diff --git a/unit_tests/test_falco_engine.h b/unit_tests/test_falco_engine.h index 9a41b88871f..ff1902db873 100644 --- a/unit_tests/test_falco_engine.h +++ b/unit_tests/test_falco_engine.h @@ -29,7 +29,7 @@ class test_falco_engine : public ::testing::Test { } - bool load_rules(std::string rules_content, std::string rules_filename) + bool load_rules(const std::string& rules_content, const std::string& rules_filename) { bool ret = false; falco::load_result::rules_contents_t rc = {{rules_filename, rules_content}}; @@ -47,7 +47,7 @@ class test_falco_engine : public ::testing::Test { } // This must be kept in line with the (private) falco_engine::s_default_ruleset - uint64_t num_rules_for_ruleset(std::string ruleset = "falco-default-ruleset") + uint64_t num_rules_for_ruleset(const std::string& ruleset = "falco-default-ruleset") { return m_engine->num_rules_for_ruleset(ruleset); } @@ -57,14 +57,14 @@ class test_falco_engine : public ::testing::Test { return m_load_result->has_warnings(); } - bool check_warning_message(std::string warning_msg) + bool check_warning_message(const std::string& warning_msg) const { if(!m_load_result->has_warnings()) { return false; } - for(auto &warn : m_load_result_json["warnings"]) + for(const auto &warn : m_load_result_json["warnings"]) { std::string msg = warn["message"]; // Debug: @@ -78,7 +78,7 @@ class test_falco_engine : public ::testing::Test { return false; } - bool check_error_message(std::string error_msg) + bool check_error_message(const std::string& error_msg) const { // if the loading is successful there are no errors if(m_load_result->successful()) @@ -86,7 +86,7 @@ class test_falco_engine : public ::testing::Test { return false; } - for(auto &err : m_load_result_json["errors"]) + for(const auto &err : m_load_result_json["errors"]) { std::string msg = err["message"]; // Debug: @@ -100,7 +100,7 @@ class test_falco_engine : public ::testing::Test { return false; } - std::string get_compiled_rule_condition(std::string rule_name = "") + std::string get_compiled_rule_condition(std::string rule_name = "") const { auto rule_description = m_engine->describe_rule(&rule_name, {}); return rule_description["rules"][0]["details"]["condition_compiled"].template get(); diff --git a/userspace/engine/evttype_index_ruleset.cpp b/userspace/engine/evttype_index_ruleset.cpp index 1bd3b48a8d7..f1dfe4a9b6f 100644 --- a/userspace/engine/evttype_index_ruleset.cpp +++ b/userspace/engine/evttype_index_ruleset.cpp @@ -115,7 +115,7 @@ bool evttype_index_ruleset::ruleset_filters::run(sinsp_evt *evt, falco_rule& mat { if(evt->get_type() < m_filter_by_event_type.size()) { - for(auto &wrap : m_filter_by_event_type[evt->get_type()]) + for(const auto &wrap : m_filter_by_event_type[evt->get_type()]) { if(wrap->filter->run(evt)) { @@ -126,7 +126,7 @@ bool evttype_index_ruleset::ruleset_filters::run(sinsp_evt *evt, falco_rule& mat } // Finally, try filters that are not specific to an event type. - for(auto &wrap : m_filter_all_event_types) + for(const auto &wrap : m_filter_all_event_types) { if(wrap->filter->run(evt)) { @@ -144,7 +144,7 @@ bool evttype_index_ruleset::ruleset_filters::run(sinsp_evt *evt, std::vectorget_type() < m_filter_by_event_type.size()) { - for(auto &wrap : m_filter_by_event_type[evt->get_type()]) + for(const auto &wrap : m_filter_by_event_type[evt->get_type()]) { if(wrap->filter->run(evt)) { @@ -160,7 +160,7 @@ bool evttype_index_ruleset::ruleset_filters::run(sinsp_evt *evt, std::vectorfilter->run(evt)) { @@ -175,7 +175,7 @@ bool evttype_index_ruleset::ruleset_filters::run(sinsp_evt *evt, std::vector evttype_index_ruleset::ruleset_filters::sc_codes() { libsinsp::events::set res; - for(auto &wrap : m_filters) + for(const auto &wrap : m_filters) { res.insert(wrap->sc_codes.begin(), wrap->sc_codes.end()); } @@ -185,7 +185,7 @@ libsinsp::events::set evttype_index_ruleset::ruleset_filters::sc_co libsinsp::events::set evttype_index_ruleset::ruleset_filters::event_codes() { libsinsp::events::set res; - for(auto &wrap : m_filters) + for(const auto &wrap : m_filters) { res.insert(wrap->event_codes.begin(), wrap->event_codes.end()); } diff --git a/userspace/engine/falco_common.cpp b/userspace/engine/falco_common.cpp index 8ed555d9e78..dac4233226b 100644 --- a/userspace/engine/falco_common.cpp +++ b/userspace/engine/falco_common.cpp @@ -33,7 +33,7 @@ static std::vector rule_matching_names = { "all" }; -bool falco_common::parse_priority(std::string v, priority_type& out) +bool falco_common::parse_priority(const std::string& v, priority_type& out) { for (size_t i = 0; i < priority_names.size(); i++) { @@ -50,7 +50,7 @@ bool falco_common::parse_priority(std::string v, priority_type& out) return false; } -falco_common::priority_type falco_common::parse_priority(std::string v) +falco_common::priority_type falco_common::parse_priority(const std::string& v) { falco_common::priority_type out; if (!parse_priority(v, out)) @@ -87,7 +87,7 @@ std::string falco_common::format_priority(priority_type v, bool shortfmt) return out; } -bool falco_common::parse_rule_matching(std::string v, rule_matching& out) +bool falco_common::parse_rule_matching(const std::string& v, rule_matching& out) { for (size_t i = 0; i < rule_matching_names.size(); i++) { diff --git a/userspace/engine/falco_common.h b/userspace/engine/falco_common.h index 18353aea3a0..b33695d7d26 100644 --- a/userspace/engine/falco_common.h +++ b/userspace/engine/falco_common.h @@ -57,8 +57,8 @@ namespace falco_common PRIORITY_DEBUG = 7 }; - bool parse_priority(std::string v, priority_type& out); - priority_type parse_priority(std::string v); + bool parse_priority(const std::string& v, priority_type& out); + priority_type parse_priority(const std::string& v); bool format_priority(priority_type v, std::string& out, bool shortfmt=false); std::string format_priority(priority_type v, bool shortfmt=false); @@ -68,5 +68,5 @@ namespace falco_common ALL = 1 }; - bool parse_rule_matching(std::string v, rule_matching& out); + bool parse_rule_matching(const std::string& v, rule_matching& out); }; diff --git a/userspace/engine/falco_engine.cpp b/userspace/engine/falco_engine.cpp index 2bd3790970e..b177dbef83e 100644 --- a/userspace/engine/falco_engine.cpp +++ b/userspace/engine/falco_engine.cpp @@ -120,7 +120,7 @@ static std::string fieldclass_key(const sinsp_filter_factory::filter_fieldclass_ return fld_info.name + fld_info.shortdesc; } -void falco_engine::list_fields(std::string &source, bool verbose, bool names_only, bool markdown) const +void falco_engine::list_fields(const std::string &source, bool verbose, bool names_only, bool markdown) const { // Maps from field class name + short desc to list of event // sources for which this field class can be used. @@ -360,7 +360,7 @@ uint64_t falco_engine::num_rules_for_ruleset(const std::string &ruleset) return ret; } -void falco_engine::evttypes_for_ruleset(std::string &source, std::set &evttypes, const std::string &ruleset) +void falco_engine::evttypes_for_ruleset(const std::string &source, std::set &evttypes, const std::string &ruleset) { find_source(source)->ruleset->enabled_evttypes(evttypes, find_ruleset_id(ruleset)); } @@ -422,7 +422,7 @@ std::unique_ptr> falco_engine::process_ev } auto res = std::make_unique>(); - for(auto rule : source->m_rules) + for(const auto& rule : source->m_rules) { rule_result rule_result; rule_result.evt = ev; @@ -1025,7 +1025,7 @@ void falco_engine::fill_engine_state_funcs(filter_ruleset::engine_state_funcs &e { engine_state.get_ruleset = [this](const std::string &source_name, std::shared_ptr &ruleset) -> bool { - falco_source *src = m_sources.at(source_name); + const falco_source *src = m_sources.at(source_name); if(src == nullptr) { return false; @@ -1055,7 +1055,7 @@ void falco_engine::set_sampling_multiplier(double sampling_multiplier) m_sampling_multiplier = sampling_multiplier; } -void falco_engine::set_extra(std::string &extra, bool replace_container_info) +void falco_engine::set_extra(const std::string &extra, bool replace_container_info) { m_extra = extra; m_replace_container_info = replace_container_info; diff --git a/userspace/engine/falco_engine.h b/userspace/engine/falco_engine.h index 3206584adc5..2aa1a72b834 100644 --- a/userspace/engine/falco_engine.h +++ b/userspace/engine/falco_engine.h @@ -64,7 +64,7 @@ class falco_engine // Print to stdout (using printf) a description of each field supported by this engine. // If source is non-empty, only fields for the provided source are printed. - void list_fields(std::string &source, bool verbose, bool names_only, bool markdown) const; + void list_fields(const std::string &source, bool verbose, bool names_only, bool markdown) const; // Provide an alternate rule reader, collector, and compiler // to compile any rules provided via load_rules* @@ -168,7 +168,7 @@ class falco_engine // add k8s/container information to outputs when // available. // - void set_extra(std::string &extra, bool replace_container_info); + void set_extra(const std::string &extra, bool replace_container_info); // Represents the result of matching an event against a set of // rules. @@ -271,7 +271,7 @@ class falco_engine // typing-improved `enabled_event_codes` and `enabled_sc_codes` instead // todo(jasondellaluce): remove this in future code refactors // - void evttypes_for_ruleset(std::string &source, + void evttypes_for_ruleset(const std::string &source, std::set &evttypes, const std::string &ruleset = s_default_ruleset); diff --git a/userspace/engine/filter_ruleset.cpp b/userspace/engine/filter_ruleset.cpp index f99c2434063..afc748241bd 100644 --- a/userspace/engine/filter_ruleset.cpp +++ b/userspace/engine/filter_ruleset.cpp @@ -17,7 +17,7 @@ limitations under the License. #include "filter_ruleset.h" -void filter_ruleset::set_engine_state(filter_ruleset::engine_state_funcs& engine_state) +void filter_ruleset::set_engine_state(const filter_ruleset::engine_state_funcs& engine_state) { m_engine_state = engine_state; } diff --git a/userspace/engine/filter_ruleset.h b/userspace/engine/filter_ruleset.h index bf8f7b79bff..b5ba3d5e1e9 100644 --- a/userspace/engine/filter_ruleset.h +++ b/userspace/engine/filter_ruleset.h @@ -43,7 +43,7 @@ class filter_ruleset virtual ~filter_ruleset() = default; - void set_engine_state(engine_state_funcs &engine_state); + void set_engine_state(const engine_state_funcs &engine_state); engine_state_funcs &get_engine_state(); /*! diff --git a/userspace/engine/formats.cpp b/userspace/engine/formats.cpp index 64a2e75c035..c6826198bf2 100644 --- a/userspace/engine/formats.cpp +++ b/userspace/engine/formats.cpp @@ -34,7 +34,7 @@ falco_formats::~falco_formats() } std::string falco_formats::format_event(sinsp_evt *evt, const std::string &rule, const std::string &source, - const std::string &level, const std::string &format, std::set &tags, + const std::string &level, const std::string &format, const std::set &tags, const std::string &hostname) const { std::string line; @@ -101,7 +101,7 @@ std::string falco_formats::format_event(sinsp_evt *evt, const std::string &rule, } else { - for (auto &tag : tags) + for (const auto &tag : tags) { rule_tags[rule_tags_idx++] = tag; } @@ -128,7 +128,7 @@ std::string falco_formats::format_event(sinsp_evt *evt, const std::string &rule, line = full_line; } - return line.c_str(); + return line; } std::map falco_formats::get_field_values(sinsp_evt *evt, const std::string &source, diff --git a/userspace/engine/formats.h b/userspace/engine/formats.h index ee0d7361d71..3c74609ff5f 100644 --- a/userspace/engine/formats.h +++ b/userspace/engine/formats.h @@ -30,7 +30,7 @@ class falco_formats virtual ~falco_formats(); std::string format_event(sinsp_evt *evt, const std::string &rule, const std::string &source, - const std::string &level, const std::string &format, std::set &tags, + const std::string &level, const std::string &format, const std::set &tags, const std::string &hostname) const; std::map get_field_values(sinsp_evt *evt, const std::string &source, diff --git a/userspace/engine/rule_loader.cpp b/userspace/engine/rule_loader.cpp index a801ff2b0c7..9b6788375ec 100644 --- a/userspace/engine/rule_loader.cpp +++ b/userspace/engine/rule_loader.cpp @@ -140,7 +140,7 @@ std::string rule_loader::context::as_string() bool first = true; - for(auto& loc : m_locs) + for(const auto& loc : m_locs) { os << (first ? "In " : " "); first = false; @@ -174,7 +174,7 @@ nlohmann::json rule_loader::context::as_json() throw falco_exception("rule_loader::context without location?"); } - for(auto& loc : m_locs) + for(const auto& loc : m_locs) { nlohmann::json jloc, jpos; diff --git a/userspace/engine/rule_loader_collector.cpp b/userspace/engine/rule_loader_collector.cpp index 35c4058a0f3..1832e1b6171 100644 --- a/userspace/engine/rule_loader_collector.cpp +++ b/userspace/engine/rule_loader_collector.cpp @@ -78,7 +78,7 @@ static void validate_exception_info( THROW(ex.fields.items.size() != ex.comps.items.size(), "Fields and comps lists must have equal length", ex.ctx); - for (auto &v : ex.comps.items) + for (const auto &v : ex.comps.items) { THROW(!is_operator_defined(v.item), std::string("'") + v.item + "' is not a supported comparison operator", @@ -86,7 +86,7 @@ static void validate_exception_info( } if (source) { - for (auto &v : ex.fields.items) + for (const auto &v : ex.fields.items) { THROW(!source->is_field_defined(v.item), std::string("'") + v.item + "' is not a supported filter field", @@ -212,12 +212,12 @@ void rule_loader::collector::append(configuration& cfg, macro_info& info) void rule_loader::collector::define(configuration& cfg, rule_info& info) { - auto prev = m_rule_infos.at(info.name); + const auto* prev = m_rule_infos.at(info.name); THROW(prev && prev->source != info.source, "Rule has been re-defined with a different source", info.ctx); - auto source = cfg.sources.at(info.source); + const auto* source = cfg.sources.at(info.source); if (!source) { info.unknown_source = true; @@ -248,7 +248,7 @@ void rule_loader::collector::append(configuration& cfg, rule_update_info& info) // note: source can be nullptr in case we've collected a // rule for which the source is unknown - falco_source* source = nullptr; + const falco_source* source = nullptr; if (!prev->unknown_source) { // note: if the source is not unknown, this should not return nullptr @@ -330,7 +330,7 @@ void rule_loader::collector::selective_replace(configuration& cfg, rule_update_i // note: source can be nullptr in case we've collected a // rule for which the source is unknown - falco_source* source = nullptr; + const falco_source* source = nullptr; if (!prev->unknown_source) { // note: if the source is not unknown, this should not return nullptr diff --git a/userspace/engine/rule_loader_compiler.cpp b/userspace/engine/rule_loader_compiler.cpp index 9331ba4964c..a793c8b02b6 100644 --- a/userspace/engine/rule_loader_compiler.cpp +++ b/userspace/engine/rule_loader_compiler.cpp @@ -394,7 +394,7 @@ void rule_loader::compiler::compile_macros_infos( filter_macro_resolver macro_resolver; for (auto &m : out) { - auto info = macro_info_from_name(col, m.name); + const auto* info = macro_info_from_name(col, m.name); resolve_macros(macro_resolver, col.macros(), out, m.condition, info->cond, info->visibility, info->ctx); } } diff --git a/userspace/engine/rule_loader_reader.cpp b/userspace/engine/rule_loader_reader.cpp index d43776a9b5e..fc4c6fdae5e 100644 --- a/userspace/engine/rule_loader_reader.cpp +++ b/userspace/engine/rule_loader_reader.cpp @@ -314,7 +314,7 @@ static void read_rule_exceptions( rule_loader::context vals_ctx(exvals, rule_loader::context::EXCEPTION_VALUES, "", ex_ctx); THROW(!exvals.IsSequence(), "Rule exception values must be a sequence", vals_ctx); - for (auto &val : exvals) + for (const auto &val : exvals) { rule_loader::context vctx(val, rule_loader::context::EXCEPTION_VALUE, "", vals_ctx); rule_loader::rule_exception_info::entry v_ex_val; @@ -654,7 +654,7 @@ void rule_loader::reader::read_item( } // if any expected key has not been defined throw an error - for (auto &key : expected_keys) { + for (const auto &key : expected_keys) { rule_loader::context keyctx(item[key], rule_loader::context::OVERRIDE, key, ctx); THROW(true, "Unexpected key '" + key + "': no corresponding entry under 'override' is defined.", keyctx); } diff --git a/userspace/falco/app/actions/actions.h b/userspace/falco/app/actions/actions.h index b5d4e73b57f..96bf98e62a7 100644 --- a/userspace/falco/app/actions/actions.h +++ b/userspace/falco/app/actions/actions.h @@ -26,29 +26,29 @@ namespace actions { falco::app::run_result configure_interesting_sets(falco::app::state& s); falco::app::run_result configure_syscall_buffer_size(falco::app::state& s); -falco::app::run_result configure_syscall_buffer_num(falco::app::state& s); +falco::app::run_result configure_syscall_buffer_num(const falco::app::state& s); falco::app::run_result create_requested_paths(falco::app::state& s); falco::app::run_result create_signal_handlers(falco::app::state& s); -falco::app::run_result pidfile(falco::app::state& s); +falco::app::run_result pidfile(const falco::app::state& s); falco::app::run_result init_falco_engine(falco::app::state& s); falco::app::run_result init_inspectors(falco::app::state& s); falco::app::run_result init_outputs(falco::app::state& s); falco::app::run_result list_fields(falco::app::state& s); -falco::app::run_result list_plugins(falco::app::state& s); -falco::app::run_result load_config(falco::app::state& s); +falco::app::run_result list_plugins(const falco::app::state& s); +falco::app::run_result load_config(const falco::app::state& s); falco::app::run_result load_plugins(falco::app::state& s); falco::app::run_result load_rules_files(falco::app::state& s); falco::app::run_result print_generated_gvisor_config(falco::app::state& s); falco::app::run_result print_help(falco::app::state& s); -falco::app::run_result print_ignored_events(falco::app::state& s); -falco::app::run_result print_kernel_version(falco::app::state& s); -falco::app::run_result print_page_size(falco::app::state& s); -falco::app::run_result print_plugin_info(falco::app::state& s); +falco::app::run_result print_ignored_events(const falco::app::state& s); +falco::app::run_result print_kernel_version(const falco::app::state& s); +falco::app::run_result print_page_size(const falco::app::state& s); +falco::app::run_result print_plugin_info(const falco::app::state& s); falco::app::run_result print_support(falco::app::state& s); falco::app::run_result print_syscall_events(falco::app::state& s); falco::app::run_result print_version(falco::app::state& s); falco::app::run_result process_events(falco::app::state& s); -falco::app::run_result require_config_file(falco::app::state& s); +falco::app::run_result require_config_file(const falco::app::state& s); falco::app::run_result select_event_sources(falco::app::state& s); falco::app::run_result start_grpc_server(falco::app::state& s); falco::app::run_result start_webserver(falco::app::state& s); diff --git a/userspace/falco/app/actions/configure_syscall_buffer_num.cpp b/userspace/falco/app/actions/configure_syscall_buffer_num.cpp index b44984226c5..311a2b1ddbe 100644 --- a/userspace/falco/app/actions/configure_syscall_buffer_num.cpp +++ b/userspace/falco/app/actions/configure_syscall_buffer_num.cpp @@ -20,7 +20,7 @@ limitations under the License. using namespace falco::app; using namespace falco::app::actions; -falco::app::run_result falco::app::actions::configure_syscall_buffer_num(falco::app::state& s) +falco::app::run_result falco::app::actions::configure_syscall_buffer_num(const falco::app::state& s) { #ifdef __linux__ if(!s.is_modern_ebpf()) diff --git a/userspace/falco/app/actions/helpers.h b/userspace/falco/app/actions/helpers.h index 41a9ab53d29..69562bf23dd 100644 --- a/userspace/falco/app/actions/helpers.h +++ b/userspace/falco/app/actions/helpers.h @@ -47,7 +47,7 @@ void read_files(InputIterator begin, InputIterator end, // Read the contents in a first pass for(auto it = begin; it != end; it++) { - std::string &filename = *it; + const std::string &filename = *it; std::ifstream is; is.open(filename); if (!is.is_open()) diff --git a/userspace/falco/app/actions/list_plugins.cpp b/userspace/falco/app/actions/list_plugins.cpp index aeda72c26a9..cb0c1b6b832 100644 --- a/userspace/falco/app/actions/list_plugins.cpp +++ b/userspace/falco/app/actions/list_plugins.cpp @@ -23,7 +23,7 @@ limitations under the License. using namespace falco::app; using namespace falco::app::actions; -falco::app::run_result falco::app::actions::list_plugins(falco::app::state& s) +falco::app::run_result falco::app::actions::list_plugins(const falco::app::state& s) { if(s.options.list_plugins) { diff --git a/userspace/falco/app/actions/load_config.cpp b/userspace/falco/app/actions/load_config.cpp index 8dac82f5bd2..58ea19a43f9 100644 --- a/userspace/falco/app/actions/load_config.cpp +++ b/userspace/falco/app/actions/load_config.cpp @@ -27,7 +27,7 @@ using namespace falco::app; using namespace falco::app::actions; // applies legacy/in-deprecation options to the current state -static falco::app::run_result apply_deprecated_options(falco::app::state& s) +static falco::app::run_result apply_deprecated_options(const falco::app::state& s) { // Check that at most one command line option is provided int open_modes = 0; @@ -137,7 +137,7 @@ static falco::app::run_result apply_deprecated_options(falco::app::state& s) return run_result::ok(); } -falco::app::run_result falco::app::actions::load_config(falco::app::state& s) +falco::app::run_result falco::app::actions::load_config(const falco::app::state& s) { try { @@ -175,7 +175,7 @@ falco::app::run_result falco::app::actions::load_config(falco::app::state& s) return apply_deprecated_options(s); } -falco::app::run_result falco::app::actions::require_config_file(falco::app::state& s) +falco::app::run_result falco::app::actions::require_config_file(const falco::app::state& s) { #ifndef __EMSCRIPTEN__ if (s.options.conf_filename.empty()) diff --git a/userspace/falco/app/actions/load_rules_files.cpp b/userspace/falco/app/actions/load_rules_files.cpp index adab4961eac..3ccd7a09d7c 100644 --- a/userspace/falco/app/actions/load_rules_files.cpp +++ b/userspace/falco/app/actions/load_rules_files.cpp @@ -135,7 +135,7 @@ falco::app::run_result falco::app::actions::load_rules_files(falco::app::state& if(!s.options.disabled_rule_tags.empty()) { - for(auto &tag : s.options.disabled_rule_tags) + for(const auto &tag : s.options.disabled_rule_tags) { falco_logger::log(falco_logger::level::INFO, "Disabling rules with tag: " + tag + "\n"); } @@ -147,7 +147,7 @@ falco::app::run_result falco::app::actions::load_rules_files(falco::app::state& // Since we only want to enable specific // rules, first disable all rules. s.engine->enable_rule(all_rules, false); - for(auto &tag : s.options.enabled_rule_tags) + for(const auto &tag : s.options.enabled_rule_tags) { falco_logger::log(falco_logger::level::INFO, "Enabling rules with tag: " + tag + "\n"); } diff --git a/userspace/falco/app/actions/pidfile.cpp b/userspace/falco/app/actions/pidfile.cpp index be5ac93a9aa..45811f1a4fd 100644 --- a/userspace/falco/app/actions/pidfile.cpp +++ b/userspace/falco/app/actions/pidfile.cpp @@ -24,7 +24,7 @@ limitations under the License. using namespace falco::app; using namespace falco::app::actions; -falco::app::run_result falco::app::actions::pidfile(falco::app::state& s) +falco::app::run_result falco::app::actions::pidfile(const falco::app::state& s) { if (s.options.dry_run) { diff --git a/userspace/falco/app/actions/print_ignored_events.cpp b/userspace/falco/app/actions/print_ignored_events.cpp index 44c2d3757e6..89836e148e5 100644 --- a/userspace/falco/app/actions/print_ignored_events.cpp +++ b/userspace/falco/app/actions/print_ignored_events.cpp @@ -22,7 +22,7 @@ limitations under the License. using namespace falco::app; using namespace falco::app::actions; -falco::app::run_result falco::app::actions::print_ignored_events(falco::app::state& s) +falco::app::run_result falco::app::actions::print_ignored_events(const falco::app::state& s) { if(!s.options.print_ignored_events) { diff --git a/userspace/falco/app/actions/print_kernel_version.cpp b/userspace/falco/app/actions/print_kernel_version.cpp index cb0269ed2e4..223c928c4d2 100644 --- a/userspace/falco/app/actions/print_kernel_version.cpp +++ b/userspace/falco/app/actions/print_kernel_version.cpp @@ -25,7 +25,7 @@ limitations under the License. using namespace falco::app; using namespace falco::app::actions; -falco::app::run_result falco::app::actions::print_kernel_version(falco::app::state& s) +falco::app::run_result falco::app::actions::print_kernel_version(const falco::app::state& s) { #ifdef __linux__ // We print this info only when a kernel driver is injected diff --git a/userspace/falco/app/actions/print_page_size.cpp b/userspace/falco/app/actions/print_page_size.cpp index bbdbc2623d5..6189162a3e6 100644 --- a/userspace/falco/app/actions/print_page_size.cpp +++ b/userspace/falco/app/actions/print_page_size.cpp @@ -23,7 +23,7 @@ limitations under the License. using namespace falco::app; using namespace falco::app::actions; -falco::app::run_result falco::app::actions::print_page_size(falco::app::state& s) +falco::app::run_result falco::app::actions::print_page_size(const falco::app::state& s) { if(s.options.print_page_size) { diff --git a/userspace/falco/app/actions/print_plugin_info.cpp b/userspace/falco/app/actions/print_plugin_info.cpp index 4c52e39177e..cdc1e6a0bda 100644 --- a/userspace/falco/app/actions/print_plugin_info.cpp +++ b/userspace/falco/app/actions/print_plugin_info.cpp @@ -23,7 +23,7 @@ limitations under the License. using namespace falco::app; using namespace falco::app::actions; -falco::app::run_result falco::app::actions::print_plugin_info(falco::app::state& s) +falco::app::run_result falco::app::actions::print_plugin_info(const falco::app::state& s) { if(!s.options.print_plugin_info.empty()) { @@ -83,7 +83,7 @@ falco::app::run_result falco::app::actions::print_plugin_info(falco::app::state& else { os << "Suggested open params:" << std::endl; - for(auto &oparam : p->list_open_params()) + for(const auto &oparam : p->list_open_params()) { if(oparam.desc == "") { diff --git a/userspace/falco/app/actions/print_support.cpp b/userspace/falco/app/actions/print_support.cpp index 0e486182d81..ad8fe8d7496 100644 --- a/userspace/falco/app/actions/print_support.cpp +++ b/userspace/falco/app/actions/print_support.cpp @@ -111,7 +111,7 @@ falco::app::run_result falco::app::actions::print_support(falco::app::state& s) support["cmdline"] = s.cmdline; support["config"] = read_file(s.options.conf_filename); support["rules_files"] = nlohmann::json::array(); - for(auto filename : s.config->m_loaded_rules_filenames) + for(const auto& filename : s.config->m_loaded_rules_filenames) { nlohmann::json finfo; finfo["name"] = filename; diff --git a/userspace/falco/app/actions/print_syscall_events.cpp b/userspace/falco/app/actions/print_syscall_events.cpp index 71d2b0dbdbd..95820a0e4e5 100644 --- a/userspace/falco/app/actions/print_syscall_events.cpp +++ b/userspace/falco/app/actions/print_syscall_events.cpp @@ -38,7 +38,7 @@ struct events_by_category std::vector pluginevents; std::vector metaevents; - void add_event(ppm_event_code e, bool available, std::string name = "") { + void add_event(ppm_event_code e, bool available, const std::string& name = "") { event_entry entry; entry.is_enter = PPME_IS_ENTER(e); diff --git a/userspace/falco/app/actions/process_events.cpp b/userspace/falco/app/actions/process_events.cpp index 1d2006793cc..24b078086b4 100644 --- a/userspace/falco/app/actions/process_events.cpp +++ b/userspace/falco/app/actions/process_events.cpp @@ -326,7 +326,7 @@ static void process_inspector_events( falco::app::state& s, std::shared_ptr inspector, std::shared_ptr statsw, - std::string source, // an empty source represents capture mode + const std::string& source, // an empty source represents capture mode source_sync_context* sync, run_result* res) noexcept { diff --git a/userspace/falco/app/actions/validate_rules_files.cpp b/userspace/falco/app/actions/validate_rules_files.cpp index cf55f3f53bf..7edeb0423e7 100644 --- a/userspace/falco/app/actions/validate_rules_files.cpp +++ b/userspace/falco/app/actions/validate_rules_files.cpp @@ -69,7 +69,7 @@ falco::app::run_result falco::app::actions::validate_rules_files(falco::app::sta std::string summary; falco_logger::log(falco_logger::level::INFO, "Validating rules file(s):\n"); - for(auto file : s.options.validate_rules_filenames) + for(const auto& file : s.options.validate_rules_filenames) { falco_logger::log(falco_logger::level::INFO, " " + file + "\n"); } diff --git a/userspace/falco/app/app.cpp b/userspace/falco/app/app.cpp index 37302de17b9..b8aed2bba30 100644 --- a/userspace/falco/app/app.cpp +++ b/userspace/falco/app/app.cpp @@ -98,7 +98,7 @@ bool falco::app::run(falco::app::state& s, bool& restart, std::string& errstr) }; falco::app::run_result res = falco::app::run_result::ok(); - for (auto &func : run_steps) + for (const auto &func : run_steps) { res = falco::app::run_result::merge(res, func(s)); if(!res.proceed) @@ -107,7 +107,7 @@ bool falco::app::run(falco::app::state& s, bool& restart, std::string& errstr) } } - for (auto &func : teardown_steps) + for (const auto &func : teardown_steps) { res = falco::app::run_result::merge(res, func(s)); // note: we always proceed because we don't want to miss teardown steps diff --git a/userspace/falco/configuration.cpp b/userspace/falco/configuration.cpp index f3455b31359..f1bcf749781 100644 --- a/userspace/falco/configuration.cpp +++ b/userspace/falco/configuration.cpp @@ -398,7 +398,7 @@ void falco_configuration::load_yaml(const std::string& config_name, const yaml_h config.get_sequence(syscall_event_drop_acts, "syscall_event_drops.actions"); m_syscall_evt_drop_actions.clear(); - for(std::string &act : syscall_event_drop_acts) + for(const std::string &act : syscall_event_drop_acts) { if(act == "ignore") { diff --git a/userspace/falco/event_drops.cpp b/userspace/falco/event_drops.cpp index 0d5fc28765d..22cd8440149 100644 --- a/userspace/falco/event_drops.cpp +++ b/userspace/falco/event_drops.cpp @@ -35,7 +35,7 @@ syscall_evt_drop_mgr::~syscall_evt_drop_mgr() void syscall_evt_drop_mgr::init(std::shared_ptr inspector, std::shared_ptr outputs, - syscall_evt_drop_actions &actions, + const syscall_evt_drop_actions &actions, double threshold, double rate, double max_tokens, @@ -140,7 +140,7 @@ void syscall_evt_drop_mgr::print_stats() fprintf(stderr, " - num times actions taken: %lu\n", m_num_actions); } -bool syscall_evt_drop_mgr::perform_actions(uint64_t now, scap_stats &delta, bool bpf_enabled) +bool syscall_evt_drop_mgr::perform_actions(uint64_t now, const scap_stats &delta, bool bpf_enabled) { std::string rule = "Falco internal: syscall event drop"; std::string msg = rule + ". " + std::to_string(delta.n_drops) + " system calls dropped in last second."; diff --git a/userspace/falco/event_drops.h b/userspace/falco/event_drops.h index 9caf5a3a3bf..f820703ca00 100644 --- a/userspace/falco/event_drops.h +++ b/userspace/falco/event_drops.h @@ -45,7 +45,7 @@ class syscall_evt_drop_mgr void init(std::shared_ptr inspector, std::shared_ptr outputs, - syscall_evt_drop_actions &actions, + const syscall_evt_drop_actions &actions, double threshold, double rate, double max_tokens, @@ -62,7 +62,7 @@ class syscall_evt_drop_mgr protected: // Perform all configured actions. - bool perform_actions(uint64_t now, scap_stats &delta, bool bpf_enabled); + bool perform_actions(uint64_t now, const scap_stats &delta, bool bpf_enabled); uint64_t m_num_syscall_evt_drops; uint64_t m_num_actions; diff --git a/userspace/falco/falco_outputs.cpp b/userspace/falco/falco_outputs.cpp index 5583d22c2d4..1650d8c33ec 100644 --- a/userspace/falco/falco_outputs.cpp +++ b/userspace/falco/falco_outputs.cpp @@ -84,7 +84,7 @@ falco_outputs::~falco_outputs() } // This function is called only at initialization-time by the constructor -void falco_outputs::add_output(falco::outputs::config oc) +void falco_outputs::add_output(const falco::outputs::config &oc) { falco::outputs::abstract_output *oo; @@ -135,8 +135,8 @@ void falco_outputs::add_output(falco::outputs::config oc) } } -void falco_outputs::handle_event(sinsp_evt *evt, std::string &rule, std::string &source, - falco_common::priority_type priority, std::string &format, std::set &tags) +void falco_outputs::handle_event(sinsp_evt *evt, const std::string &rule, const std::string &source, + falco_common::priority_type priority, const std::string &format, std::set &tags) { falco_outputs::ctrl_msg cmsg = {}; cmsg.ts = evt->get_ts(); @@ -177,8 +177,8 @@ void falco_outputs::handle_event(sinsp_evt *evt, std::string &rule, std::string void falco_outputs::handle_msg(uint64_t ts, falco_common::priority_type priority, - std::string &msg, - std::string &rule, + const std::string &msg, + const std::string &rule, nlohmann::json &output_fields) { if (!output_fields.is_object()) diff --git a/userspace/falco/falco_outputs.h b/userspace/falco/falco_outputs.h index a529e29b7d9..17200757dda 100644 --- a/userspace/falco/falco_outputs.h +++ b/userspace/falco/falco_outputs.h @@ -58,8 +58,8 @@ class falco_outputs \brief Format then send the event to all configured outputs (`evt` is an event that has matched some rule). */ - void handle_event(sinsp_evt *evt, std::string &rule, std::string &source, - falco_common::priority_type priority, std::string &format, std::set &tags); + void handle_event(sinsp_evt *evt, const std::string &rule, const std::string &source, + falco_common::priority_type priority, const std::string &format, std::set &tags); /*! \brief Format then send a generic message to all outputs. @@ -67,8 +67,8 @@ class falco_outputs */ void handle_msg(uint64_t now, falco_common::priority_type priority, - std::string &msg, - std::string &rule, + const std::string &msg, + const std::string &rule, nlohmann::json &output_fields); /*! @@ -125,6 +125,6 @@ class falco_outputs inline void push_ctrl(ctrl_msg_type cmt); void worker() noexcept; void stop_worker(); - void add_output(falco::outputs::config oc); + void add_output(const falco::outputs::config& oc); inline void process_msg(falco::outputs::abstract_output* o, const ctrl_msg& cmsg); }; diff --git a/userspace/falco/logger.cpp b/userspace/falco/logger.cpp index 543ba3807c2..78b4ca8ef62 100644 --- a/userspace/falco/logger.cpp +++ b/userspace/falco/logger.cpp @@ -65,7 +65,7 @@ void falco_logger::set_time_format_iso_8601(bool val) falco_logger::time_format_iso_8601 = val; } -void falco_logger::set_level(std::string &level) +void falco_logger::set_level(const std::string &level) { if(level == "emergency") { @@ -169,7 +169,7 @@ void falco_logger::log(falco_logger::level priority, const std::string&& msg) if(falco_logger::time_format_iso_8601) { char buf[sizeof "YYYY-MM-DDTHH:MM:SS-0000"]; - struct tm *gtm = std::gmtime(&result); + const struct tm *gtm = std::gmtime(&result); if(gtm != NULL && (strftime(buf, sizeof(buf), "%FT%T%z", gtm) != 0)) { @@ -178,7 +178,7 @@ void falco_logger::log(falco_logger::level priority, const std::string&& msg) } else { - struct tm *ltm = std::localtime(&result); + const struct tm *ltm = std::localtime(&result); char *atime = (ltm ? std::asctime(ltm) : NULL); std::string tstr; if(atime) diff --git a/userspace/falco/logger.h b/userspace/falco/logger.h index ec7aeb6c760..25b7a29a2b3 100644 --- a/userspace/falco/logger.h +++ b/userspace/falco/logger.h @@ -41,7 +41,7 @@ class falco_logger static void set_time_format_iso_8601(bool val); // Will throw exception if level is unknown. - static void set_level(std::string &level); + static void set_level(const std::string &level); static void set_sinsp_logging(bool enable, const std::string& severity, const std::string& prefix);