falcosecurity · poiana · Jan 15, 2023 · Jan 12, 2023 · Jan 12, 2023 · Jan 12, 2023
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
@@ -23,7 +23,7 @@ set(
   engine/test_filter_evttype_resolver.cpp
   engine/test_filter_warning_resolver.cpp
   engine/test_plugin_requirements.cpp
-  falco/test_configuration.cpp
+  falco/test_yaml_helper.cpp
 )
 
 set(FALCO_TESTED_LIBRARIES falco_engine ${YAMLCPP_LIB})

diff --git a/tests/falco/test_configuration.cpp → tests/falco/test_yaml_helper.cpp b/tests/falco/test_configuration.cpp → tests/falco/test_yaml_helper.cpp
@@ -32,7 +32,7 @@ string sample_yaml =
 
 TEST_CASE("configuration must load YAML data", "[configuration]")
 {
-    yaml_configuration conf;
+    yaml_helper conf;
 
     SECTION("broken YAML")
     {
@@ -58,7 +58,7 @@ TEST_CASE("configuration must load YAML data", "[configuration]")
 
 TEST_CASE("configuration must read YAML fields", "[configuration]")
 {
-	yaml_configuration conf;
+	yaml_helper conf;
     conf.load_from_string(sample_yaml);
 
     SECTION("base level")
@@ -96,7 +96,7 @@ TEST_CASE("configuration must read YAML fields", "[configuration]")
 TEST_CASE("configuration must modify YAML fields", "[configuration]")
 {
     string key = "base_value.subvalue.subvalue2.boolean";
-	yaml_configuration conf;
+	yaml_helper conf;
     conf.load_from_string(sample_yaml);
     REQUIRE(conf.get_scalar<bool>(key, false) == true);
     conf.set_scalar<bool>(key, false);

diff --git a/userspace/falco/app_actions/init_outputs.cpp b/userspace/falco/app_actions/init_outputs.cpp
@@ -23,6 +23,11 @@ using namespace falco::app;
 
 application::run_result application::init_outputs()
 {
+	if (m_state->config->m_outputs.empty())
+	{
+		return run_result::fatal("No outputs configured. Please configure at least one output file output enabled but no filename in configuration block");
+	}
+
 	// read hostname
 	std::string hostname;
 	char* env_hostname = getenv("FALCO_HOSTNAME");

diff --git a/userspace/falco/app_actions/load_config.cpp b/userspace/falco/app_actions/load_config.cpp
@@ -20,29 +20,48 @@ using namespace falco::app;
 
 application::run_result application::load_config()
 {
-	if (!m_options.conf_filename.empty())
+	try
 	{
-		m_state->config->init(m_options.conf_filename, m_options.cmdline_config_options);
-		falco_logger::set_time_format_iso_8601(m_state->config->m_time_format_iso_8601);
-
-		// log after config init because config determines where logs go
-		falco_logger::log(LOG_INFO, "Falco version: " + std::string(FALCO_VERSION) + " (" + std::string(FALCO_TARGET_ARCH) + ")\n");
-		if (!m_state->cmdline.empty())
+		if (!m_options.conf_filename.empty())
+		{
+			m_state->config->init(m_options.conf_filename, m_options.cmdline_config_options);
+		}
+		else
 		{
-			falco_logger::log(LOG_DEBUG, "CLI args: " + m_state->cmdline);
+			m_state->config->init(m_options.cmdline_config_options);
 		}
+	}
+	catch (std::exception& e)
+	{
+		return run_result::fatal(e.what());
+	}
+
+	// log after config init because config determines where logs go
+	falco_logger::set_time_format_iso_8601(m_state->config->m_time_format_iso_8601);
+	falco_logger::log(LOG_INFO, "Falco version: " + std::string(FALCO_VERSION) + " (" + std::string(FALCO_TARGET_ARCH) + ")\n");
+	if (!m_state->cmdline.empty())
+	{
+		falco_logger::log(LOG_DEBUG, "CLI args: " + m_state->cmdline);
+	}
+	if (!m_options.conf_filename.empty())
+	{
 		falco_logger::log(LOG_INFO, "Falco initialized with configuration file: " + m_options.conf_filename + "\n");
 	}
-	else
+
+	m_state->config->m_buffered_outputs = !m_options.unbuffered_outputs;
+
+	return run_result::ok();
+}
+
+application::run_result application::require_config_file()
+{
+	if (m_options.conf_filename.empty())
 	{
 #ifndef BUILD_TYPE_RELEASE
 		return run_result::fatal(std::string("You must create a config file at ")  + FALCO_SOURCE_CONF_FILE + ", " + FALCO_INSTALL_CONF_FILE + " or by passing -c");
 #else
 		return run_result::fatal(std::string("You must create a config file at ")  + FALCO_INSTALL_CONF_FILE + " or by passing -c");
 #endif
 	}
-
-	m_state->config->m_buffered_outputs = !m_options.unbuffered_outputs;
-
 	return run_result::ok();
-}
+}
diff --git a/userspace/falco/app_actions/print_support.cpp b/userspace/falco/app_actions/print_support.cpp
@@ -38,7 +38,6 @@ application::run_result application::print_support()
 		struct utsname sysinfo;
 		std::string cmdline;
 		std::unique_ptr<sinsp> s(new sinsp());
-		char driver_api_version_string[32], driver_schema_version_string[32];
 
 		if(uname(&sysinfo) != 0)
 		{

diff --git a/userspace/falco/app_actions/print_version.cpp b/userspace/falco/app_actions/print_version.cpp
@@ -26,34 +26,29 @@ application::run_result application::print_version()
 {
 	if(m_options.print_version_info)
 	{
-		std::unique_ptr<sinsp> s(new sinsp());
-		printf("Falco version: %s\n", FALCO_VERSION);
-		printf("Libs version:  %s\n", FALCOSECURITY_LIBS_VERSION);
-		printf("Plugin API:    %s\n", application::get_plugin_api_version().c_str());
-		printf("Engine:        %d\n", FALCO_ENGINE_VERSION);
-
-		printf("Driver:\n");
-		printf("  API version:    %s\n", application::get_driver_api_version().c_str());
-		printf("  Schema version: %s\n", application::get_driver_api_version().c_str());
-		printf("  Default driver: %s\n", DRIVER_VERSION);
-
-		return run_result::exit();
-	}
-
-	if(m_options.print_version_info_json)
-	{
-		nlohmann::json version_info;
-
-		version_info["falco_version"] = FALCO_VERSION;
-		version_info["libs_version"] = FALCOSECURITY_LIBS_VERSION;
-		version_info["plugin_api_version"] = application::get_plugin_api_version();
-		version_info["driver_api_version"] = application::get_driver_api_version();
-		version_info["driver_schema_version"] = application::get_driver_schema_version();
-		version_info["default_driver_version"] = DRIVER_VERSION;
-		version_info["engine_version"] = std::to_string(FALCO_ENGINE_VERSION);
-
-		printf("%s\n", version_info.dump().c_str());
-
+		if(m_state->config->m_json_output)
+		{
+			nlohmann::json version_info;
+			version_info["falco_version"] = FALCO_VERSION;
+			version_info["libs_version"] = FALCOSECURITY_LIBS_VERSION;
+			version_info["plugin_api_version"] = application::get_plugin_api_version();
+			version_info["driver_api_version"] = application::get_driver_api_version();
+			version_info["driver_schema_version"] = application::get_driver_schema_version();
+			version_info["default_driver_version"] = DRIVER_VERSION;
+			version_info["engine_version"] = std::to_string(FALCO_ENGINE_VERSION);
+			printf("%s\n", version_info.dump().c_str());
+		}
+		else
+		{
+			printf("Falco version: %s\n", FALCO_VERSION);
+			printf("Libs version:  %s\n", FALCOSECURITY_LIBS_VERSION);
+			printf("Plugin API:    %s\n", application::get_plugin_api_version().c_str());
+			printf("Engine:        %d\n", FALCO_ENGINE_VERSION);
+			printf("Driver:\n");
+			printf("  API version:    %s\n", application::get_driver_api_version().c_str());
+			printf("  Schema version: %s\n", application::get_driver_api_version().c_str());
+			printf("  Default driver: %s\n", DRIVER_VERSION);
+		}
 		return run_result::exit();
 	}
 

diff --git a/userspace/falco/app_cmdline_options.cpp b/userspace/falco/app_cmdline_options.cpp
@@ -211,7 +211,6 @@ void cmdline_options::define()
 		("V,validate",                    "Read the contents of the specified rules(s) file and exit. This option can be passed multiple times to validate multiple files.", cxxopts::value(validate_rules_filenames), "<rules_file>")
 		("v",                             "Verbose output.", cxxopts::value(verbose)->default_value("false"))
 		("version",                       "Print version number.", cxxopts::value(print_version_info)->default_value("false"))
-		("version-json",                  "Print version information in JSON format", cxxopts::value(print_version_info_json)->default_value("false"))
 		("page-size",                     "Print the system page size (may help you to choose the right syscall ring-buffer size).", cxxopts::value(print_page_size)->default_value("false"));
 
 

diff --git a/userspace/falco/app_cmdline_options.h b/userspace/falco/app_cmdline_options.h
@@ -78,7 +78,6 @@ class cmdline_options {
 	std::vector<std::string> validate_rules_filenames;
 	bool verbose;
 	bool print_version_info;
-	bool print_version_info_json;
 	bool print_page_size;
 	bool modern_bpf;
 

diff --git a/userspace/falco/application.cpp b/userspace/falco/application.cpp
@@ -172,13 +172,14 @@ bool application::run(std::string &errstr, bool &restart)
 	// dependencies are honored (e.g. don't process events before
 	// loading plugins, opening inspector, etc.).
 	std::list<std::function<run_result()>> run_steps = {
+		std::bind(&application::load_config, this),
 		std::bind(&application::print_help, this),
 		std::bind(&application::print_version, this),
 		std::bind(&application::print_page_size, this),
 		std::bind(&application::print_generated_gvisor_config, this),
 		std::bind(&application::print_ignored_events, this),
 		std::bind(&application::print_syscall_events, this),
-		std::bind(&application::load_config, this),
+		std::bind(&application::require_config_file, this),
 		std::bind(&application::print_plugin_info, this),
 		std::bind(&application::list_plugins, this),
 		std::bind(&application::load_plugins, this),

diff --git a/userspace/falco/application.h b/userspace/falco/application.h
@@ -315,6 +315,7 @@ class application {
 	run_result list_fields();
 	run_result list_plugins();
 	run_result load_config();
+	run_result require_config_file();
 	run_result load_plugins();
 	run_result load_rules_files();
 	run_result create_requested_paths();