falcosecurity · poiana · Aug 25, 2022 · Aug 25, 2022 · Aug 25, 2022 · Aug 25, 2022
diff --git a/cmake/modules/driver.cmake b/cmake/modules/driver.cmake
@@ -26,8 +26,8 @@ else()
   # In case you want to test against another driver version (or branch, or commit) just pass the variable -
   # ie., `cmake -DDRIVER_VERSION=dev ..`
   if(NOT DRIVER_VERSION)
-    set(DRIVER_VERSION "b4c198773bf05486e122f6d3f7f63be125242413")
-    set(DRIVER_CHECKSUM "SHA256=e85fa42a0b58ba21ca7efb38c20ce25207f4816245bdf154e6b9a037a1cce930")
+    set(DRIVER_VERSION "6599e2efebce30a95f27739d655d53f0d5f686e4")
+    set(DRIVER_CHECKSUM "SHA256=7cd84fe8a41c25bba9cd7d5d86a87d2483658e367b885ddbd3037aa45404df04")
   endif()
 
   # cd /path/to/build && cmake /path/to/source

diff --git a/cmake/modules/falcosecurity-libs.cmake b/cmake/modules/falcosecurity-libs.cmake
@@ -27,8 +27,8 @@ else()
   # In case you want to test against another falcosecurity/libs version (or branch, or commit) just pass the variable -
   # ie., `cmake -DFALCOSECURITY_LIBS_VERSION=dev ..`
   if(NOT FALCOSECURITY_LIBS_VERSION)
-    set(FALCOSECURITY_LIBS_VERSION "b4c198773bf05486e122f6d3f7f63be125242413")
-    set(FALCOSECURITY_LIBS_CHECKSUM "SHA256=e85fa42a0b58ba21ca7efb38c20ce25207f4816245bdf154e6b9a037a1cce930")
+    set(FALCOSECURITY_LIBS_VERSION "6599e2efebce30a95f27739d655d53f0d5f686e4")
+    set(FALCOSECURITY_LIBS_CHECKSUM "SHA256=7cd84fe8a41c25bba9cd7d5d86a87d2483658e367b885ddbd3037aa45404df04")
   endif()
 
   # cd /path/to/build && cmake /path/to/source
@@ -69,6 +69,7 @@ set(USE_BUNDLED_TBB ON CACHE BOOL "")
 set(USE_BUNDLED_B64 ON CACHE BOOL "")
 set(USE_BUNDLED_JSONCPP ON CACHE BOOL "")
 set(USE_BUNDLED_VALIJSON ON CACHE BOOL "")
+set(USE_BUNDLED_RE2 ON CACHE BOOL "")
 
 list(APPEND CMAKE_MODULE_PATH "${FALCOSECURITY_LIBS_SOURCE_DIR}/cmake/modules")
 

diff --git a/tests/engine/test_filter_evttype_resolver.cpp b/tests/engine/test_filter_evttype_resolver.cpp
@@ -35,10 +35,10 @@ string to_string(set<uint16_t> s)
 	return out;
 }
 
-void compare_evttypes(ast::expr* f, set<uint16_t> &expected)
+void compare_evttypes(std::unique_ptr<ast::expr> f, set<uint16_t> &expected)
 {
     set<uint16_t> actual;
-    filter_evttype_resolver().evttypes(f, actual);
+    filter_evttype_resolver().evttypes(f.get(), actual);
     for(auto &etype : expected)
     {
         REQUIRE(actual.find(etype) != actual.end());
@@ -49,7 +49,7 @@ void compare_evttypes(ast::expr* f, set<uint16_t> &expected)
     }
 }
 
-ast::expr* compile(const string &fltstr)
+std::unique_ptr<ast::expr> compile(const string &fltstr)
 {
     return libsinsp::filter::parser(fltstr).parse();
 }
@@ -98,138 +98,138 @@ TEST_CASE("Should find event types from filter", "[rule_loader]")
     SECTION("evt_type_eq")
     {
         auto f = compile("evt.type=openat");
-        compare_evttypes(f, openat_only);
+        compare_evttypes(std::move(f), openat_only);
     }
 
     SECTION("evt_type_in")
     {
         auto f = compile("evt.type in (openat, close)");
-        compare_evttypes(f, openat_close);
+        compare_evttypes(std::move(f), openat_close);
     }
 
     SECTION("evt_type_ne")
     {
         auto f = compile("evt.type!=openat");
-        compare_evttypes(f, not_openat);
+        compare_evttypes(std::move(f), not_openat);
     }
 
     SECTION("not_evt_type_eq")
     {
         auto f = compile("not evt.type=openat");
-        compare_evttypes(f, not_openat);
+        compare_evttypes(std::move(f), not_openat);
     }
 
     SECTION("not_evt_type_in")
     {
         auto f = compile("not evt.type in (openat, close)");
-        compare_evttypes(f, not_openat_close);
+        compare_evttypes(std::move(f), not_openat_close);
     }
 
     SECTION("not_evt_type_ne")
     {
         auto f = compile("not evt.type != openat");
-        compare_evttypes(f, openat_only);
+        compare_evttypes(std::move(f), openat_only);
     }
 
     SECTION("evt_type_or")
     {
         auto f = compile("evt.type=openat or evt.type=close");
-        compare_evttypes(f, openat_close);
+        compare_evttypes(std::move(f), openat_close);
     }
 
     SECTION("not_evt_type_or")
     {
         auto f = compile("evt.type!=openat or evt.type!=close");
-        compare_evttypes(f, all_events);
+        compare_evttypes(std::move(f), all_events);
     }
 
     SECTION("evt_type_or_ne")
     {
         auto f = compile("evt.type=close or evt.type!=openat");
-        compare_evttypes(f, not_openat);
+        compare_evttypes(std::move(f), not_openat);
     }
 
     SECTION("evt_type_and")
     {
         auto f = compile("evt.type=close and evt.type=openat");
-        compare_evttypes(f, no_events);
+        compare_evttypes(std::move(f), no_events);
     }
 
     SECTION("evt_type_and_non_evt_type")
     {
         auto f = compile("evt.type=openat and proc.name=nginx");
-        compare_evttypes(f, openat_only);
+        compare_evttypes(std::move(f), openat_only);
     }
 
     SECTION("evt_type_and_non_evt_type_not")
     {
         auto f = compile("evt.type=openat and not proc.name=nginx");
-        compare_evttypes(f, openat_only);
+        compare_evttypes(std::move(f), openat_only);
     }
 
     SECTION("evt_type_and_nested")
     {
         auto f = compile("evt.type=openat and (proc.name=nginx)");
-        compare_evttypes(f, openat_only);
+        compare_evttypes(std::move(f), openat_only);
     }
 
     SECTION("evt_type_and_nested_multi")
     {
         auto f = compile("evt.type=openat and (evt.type=close and proc.name=nginx)");
-        compare_evttypes(f, no_events);
+        compare_evttypes(std::move(f), no_events);
     }
 
     SECTION("non_evt_type")
     {
         auto f = compile("proc.name=nginx");
-        compare_evttypes(f, all_events);
+        compare_evttypes(std::move(f), all_events);
     }
 
     SECTION("non_evt_type_or")
     {
         auto f = compile("evt.type=openat or proc.name=nginx");
-        compare_evttypes(f, all_events);
+        compare_evttypes(std::move(f), all_events);
     }
 
     SECTION("non_evt_type_or_nested_first")
     {
         auto f = compile("(evt.type=openat) or proc.name=nginx");
-        compare_evttypes(f, all_events);
+        compare_evttypes(std::move(f), all_events);
     }
 
     SECTION("non_evt_type_or_nested_second")
     {
         auto f = compile("evt.type=openat or (proc.name=nginx)");
-        compare_evttypes(f, all_events);
+        compare_evttypes(std::move(f), all_events);
     }
 
     SECTION("non_evt_type_or_nested_multi")
     {
         auto f = compile("evt.type=openat or (evt.type=close and proc.name=nginx)");
-        compare_evttypes(f, openat_close);
+        compare_evttypes(std::move(f), openat_close);
     }
 
     SECTION("non_evt_type_or_nested_multi_not")
     {
         auto f = compile("evt.type=openat or not (evt.type=close and proc.name=nginx)");
-        compare_evttypes(f, not_close);
+        compare_evttypes(std::move(f), not_close);
     }
 
     SECTION("non_evt_type_and_nested_multi_not")
     {
         auto f = compile("evt.type=openat and not (evt.type=close and proc.name=nginx)");
-        compare_evttypes(f, openat_only);
+        compare_evttypes(std::move(f), openat_only);
     }
 
     SECTION("ne_and_and")
     {
         auto f = compile("evt.type!=openat and evt.type!=close");
-        compare_evttypes(f, not_openat_close);
+        compare_evttypes(std::move(f), not_openat_close);
     }
 
     SECTION("not_not")
     {
         auto f = compile("not (not evt.type=openat)");
-        compare_evttypes(f, openat_only);
+        compare_evttypes(std::move(f), openat_only);
     }
 }