Add methods to look up the factories provided in add_source()

Add methods that allow looking up the factories provided to add_source(). This allows not having to keep track of the factories outside of the engine. Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
2025-09-07 17:54:07 +00:00 · 2023-12-01 14:14:14 -08:00
parent 07d7b9a57a
commit 14d1ca3c97
2 changed files with 69 additions and 0 deletions
--- a/userspace/engine/falco_engine.cpp
+++ b/userspace/engine/falco_engine.cpp
@@ -907,6 +907,50 @@ bool falco_engine::is_source_valid(const std::string &source) const
 	return m_sources.at(source) != nullptr;
 }

+std::shared_ptr<gen_event_filter_factory> falco_engine::filter_factory_for_source(const std::string& source)
+{
+	return find_source(source)->filter_factory;
+}
+
+std::shared_ptr<gen_event_filter_factory> falco_engine::filter_factory_for_source(std::size_t source_idx)
+{
+	return find_source(source_idx)->filter_factory;
+}
+
+std::shared_ptr<gen_event_formatter_factory> falco_engine::formatter_factory_for_source(const std::string& source)
+{
+	return find_source(source)->formatter_factory;
+}
+
+std::shared_ptr<gen_event_formatter_factory> falco_engine::formatter_factory_for_source(std::size_t source_idx)
+{
+	return find_source(source_idx)->formatter_factory;
+}
+
+std::shared_ptr<filter_ruleset_factory> falco_engine::ruleset_factory_for_source(const std::string& source)
+{
+	return find_source(source)->ruleset_factory;
+}
+
+std::shared_ptr<filter_ruleset_factory> falco_engine::ruleset_factory_for_source(std::size_t source_idx)
+{
+	return find_source(source_idx)->ruleset_factory;
+}
+
+std::shared_ptr<filter_ruleset> falco_engine::ruleset_for_source(const std::string& source_name)
+{
+	const falco_source *source = find_source(source_name);
+
+	return source->ruleset;
+}
+
+std::shared_ptr<filter_ruleset> falco_engine::ruleset_for_source(std::size_t source_idx)
+{
+	const falco_source *source = find_source(source_idx);
+
+	return source->ruleset;
+}
+
 void falco_engine::read_file(const std::string& filename, std::string& contents)
 {
 	std::ifstream is;
--- a/userspace/engine/falco_engine.h
+++ b/userspace/engine/falco_engine.h
@@ -242,6 +242,31 @@ public:
 	// factory for this source.
 	bool is_source_valid(const std::string &source) const;

+	//
+	// Given a source, return a formatter factory that can create
+	// filters for events of that source.
+	//
+	std::shared_ptr<gen_event_filter_factory> filter_factory_for_source(const std::string& source);
+	std::shared_ptr<gen_event_filter_factory> filter_factory_for_source(std::size_t source_idx);
+
+	//
+	// Given a source, return a formatter factory that can create
+	// formatters for an event.
+	//
+	std::shared_ptr<gen_event_formatter_factory> formatter_factory_for_source(const std::string& source);
+	std::shared_ptr<gen_event_formatter_factory> formatter_factory_for_source(std::size_t source_idx);
+
+	//
+	// Given a source, return a ruleset factory that can create
+	// rulesets for that source.
+	//
+	std::shared_ptr<filter_ruleset_factory> ruleset_factory_for_source(const std::string& source);
+	std::shared_ptr<filter_ruleset_factory> ruleset_factory_for_source(std::size_t source_idx);
+
+	// Return the filter_ruleset used for a given source.
+	std::shared_ptr<filter_ruleset> ruleset_for_source(const std::string& source);
+	std::shared_ptr<filter_ruleset> ruleset_for_source(std::size_t source_idx);
+
 	//
 	// Given an event source and ruleset, fill in a bitset
 	// containing the event types for which this ruleset can run.