From 4a1fe2f77443ebb419203fba68dc69817133b230 Mon Sep 17 00:00:00 2001 From: Andrea Terzolo Date: Thu, 4 Jan 2024 17:06:52 +0100 Subject: [PATCH] update(rule_loader): deprecate all non-SemVer compatible values Signed-off-by: Andrea Terzolo --- unit_tests/engine/test_rule_loader.cpp | 54 +++++++++++++++++++++++++ userspace/engine/rule_loader_reader.cpp | 1 + userspace/engine/rule_loader_reader.h | 3 ++ 3 files changed, 58 insertions(+) diff --git a/unit_tests/engine/test_rule_loader.cpp b/unit_tests/engine/test_rule_loader.cpp index 3ed5aaa01c3..e4c5d70f85a 100644 --- a/unit_tests/engine/test_rule_loader.cpp +++ b/unit_tests/engine/test_rule_loader.cpp @@ -549,3 +549,57 @@ TEST_F(engine_loader_test, rewrite_rule) auto rule_description = m_engine->describe_rule(&rule_name, {}); ASSERT_EQ(rule_description["rules"][0]["details"]["condition_compiled"].template get(), "proc.name = cat"); } + +TEST_F(engine_loader_test, required_engine_version_semver) +{ + std::string rules_content = R"END( +- required_engine_version: 0.26.0 + +- rule: test_rule + desc: test rule description + condition: evt.type = close + output: user=%user.name command=%proc.cmdline file=%fd.name + priority: INFO + enabled: false + +)END"; + + ASSERT_TRUE(load_rules(rules_content, "rules.yaml")); + ASSERT_FALSE(has_warnings()); +} + +TEST_F(engine_loader_test, required_engine_version_not_semver) +{ + std::string rules_content = R"END( +- required_engine_version: 26 + +- rule: test_rule + desc: test rule description + condition: evt.type = close + output: user=%user.name command=%proc.cmdline file=%fd.name + priority: INFO + enabled: false + +)END"; + + ASSERT_TRUE(load_rules(rules_content, "rules.yaml")); + ASSERT_TRUE(check_warning_message(WARNING_ENGINE_VERSION_NOT_SEMVER)); +} + +TEST_F(engine_loader_test, required_engine_version_invalid) +{ + std::string rules_content = R"END( +- required_engine_version: seven + +- rule: test_rule + desc: test rule description + condition: evt.type = close + output: user=%user.name command=%proc.cmdline file=%fd.name + priority: INFO + enabled: false + +)END"; + + ASSERT_FALSE(load_rules(rules_content, "rules.yaml")); + ASSERT_TRUE(check_error_message("Unable to parse engine version")); +} diff --git a/userspace/engine/rule_loader_reader.cpp b/userspace/engine/rule_loader_reader.cpp index 0b7e1a64c49..8258b13b20a 100644 --- a/userspace/engine/rule_loader_reader.cpp +++ b/userspace/engine/rule_loader_reader.cpp @@ -368,6 +368,7 @@ static void read_item( // Build proper semver representation v.version = rule_loader::reader::get_implicit_engine_version(ver); + cfg.res->add_warning(falco::load_result::LOAD_DEPRECATED_ITEM, WARNING_ENGINE_VERSION_NOT_SEMVER, ctx); } catch(std::exception& e) { diff --git a/userspace/engine/rule_loader_reader.h b/userspace/engine/rule_loader_reader.h index 877f9d451b5..768f7e4ead0 100644 --- a/userspace/engine/rule_loader_reader.h +++ b/userspace/engine/rule_loader_reader.h @@ -32,6 +32,9 @@ limitations under the License. // Warning message used when `enabled` is used without override. #define WARNING_ENABLED_MESSAGE "The standalone 'enabled' key usage is deprecated. The correct approach requires also a 'replace' entry under the 'override' key (i.e. 'enabled: replace')." +// Warning message used when the `required_engine_version` is not semver compatible. +#define WARNING_ENGINE_VERSION_NOT_SEMVER "The 'required_engine_version' should be SemVer compatible. All non-SemVer compatible values are deprecated." + namespace rule_loader {