falcosecurity · poiana · Feb 7, 2020 · Oct 3, 2019 · Oct 3, 2019 · Oct 3, 2019
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -67,24 +67,7 @@ set(CMAKE_CXX_FLAGS_DEBUG "${DRAIOS_DEBUG_FLAGS}")
 set(CMAKE_C_FLAGS_RELEASE "-O3 -fno-strict-aliasing -DNDEBUG")
 set(CMAKE_CXX_FLAGS_RELEASE "-O3 -fno-strict-aliasing -DNDEBUG")
 
-# Create the falco version variable according to git index
-if(NOT FALCO_VERSION)
-  include(GetGitRevisionDescription)
-  git_get_exact_tag(FALCO_TAG)
-  if(NOT FALCO_TAG)
-    git_describe(FALCO_VERSION "--always")
-    git_local_changes(FALCO_CHANGES)
-    if(FALCO_CHANGES STREQUAL "DIRTY")
-      string(TOLOWER "${FALCO_CHANGES}" FALCO_CHANGES)
-      set(FALCO_VERSION "${FALCO_VERSION}.${FALCO_CHANGES}")
-    endif()
-    set(FALCO_VERSION "0.${FALCO_VERSION}")
-  else()
-    set(FALCO_VERSION "${FALCO_TAG}")
-    string(REGEX REPLACE "^v([0-9]+)(\\.[0-9]+)(\\.[0-9]+)?" "\\1\\2\\3" FALCO_VERSION ${FALCO_VERSION})
-  endif()
-endif()
-message(STATUS "Falco version: ${FALCO_VERSION}")
+include(GetFalcoVersion)
 
 set(PACKAGE_NAME "falco")
 set(PROBE_VERSION "${FALCO_VERSION}")
@@ -240,6 +223,7 @@ include(sysdig)
 # Installation
 install(FILES falco.yaml DESTINATION "${FALCO_ETC_DIR}")
 
+# Coverage
 include(Coverage)
 
 # Tests

diff --git a/cmake/modules/GetFalcoVersion.cmake b/cmake/modules/GetFalcoVersion.cmake
@@ -0,0 +1,59 @@
+# Retrieve git ref and commit hash
+include(GetGitRevisionDescription)
+get_git_head_revision(FALCO_REF FALCO_HASH)
+
+# Create the falco version variable according to git index
+if(NOT FALCO_VERSION)
+  string(STRIP "${FALCO_HASH}" FALCO_HASH)
+  # Try to obtain the exact git tag
+  git_get_exact_tag(FALCO_TAG)
+  if(NOT FALCO_TAG)
+    # Obtain the closest tag
+    git_describe(FALCO_VERSION "--abbrev=0" "--tags") # suppress the long format
+    # Fallback version
+    if(FALCO_VERSION MATCHES "NOTFOUND$")
+      set(FALCO_VERSION "0.0.0")
+    endif()
+    # TODO(leodido) > Construct the prerelease part (semver 2) Construct the Build metadata part (semver 2)
+    if(NOT FALCO_HASH MATCHES "NOTFOUND$")
+      string(SUBSTRING "${FALCO_HASH}" 0 7 FALCO_VERSION_BUILD)
+      # Check whether there are uncommitted changes or not
+      git_local_changes(FALCO_CHANGES)
+      if(FALCO_CHANGES STREQUAL "DIRTY")
+        string(TOLOWER "${FALCO_CHANGES}" FALCO_CHANGES)
+        set(FALCO_VERSION_BUILD "${FALCO_VERSION_BUILD}.${FALCO_CHANGES}")
+      endif()
+    endif()
+    # Append the build metadata part (semver 2)
+    if(FALCO_VERSION_BUILD)
+      set(FALCO_VERSION "${FALCO_VERSION}+${FALCO_VERSION_BUILD}")
+    endif()
+  else()
+    # A tag has been found: use it as the Falco version
+    set(FALCO_VERSION "${FALCO_TAG}")
+    # Remove the starting "v" in case there is one
+    string(REGEX REPLACE "^v(.*)" "\\1" FALCO_VERSION "${FALCO_TAG}")
+  endif()
+  # TODO(leodido) > ensure Falco version is semver before extracting parts Populate partial version variables
+  string(REGEX MATCH "^(0|[1-9][0-9]*)" FALCO_VERSION_MAJOR "${FALCO_VERSION}")
+  string(REGEX REPLACE "^(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)\\..*" "\\2" FALCO_VERSION_MINOR "${FALCO_VERSION}")
+  string(REGEX REPLACE "^(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*).*" "\\3" FALCO_VERSION_PATCH
+                       "${FALCO_VERSION}")
+  string(
+    REGEX
+    REPLACE
+      "^(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)-((0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*)\\.(0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*)*).*"
+      "\\4"
+      FALCO_VERSION_PRERELEASE
+      "${FALCO_VERSION}")
+  if(FALCO_VERSION_PRERELEASE STREQUAL "${FALCO_VERSION}")
+    set(FALCO_VERSION_PRERELEASE "")
+  endif()
+  if(NOT FALCO_VERSION_BUILD)
+    string(REGEX REPLACE ".*\\+([0-9a-zA-Z-]+(\\.[0-9a-zA-Z-]+)*)" "\\1" FALCO_VERSION_BUILD "${FALCO_VERSION}")
+  endif()
+  if(FALCO_VERSION_BUILD STREQUAL "${FALCO_VERSION}")
+    set(FALCO_VERSION_BUILD "")
+  endif()
+endif()
+message(STATUS "Falco version: ${FALCO_VERSION}")
diff --git a/cmake/modules/GetGitRevisionDescription.cmake b/cmake/modules/GetGitRevisionDescription.cmake
@@ -104,18 +104,19 @@ function(git_describe _var)
     return()
   endif()
 
-  # TODO sanitize if((${ARGN}" MATCHES "&&") OR (ARGN MATCHES "||") OR (ARGN MATCHES "\\;")) message("Please report the
-  # following error to the project!") message(FATAL_ERROR "Looks like someone's doing something nefarious with
-  # git_describe! Passed arguments ${ARGN}") endif()
-
-  # message(STATUS "Arguments to execute_process: ${ARGN}")
-
-  execute_process(
-    COMMAND "${GIT_EXECUTABLE}" describe ${hash} ${ARGN}
-    WORKING_DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
-    RESULT_VARIABLE res
-    OUTPUT_VARIABLE out
-    ERROR_QUIET OUTPUT_STRIP_TRAILING_WHITESPACE)
+  execute_process(COMMAND
+    "${GIT_EXECUTABLE}"
+    describe
+    ${hash}
+    ${ARGN}
+    WORKING_DIRECTORY
+    "${CMAKE_CURRENT_SOURCE_DIR}"
+    RESULT_VARIABLE
+    res
+    OUTPUT_VARIABLE
+    out
+    ERROR_QUIET
+    OUTPUT_STRIP_TRAILING_WHITESPACE)
   if(NOT res EQUAL 0)
     set(out "${out}-${res}-NOTFOUND")
   endif()

diff --git a/tests/falco/test_webserver.cpp b/tests/falco/test_webserver.cpp
@@ -13,7 +13,6 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
-
 #include "webserver.h"
 #include <catch.hpp>
 
@@ -22,7 +21,7 @@ TEST_CASE("webserver must accept invalid data", "[!hide][webserver][k8s_audit_ha
 	// falco_engine* engine = new falco_engine();
 	// falco_outputs* outputs = new falco_outputs(engine);
 	// std::string errstr;
-    // std::string input("{\"kind\": 0}");
+	// std::string input("{\"kind\": 0}");
 	//k8s_audit_handler::accept_data(engine, outputs, input, errstr);
 
 	REQUIRE(1 == 1);

diff --git a/userspace/falco/CMakeLists.txt b/userspace/falco/CMakeLists.txt
@@ -15,10 +15,22 @@ configure_file("${SYSDIG_SOURCE_DIR}/userspace/sysdig/config_sysdig.h.in" config
 
 add_custom_command(
   OUTPUT
-    ${CMAKE_CURRENT_BINARY_DIR}/output.grpc.pb.cc ${CMAKE_CURRENT_BINARY_DIR}/output.grpc.pb.h
-    ${CMAKE_CURRENT_BINARY_DIR}/output.pb.cc ${CMAKE_CURRENT_BINARY_DIR}/output.pb.h
-    ${CMAKE_CURRENT_BINARY_DIR}/schema.pb.cc ${CMAKE_CURRENT_BINARY_DIR}/schema.pb.h
-  COMMENT "Generate gRPC code"
+    ${CMAKE_CURRENT_BINARY_DIR}/version.grpc.pb.cc
+    ${CMAKE_CURRENT_BINARY_DIR}/version.grpc.pb.h
+    ${CMAKE_CURRENT_BINARY_DIR}/version.pb.cc
+    ${CMAKE_CURRENT_BINARY_DIR}/version.pb.h
+    ${CMAKE_CURRENT_BINARY_DIR}/output.grpc.pb.cc
+    ${CMAKE_CURRENT_BINARY_DIR}/output.grpc.pb.h
+    ${CMAKE_CURRENT_BINARY_DIR}/output.pb.cc
+    ${CMAKE_CURRENT_BINARY_DIR}/output.pb.h
+    ${CMAKE_CURRENT_BINARY_DIR}/schema.pb.cc
+    ${CMAKE_CURRENT_BINARY_DIR}/schema.pb.h
+  COMMENT "Generate gRPC version API"
+  DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/version.proto
+  COMMAND ${PROTOC} -I ${CMAKE_CURRENT_SOURCE_DIR} --cpp_out=. ${CMAKE_CURRENT_SOURCE_DIR}/version.proto
+  COMMAND ${PROTOC} -I ${CMAKE_CURRENT_SOURCE_DIR} --grpc_out=. --plugin=protoc-gen-grpc=${GRPC_CPP_PLUGIN}
+          ${CMAKE_CURRENT_SOURCE_DIR}/version.proto
+  COMMENT "Generate gRPC outputs API"
   DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/output.proto
   COMMAND ${PROTOC} -I ${CMAKE_CURRENT_SOURCE_DIR} --cpp_out=. ${CMAKE_CURRENT_SOURCE_DIR}/output.proto
           ${CMAKE_CURRENT_SOURCE_DIR}/schema.proto
@@ -38,16 +50,19 @@ add_executable(
   webserver.cpp
   grpc_context.cpp
   grpc_server_impl.cpp
+  grpc_request_context.cpp
   grpc_server.cpp
   utils.cpp
+  ${CMAKE_CURRENT_BINARY_DIR}/version.grpc.pb.cc
+  ${CMAKE_CURRENT_BINARY_DIR}/version.pb.cc
   ${CMAKE_CURRENT_BINARY_DIR}/output.grpc.pb.cc
   ${CMAKE_CURRENT_BINARY_DIR}/output.pb.cc
   ${CMAKE_CURRENT_BINARY_DIR}/schema.pb.cc)
 
 add_dependencies(falco civetweb)
 
 if(USE_BUNDLED_DEPS)
-add_dependencies(falco yamlcpp)
+  add_dependencies(falco yamlcpp)
 endif()
 
 target_include_directories(

diff --git a/userspace/falco/config_falco.h.in b/userspace/falco/config_falco.h.in
@@ -16,7 +16,14 @@ limitations under the License.
 
 #pragma once
 
+#define FALCO_BRANCH "@FALCO_REF@"
+#define FALCO_HASH "@FALCO_HASH@"
 #define FALCO_VERSION "@FALCO_VERSION@"
+#define FALCO_VERSION_MAJOR @FALCO_VERSION_MAJOR@
+#define FALCO_VERSION_MINOR @FALCO_VERSION_MINOR@
+#define FALCO_VERSION_PATCH @FALCO_VERSION_PATCH@
+#define FALCO_VERSION_PRERELEASE "@FALCO_VERSION_PRERELEASE@"
+#define FALCO_VERSION_BUILD "@FALCO_VERSION_BUILD@"
 
 #define FALCO_LUA_DIR "${CMAKE_INSTALL_PREFIX}/${FALCO_SHARE_DIR}/lua/"
 #define FALCO_SOURCE_DIR "${PROJECT_SOURCE_DIR}"

diff --git a/userspace/falco/configuration.cpp b/userspace/falco/configuration.cpp
@@ -87,7 +87,7 @@ void falco_configuration::init(string conf_filename, list<string> &cmdline_optio
 		filename = m_config->get_scalar<string>("file_output", "filename", "");
 		if(filename == string(""))
 		{
-			throw invalid_argument("Error reading config file (" + m_config_file + "): file output enabled but no filename in configuration block");
+			throw logic_error("Error reading config file (" + m_config_file + "): file output enabled but no filename in configuration block");
 		}
 		file_output.options["filename"] = filename;
 
@@ -119,7 +119,7 @@ void falco_configuration::init(string conf_filename, list<string> &cmdline_optio
 		program = m_config->get_scalar<string>("program_output", "program", "");
 		if(program == string(""))
 		{
-			throw sinsp_exception("Error reading config file (" + m_config_file + "): program output enabled but no program in configuration block");
+			throw logic_error("Error reading config file (" + m_config_file + "): program output enabled but no program in configuration block");
 		}
 		program_output.options["program"] = program;
 
@@ -138,7 +138,7 @@ void falco_configuration::init(string conf_filename, list<string> &cmdline_optio
 
 		if(url == string(""))
 		{
-			throw sinsp_exception("Error reading config file (" + m_config_file + "): http output enabled but no url in configuration block");
+			throw logic_error("Error reading config file (" + m_config_file + "): http output enabled but no url in configuration block");
 		}
 		http_output.options["url"] = url;
 
@@ -148,6 +148,10 @@ void falco_configuration::init(string conf_filename, list<string> &cmdline_optio
 	m_grpc_enabled = m_config->get_scalar<bool>("grpc", "enabled", false);
 	m_grpc_bind_address = m_config->get_scalar<string>("grpc", "bind_address", "0.0.0.0:5060");
 	m_grpc_threadiness = m_config->get_scalar<uint32_t>("grpc", "threadiness", 8); // todo > limit it to avoid overshubscription? std::thread::hardware_concurrency()
+	if(m_grpc_threadiness == 0)
+	{
+		throw logic_error("error reading config file (" + m_config_file +"): gRPC threadiness must be greater than 0");
+	}
 	m_grpc_private_key = m_config->get_scalar<string>("grpc", "private_key", "/etc/falco/certs/server.key");
 	m_grpc_cert_chain = m_config->get_scalar<string>("grpc", "cert_chain", "/etc/falco/certs/server.crt");
 	m_grpc_root_certs = m_config->get_scalar<string>("grpc", "root_certs", "/etc/falco/certs/ca.crt");
@@ -162,7 +166,7 @@ void falco_configuration::init(string conf_filename, list<string> &cmdline_optio
 
 	if(m_outputs.size() == 0)
 	{
-		throw invalid_argument("Error reading config file (" + m_config_file + "): No outputs configured. Please configure at least one output file output enabled but no filename in configuration block");
+		throw logic_error("Error reading config file (" + m_config_file + "): No outputs configured. Please configure at least one output file output enabled but no filename in configuration block");
 	}
 
 	string log_level = m_config->get_scalar<string>("log_level", "info");
@@ -181,7 +185,7 @@ void falco_configuration::init(string conf_filename, list<string> &cmdline_optio
 
 	if((it = std::find_if(falco_common::priority_names.begin(), falco_common::priority_names.end(), comp)) == falco_common::priority_names.end())
 	{
-		throw invalid_argument("Unknown priority \"" + priority + "\"--must be one of emergency, alert, critical, error, warning, notice, informational, debug");
+		throw logic_error("Unknown priority \"" + priority + "\"--must be one of emergency, alert, critical, error, warning, notice, informational, debug");
 	}
 	m_min_priority = (falco_common::priority_type)(it - falco_common::priority_names.begin());
 
@@ -220,7 +224,7 @@ void falco_configuration::init(string conf_filename, list<string> &cmdline_optio
 		}
 		else
 		{
-			throw invalid_argument("Error reading config file (" + m_config_file + "): syscall event drop action " + act + " must be one of \"ignore\", \"log\", \"alert\", or \"exit\"");
+			throw logic_error("Error reading config file (" + m_config_file + "): syscall event drop action " + act + " must be one of \"ignore\", \"log\", \"alert\", or \"exit\"");
 		}
 	}
 
@@ -328,7 +332,7 @@ void falco_configuration::set_cmdline_option(const string &opt)
 
 	if(!split(opt, '=', keyval))
 	{
-		throw invalid_argument("Error parsing config option \"" + opt + "\". Must be of the form key=val or key.subkey=val");
+		throw logic_error("Error parsing config option \"" + opt + "\". Must be of the form key=val or key.subkey=val");
 	}
 
 	if(split(keyval.first, '.', subkey))

diff --git a/userspace/falco/falco.cpp b/userspace/falco/falco.cpp
@@ -895,7 +895,7 @@ int falco_init(int argc, char **argv)
 			printf("%s\n", support.dump().c_str());
 			goto exit;
 		}
-		
+
 		// read hostname
 		string hostname;
 		if(char* env_hostname = getenv("FALCO_GRPC_HOSTNAME"))