falcosecurity · poiana · Aug 31, 2023 · Aug 30, 2023 · Aug 31, 2023
diff --git a/falco.yaml b/falco.yaml
@@ -365,6 +365,8 @@ http_output:
   client_cert: "/etc/ssl/certs/client.crt"
   # Path to the client key.
   client_key: "/etc/ssl/certs/client.key"
+  # Whether to echo server answers to stdout
+  echo: false
 
 # [Stable] `program_output`
 #

diff --git a/submodules/falcosecurity-rules b/submodules/falcosecurity-rules
diff --git a/userspace/falco/configuration.cpp b/userspace/falco/configuration.cpp
@@ -195,6 +195,10 @@ void falco_configuration::load_yaml(const std::string& config_name, const yaml_h
 		insecure = config.get_scalar<bool>("http_output.insecure", false);
 		http_output.options["insecure"] = insecure? std::string("true") : std::string("false");
 
+		bool echo;
+		echo = config.get_scalar<bool>("http_output.echo", false);
+		http_output.options["echo"] = echo? std::string("true") : std::string("false");
+
 		std::string ca_cert;
 		ca_cert = config.get_scalar<std::string>("http_output.ca_cert", "");
 		http_output.options["ca_cert"] = ca_cert;

diff --git a/userspace/falco/falco_outputs.cpp b/userspace/falco/falco_outputs.cpp
@@ -116,8 +116,16 @@ void falco_outputs::add_output(falco::outputs::config oc)
 		throw falco_exception("Output not supported: " + oc.name);
 	}
 
-	oo->init(oc, m_buffered, m_hostname, m_json_output);
-	m_outputs.push_back(oo);
+	std::string init_err;
+	if (oo->init(oc, m_buffered, m_hostname, m_json_output, init_err))
+	{
+		m_outputs.push_back(oo);
+	}
+	else
+	{
+		falco_logger::log(LOG_ERR, "Failed to init output: " + init_err);
+		delete(oo);
+	}
 }
 
 void falco_outputs::handle_event(gen_event *evt, std::string &rule, std::string &source,

diff --git a/userspace/falco/outputs.h b/userspace/falco/outputs.h
@@ -62,14 +62,17 @@ struct message
 class abstract_output
 {
 public:
-	virtual ~abstract_output() {}
+	virtual ~abstract_output() = default;
 
-	void init(const config& oc, bool buffered, const std::string& hostname, bool json_output)
+	virtual bool init(const config& oc, bool buffered, const std::string& hostname, bool json_output, std::string &err)
 	{
 		m_oc = oc;
 		m_buffered = buffered;
 		m_hostname = hostname;
 		m_json_output = json_output;
+
+		err = "";
+		return true;
 	}
 
 	// Return the output's name as per its configuration.

diff --git a/userspace/falco/outputs_http.cpp b/userspace/falco/outputs_http.cpp
@@ -18,104 +18,107 @@ limitations under the License.
 #include "logger.h"
 #include "banned.h" // This raises a compilation error when certain functions are used
 
-void falco::outputs::output_http::output(const message *msg)
+#define CHECK_RES(fn) res = res == CURLE_OK ? fn : res
+
+static size_t noop_write_callback(void *contents, size_t size, size_t nmemb, void *userp)
+{
+	// We don't want to echo anything. Just return size of bytes ignored
+	return size * nmemb;
+}
+
+bool falco::outputs::output_http::init(const config& oc, bool buffered, const std::string& hostname, bool json_output, std::string &err)
 {
-	CURL *curl = NULL;
+	if (!falco::outputs::abstract_output::init(oc, buffered, hostname, json_output, err)) {
+		return false;
+	}
+
+	m_curl = nullptr;
+	m_http_headers = nullptr;
 	CURLcode res = CURLE_FAILED_INIT;
-	struct curl_slist *slist1;
-	slist1 = NULL;
 
-	curl = curl_easy_init();
-	if(curl)
+	m_curl = curl_easy_init();
+	if(!m_curl)
+	{
+		falco_logger::log(LOG_ERR, "libcurl failed to initialize the handle: " + std::string(curl_easy_strerror(res)));
+		return false;
+	}
+	if(m_json_output)
+	{
+		m_http_headers = curl_slist_append(m_http_headers, "Content-Type: application/json");
+	}
+	else
+	{
+		m_http_headers = curl_slist_append(m_http_headers, "Content-Type: text/plain");
+	}
+	res = curl_easy_setopt(m_curl, CURLOPT_HTTPHEADER, m_http_headers);
+
+	// if the URL is quoted the quotes should be removed to satisfy libcurl expected format
+	std::string unquotedUrl = m_oc.options["url"];
+	if (!unquotedUrl.empty() && (
+		(unquotedUrl.front() == '\"' && unquotedUrl.back() == '\"') ||
+		(unquotedUrl.front() == '\'' && unquotedUrl.back() == '\'')
+	))
+	{
+		unquotedUrl = libsinsp::filter::unescape_str(unquotedUrl);
+	}
+	CHECK_RES(curl_easy_setopt(m_curl, CURLOPT_URL, unquotedUrl.c_str()));
+
+	CHECK_RES(curl_easy_setopt(m_curl, CURLOPT_USERAGENT, m_oc.options["user_agent"].c_str()));
+	CHECK_RES(curl_easy_setopt(m_curl, CURLOPT_POSTFIELDSIZE, -1L));
+
+	if(m_oc.options["insecure"] == std::string("true"))
+	{
+		CHECK_RES(curl_easy_setopt(m_curl, CURLOPT_SSL_VERIFYPEER, 0L));
+		CHECK_RES(curl_easy_setopt(m_curl, CURLOPT_SSL_VERIFYHOST, 0L));
+	}
+
+	if(m_oc.options["mtls"] == std::string("true"))
+	{
+		CHECK_RES(curl_easy_setopt(m_curl, CURLOPT_SSLCERT, m_oc.options["client_cert"].c_str()));
+		CHECK_RES(curl_easy_setopt(m_curl, CURLOPT_SSLKEY, m_oc.options["client_key"].c_str()));
+	}
+
+	if (!m_oc.options["ca_cert"].empty())
+	{
+		CHECK_RES(curl_easy_setopt(m_curl, CURLOPT_CAINFO, m_oc.options["ca_cert"].c_str()));
+	}
+	else if(!m_oc.options["ca_bundle"].empty())
+	{
+		CHECK_RES(curl_easy_setopt(m_curl, CURLOPT_CAINFO, m_oc.options["ca_bundle"].c_str()));
+	}
+	else
 	{
-		if (m_json_output)
-		{
-			slist1 = curl_slist_append(slist1, "Content-Type: application/json");
-		} else {
-			slist1 = curl_slist_append(slist1, "Content-Type: text/plain");
-		}
-		res = curl_easy_setopt(curl, CURLOPT_HTTPHEADER, slist1);
-
-		if(res == CURLE_OK)
-		{
-			// if the URL is quoted the quotes should be removed to satisfy libcurl expected format
-			std::string unquotedUrl = m_oc.options["url"];
-			if (!unquotedUrl.empty() && (
-				(unquotedUrl.front() == '\"' && unquotedUrl.back() == '\"') ||
-				(unquotedUrl.front() == '\'' && unquotedUrl.back() == '\'')
-			))
-			{
-				unquotedUrl = libsinsp::filter::unescape_str(unquotedUrl);
-			}
-			res = curl_easy_setopt(curl, CURLOPT_URL, unquotedUrl.c_str());
-		}
-
-		if(res == CURLE_OK)
-		{
-			res = curl_easy_setopt(curl, CURLOPT_POSTFIELDS, msg->msg.c_str());
-		}
-
-		if(res == CURLE_OK)
-		{
-			res = curl_easy_setopt(curl, CURLOPT_USERAGENT, m_oc.options["user_agent"].c_str());
-		}
-
-		if(res == CURLE_OK)
-		{
-			res = curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, -1L);
-		}
-
-		if(res == CURLE_OK)
-		{
-			if(m_oc.options["insecure"] == std::string("true"))
-			{
-				res = curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
-
-				if(res == CURLE_OK)
-				{
-					res = curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
-				}
-			}
-		}
-
-		if(res == CURLE_OK)
-		{
-			if(m_oc.options["mtls"] == std::string("true"))
-			{
-				res = curl_easy_setopt(curl, CURLOPT_SSLCERT, m_oc.options["client_cert"].c_str());
-
-				if(res == CURLE_OK)
-				{
-					res = curl_easy_setopt(curl, CURLOPT_SSLKEY, m_oc.options["client_key"].c_str());
-				}
-			}
-		}
-
-		if(res == CURLE_OK)
-		{
-			if (!m_oc.options["ca_cert"].empty())
-			{
-				res = curl_easy_setopt(curl, CURLOPT_CAINFO, m_oc.options["ca_cert"].c_str());
-			}else if(!m_oc.options["ca_bundle"].empty())
-			{
-				res = curl_easy_setopt(curl, CURLOPT_CAINFO, m_oc.options["ca_bundle"].c_str());
-			}else{
-				res = curl_easy_setopt(curl, CURLOPT_CAPATH, m_oc.options["ca_path"].c_str());
-			}
-		}
-
-  		if(res == CURLE_OK)
-		{
-			res = curl_easy_perform(curl);
-		}
-
-		if(res != CURLE_OK)
-		{
-			falco_logger::log(LOG_ERR, "libcurl error: " + std::string(curl_easy_strerror(res)));
-		}
-		curl_easy_cleanup(curl);
-		curl = NULL;
-		curl_slist_free_all(slist1);
-		slist1 = NULL;
+		CHECK_RES(curl_easy_setopt(m_curl, CURLOPT_CAPATH, m_oc.options["ca_path"].c_str()));
 	}
+
+	if(m_oc.options["echo"] == std::string("false"))
+	{
+		// If echo==true, libcurl defaults to fwrite to stdout, ie: echoing
+		CHECK_RES(curl_easy_setopt(m_curl, CURLOPT_WRITEFUNCTION, noop_write_callback));
+	}
+
+	if(res != CURLE_OK)
+	{
+		err = "libcurl error: " + std::string(curl_easy_strerror(res));
+		return false;
+	}
+	return true;
+}
+
+void falco::outputs::output_http::output(const message *msg)
+{
+	CURLcode res = curl_easy_setopt(m_curl, CURLOPT_POSTFIELDS, msg->msg.c_str());
+	CHECK_RES(curl_easy_perform(m_curl));
+	if(res != CURLE_OK)
+	{
+		falco_logger::log(LOG_ERR, "libcurl failed to perform call: " + std::string(curl_easy_strerror(res)));
+	}
+}
+
+void falco::outputs::output_http::cleanup()
+{
+	curl_easy_cleanup(m_curl);
+	m_curl = nullptr;
+	curl_slist_free_all(m_http_headers);
+	m_http_headers = nullptr;
 }
diff --git a/userspace/falco/outputs_http.h b/userspace/falco/outputs_http.h
@@ -25,7 +25,13 @@ namespace outputs
 
 class output_http : public abstract_output
 {
-	void output(const message *msg);
+	bool init(const config& oc, bool buffered, const std::string& hostname, bool json_output, std::string &err) override;
+	void output(const message *msg) override;
+	void cleanup() override;
+
+private:
+	CURL *m_curl;
+	struct curl_slist *m_http_headers;
 };
 
 } // namespace outputs
+0 −2		.github/FALCO_VERSIONS
+6 −22		.github/PULL_REQUEST_TEMPLATE.md
+0 −63		.github/compare-rule-files.sh
+0 −3		.github/scripts/requirements.txt
+0 −139		.github/scripts/rules_overview_generator.py
+3 −8		.github/workflows/ci.yaml
+0 −54		.github/workflows/create-comment.yaml
+0 −47		.github/workflows/pages.yaml
+6 −26		.github/workflows/release.yaml
+0 −188		.github/workflows/rules.yaml
+0 −108		CONTRIBUTING.md
+0 −1		OWNERS
+14 −25		README.md
+9 −52		RELEASE.md
+0 −1		build/checker/.gitignore
+0 −97		build/checker/cmd/common.go
+0 −54		build/checker/cmd/common_test.go
+0 −536		build/checker/cmd/compare.go
+0 −420		build/checker/cmd/compare_test.go
+0 −34		build/checker/cmd/root.go
+0 −113		build/checker/cmd/validate.go
+0 −35		build/checker/go.mod
+0 −95		build/checker/go.sum
+0 −23		build/checker/main.go
+15 −23		build/registry/cmd.go
+81 −32		build/registry/go.mod
+917 −95		build/registry/go.sum
+1 −14		build/registry/index.go
+4 −10		build/registry/oci.go
+0 −2		build/registry/testdata/registry.yaml
+0 −6		mkdocs.yml
+0 −245		proposals/20230605-rules-adoption-management-maturity-framework.md
+570 −818		rules/falco_rules.yaml
+255 −0		rules_inventory/rules_overview.md
+3 −0		rules_inventory/scripts/requirements.txt
+91 −0		rules_inventory/scripts/rules_overview_generator.py