num_cpus"] = machine_info->num_cpus; output_fields["falco.outputs_queue_num_drops"] = m_writer->m_outputs->get_outputs_queue_num_drops(); -#if defined(__linux__) +#if defined(__linux__) and !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__) auto it_filename = m_writer->m_config->m_loaded_rules_filenames.begin(); auto it_sha256 = m_writer->m_config->m_loaded_rules_filenames_sha256sum.begin(); while (it_filename != m_writer->m_config->m_loaded_rules_filenames.end() && it_sha256 != m_writer->m_config->m_loaded_rules_filenames_sha256sum.end()) From f9c7dc1e671966fc13402ca12126a42d3570cd24 Mon Sep 17 00:00:00 2001 From: Melissa Kilby Date: Fri, 10 May 2024 08:35:07 +0000 Subject: [PATCH 5/5] cleanup(metrics): use map for config and rules filenames sha256 tracking Co-authored-by: Federico Di Pierro Signed-off-by: Melissa Kilby --- .../falco/app/actions/load_rules_files.cpp | 2 +- userspace/falco/configuration.cpp | 2 +- userspace/falco/configuration.h | 8 +++---- userspace/falco/falco_metrics.cpp | 24 +++++++------------ userspace/falco/stats_writer.cpp | 20 +++++----------- 5 files changed, 20 insertions(+), 36 deletions(-) diff --git a/userspace/falco/app/actions/load_rules_files.cpp b/userspace/falco/app/actions/load_rules_files.cpp index 21c28b76ab9..590cc81ae52 100644 --- a/userspace/falco/app/actions/load_rules_files.cpp +++ b/userspace/falco/app/actions/load_rules_files.cpp @@ -85,7 +85,7 @@ falco::app::run_result falco::app::actions::load_rules_files(falco::app::state& falco_logger::log(falco_logger::level::WARNING,res->as_string(true, rc) + "\n"); } #if defined(__linux__) and !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__) - s.config->m_loaded_rules_filenames_sha256sum.push_back(falco::utils::calculate_file_sha256sum(filename)); + s.config->m_loaded_rules_filenames_sha256sum.insert({filename, falco::utils::calculate_file_sha256sum(filename)}); #endif } diff --git a/userspace/falco/configuration.cpp b/userspace/falco/configuration.cpp index b4f0dc767da..72eaf01f4ae 100644 --- a/userspace/falco/configuration.cpp +++ b/userspace/falco/configuration.cpp @@ -164,7 +164,7 @@ void falco_configuration::merge_configs_files(const std::string& config_name, st #if defined(__linux__) and !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__) for(auto &filename : m_loaded_configs_filenames) { - m_loaded_configs_filenames_sha256sum.push_back(falco::utils::calculate_file_sha256sum(filename)); + m_loaded_configs_filenames_sha256sum.insert({filename, falco::utils::calculate_file_sha256sum(filename)}); } #endif } diff --git a/userspace/falco/configuration.h b/userspace/falco/configuration.h index e124cf316a3..b43bae31b04 100644 --- a/userspace/falco/configuration.h +++ b/userspace/falco/configuration.h @@ -105,8 +105,8 @@ class falco_configuration // Config list as passed by the user. Filenames. std::list m_loaded_configs_filenames; - // sha256 of the loaded configs files - std::list m_loaded_configs_filenames_sha256sum; + // Map with filenames and their sha256 of the loaded configs files + std::unordered_map m_loaded_configs_filenames_sha256sum; // Config list as passed by the user. Folders. std::list m_loaded_configs_folders; @@ -114,8 +114,8 @@ class falco_configuration std::list m_rules_filenames; // Actually loaded rules, with folders inspected std::list m_loaded_rules_filenames; - // sha256 of the loaded rules files - std::list m_loaded_rules_filenames_sha256sum; + // Map with filenames and their sha256 of the loaded rules files + std::unordered_map m_loaded_rules_filenames_sha256sum; // List of loaded rule folders std::list m_loaded_rules_folders; bool m_json_output; diff --git a/userspace/falco/falco_metrics.cpp b/userspace/falco/falco_metrics.cpp index 54cc7e1f25a..58f83b5cce6 100644 --- a/userspace/falco/falco_metrics.cpp +++ b/userspace/falco/falco_metrics.cpp @@ -85,28 +85,20 @@ std::string falco_metrics::to_text(const falco::app::state& state) prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus("hostname", "falcosecurity", "evt", {{"hostname", machine_info->hostname}}); #if defined(__linux__) and !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__) - auto it_filename = state.config.get()->m_loaded_rules_filenames.begin(); - auto it_sha256 = state.config.get()->m_loaded_rules_filenames_sha256sum.begin(); - while (it_filename != state.config.get()->m_loaded_rules_filenames.end() && it_sha256 != state.config.get()->m_loaded_rules_filenames_sha256sum.end()) + for (const auto& item : state.config.get()->m_loaded_rules_filenames_sha256sum) { - fs::path fs_path = *it_filename; + fs::path fs_path = item.first; std::string metric_name_file_sha256 = fs_path.filename().stem(); - metric_name_file_sha256 = "sha256_rule_file_" + metric_name_file_sha256; - prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus(metric_name_file_sha256, "falcosecurity", "falco", {{metric_name_file_sha256, *it_sha256}}); - ++it_filename; - ++it_sha256; + metric_name_file_sha256 = "falco.sha256_rule_file." + metric_name_file_sha256; + prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus(metric_name_file_sha256, "falcosecurity", "falco", {{metric_name_file_sha256, item.second}}); } - it_filename = state.config.get()->m_loaded_configs_filenames.begin(); - it_sha256 = state.config.get()->m_loaded_configs_filenames_sha256sum.begin(); - while (it_filename != state.config.get()->m_loaded_configs_filenames.end() && it_sha256 != state.config.get()->m_loaded_configs_filenames_sha256sum.end()) + for (const auto& item : state.config.get()->m_loaded_configs_filenames_sha256sum) { - fs::path fs_path = *it_filename; + fs::path fs_path = item.first; std::string metric_name_file_sha256 = fs_path.filename().stem(); - metric_name_file_sha256 = "sha256_config_file_" + metric_name_file_sha256; - prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus(metric_name_file_sha256, "falcosecurity", "falco", {{metric_name_file_sha256, *it_sha256}}); - ++it_filename; - ++it_sha256; + metric_name_file_sha256 = "falco.sha256_config_file." + metric_name_file_sha256; + prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus(metric_name_file_sha256, "falcosecurity", "falco", {{metric_name_file_sha256, item.second}}); } #endif diff --git a/userspace/falco/stats_writer.cpp b/userspace/falco/stats_writer.cpp index 9117a68a524..22a33dbc4a5 100644 --- a/userspace/falco/stats_writer.cpp +++ b/userspace/falco/stats_writer.cpp @@ -331,28 +331,20 @@ void stats_writer::collector::get_metrics_output_fields_wrapper( output_fields["falco.outputs_queue_num_drops"] = m_writer->m_outputs->get_outputs_queue_num_drops(); #if defined(__linux__) and !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__) - auto it_filename = m_writer->m_config->m_loaded_rules_filenames.begin(); - auto it_sha256 = m_writer->m_config->m_loaded_rules_filenames_sha256sum.begin(); - while (it_filename != m_writer->m_config->m_loaded_rules_filenames.end() && it_sha256 != m_writer->m_config->m_loaded_rules_filenames_sha256sum.end()) + for (const auto& item : m_writer->m_config->m_loaded_rules_filenames_sha256sum) { - fs::path fs_path = *it_filename; + fs::path fs_path = item.first; std::string metric_name_file_sha256 = fs_path.filename().stem(); metric_name_file_sha256 = "falco.sha256_rule_file." + metric_name_file_sha256; - output_fields[metric_name_file_sha256] = *it_sha256; - ++it_filename; - ++it_sha256; + output_fields[metric_name_file_sha256] = item.second; } - it_filename = m_writer->m_config->m_loaded_configs_filenames.begin(); - it_sha256 = m_writer->m_config->m_loaded_configs_filenames_sha256sum.begin(); - while (it_filename != m_writer->m_config->m_loaded_configs_filenames.end() && it_sha256 != m_writer->m_config->m_loaded_configs_filenames_sha256sum.end()) + for (const auto& item : m_writer->m_config->m_loaded_configs_filenames_sha256sum) { - fs::path fs_path = *it_filename; + fs::path fs_path = item.first; std::string metric_name_file_sha256 = fs_path.filename().stem(); metric_name_file_sha256 = "falco.sha256_config_file." + metric_name_file_sha256; - output_fields[metric_name_file_sha256] = *it_sha256; - ++it_filename; - ++it_sha256; + output_fields[metric_name_file_sha256] = item.second; } #endif output_fields["evt.source"] = src;