diff --git a/userspace/engine/falco_engine.cpp b/userspace/engine/falco_engine.cpp index 5581604db36..10e6653b532 100644 --- a/userspace/engine/falco_engine.cpp +++ b/userspace/engine/falco_engine.cpp @@ -45,9 +45,9 @@ limitations under the License. #include "evttype_index_ruleset.h" -const std::string falco_engine::s_default_ruleset = "falco-default-ruleset"; +#include "rule_json_schema.h" -static const std::string rule_schema_string = R"({"$schema":"http://json-schema.org/draft-06/schema#","type":"array","items":{"$ref":"#/definitions/FalcoRule"},"definitions":{"FalcoRule":{"type":"object","additionalProperties":false,"properties":{"required_engine_version":{"type":"string"},"macro":{"type":"string"},"condition":{"type":"string"},"list":{"type":"string"},"items":{"type":"array","items":{"$ref":"#/definitions/Item"}},"rule":{"type":"string"},"desc":{"type":"string"},"enabled":{"type":"boolean"},"output":{"type":"string"},"append":{"type":"boolean"},"priority":{"$ref":"#/definitions/Priority"},"exceptions":{"type":"array","items":{"$ref":"#/definitions/Exception"}},"override":{"$ref":"#/definitions/Override"},"tags":{"type":"array","items":{"type":"string"}}},"required":[],"title":"FalcoRule"},"Item":{"anyOf":[{"type":"integer"},{"type":"string"}],"title":"Item"},"Exception":{"type":"object","additionalProperties":false,"properties":{"name":{"type":"string"},"fields":{},"comps":{},"values":{}},"required":["name","values"],"title":"Exception"},"Priority":{"type":"string","enum":["EMERGENCY","ALERT","CRITICAL","ERROR","WARNING","NOTICE","INFO","INFORMATIONAL","DEBUG"],"title":"Priority"},"OverriddenItem":{"type":"string","enum":["append","replace"],"title":"Priority"},"Override":{"type":"object","additionalProperties":false,"properties":{"items":{"$ref":"#/definitions/OverriddenItem"},"desc":{"$ref":"#/definitions/OverriddenItem"},"condition":{"$ref":"#/definitions/OverriddenItem"},"output":{"$ref":"#/definitions/OverriddenItem"},"priority":{"$ref":"#/definitions/OverriddenItem"},"enabled":{"$ref":"#/definitions/OverriddenItem"},"exceptions":{"$ref":"#/definitions/OverriddenItem"}},"minProperties":1,"title":"Override"}}})"; +const std::string falco_engine::s_default_ruleset = "falco-default-ruleset"; using namespace falco; diff --git a/userspace/engine/rule_json_schema.h b/userspace/engine/rule_json_schema.h new file mode 100644 index 00000000000..ae0541aa431 --- /dev/null +++ b/userspace/engine/rule_json_schema.h @@ -0,0 +1,173 @@ +// SPDX-License-Identifier: Apache-2.0 +/* +Copyright (C) 2024 The Falco Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#pragma once + +#define LONG_STRING_CONST(...) #__VA_ARGS__ + +const char rule_schema_string[] = LONG_STRING_CONST( + +{ + "$schema": "http://json-schema.org/draft-06/schema#", + "type": "array", + "items": { + "$ref": "#/definitions/FalcoRule" + }, + "definitions": { + "FalcoRule": { + "type": "object", + "additionalProperties": false, + "properties": { + "required_engine_version": { + "type": "string" + }, + "macro": { + "type": "string" + }, + "condition": { + "type": "string" + }, + "list": { + "type": "string" + }, + "items": { + "type": "array", + "items": { + "$ref": "#/definitions/Item" + } + }, + "rule": { + "type": "string" + }, + "desc": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "output": { + "type": "string" + }, + "append": { + "type": "boolean" + }, + "priority": { + "$ref": "#/definitions/Priority" + }, + "exceptions": { + "type": "array", + "items": { + "$ref": "#/definitions/Exception" + } + }, + "override": { + "$ref": "#/definitions/Override" + }, + "tags": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "required": [], + "title": "FalcoRule" + }, + "Item": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "title": "Item" + }, + "Exception": { + "type": "object", + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "fields": {}, + "comps": {}, + "values": {} + }, + "required": [ + "name", + "values" + ], + "title": "Exception" + }, + "Priority": { + "type": "string", + "enum": [ + "EMERGENCY", + "ALERT", + "CRITICAL", + "ERROR", + "WARNING", + "NOTICE", + "INFO", + "INFORMATIONAL", + "DEBUG" + ], + "title": "Priority" + }, + "OverriddenItem": { + "type": "string", + "enum": [ + "append", + "replace" + ], + "title": "Priority" + }, + "Override": { + "type": "object", + "additionalProperties": false, + "properties": { + "items": { + "$ref": "#/definitions/OverriddenItem" + }, + "desc": { + "$ref": "#/definitions/OverriddenItem" + }, + "condition": { + "$ref": "#/definitions/OverriddenItem" + }, + "output": { + "$ref": "#/definitions/OverriddenItem" + }, + "priority": { + "$ref": "#/definitions/OverriddenItem" + }, + "enabled": { + "$ref": "#/definitions/OverriddenItem" + }, + "exceptions": { + "$ref": "#/definitions/OverriddenItem" + } + }, + "minProperties": 1, + "title": "Override" + } + } +} + +); // LONG_STRING_CONST macro diff --git a/userspace/falco/json_schema.h b/userspace/falco/config_json_schema.h similarity index 100% rename from userspace/falco/json_schema.h rename to userspace/falco/config_json_schema.h diff --git a/userspace/falco/configuration.cpp b/userspace/falco/configuration.cpp index 968ca6e3682..457d7a25021 100644 --- a/userspace/falco/configuration.cpp +++ b/userspace/falco/configuration.cpp @@ -36,7 +36,7 @@ limitations under the License. #include "configuration.h" #include "logger.h" -#include "json_schema.h" +#include "config_json_schema.h" #include