github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-15 14:28:39 +00:00
Code Issues Projects Releases Wiki Activity

update(engine): clarify override error messages

Browse Source 
Signed-off-by: Luca Guerra <luca@guerra.sh>
This commit is contained in:
Luca Guerra
2023-12-20 10:50:58 +00:00
committed by poiana
parent bc072502cc
commit 2db29af0e8
1 changed files with 8 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
userspace/engine/rule_loader_reader.cpp
View File

@@ -441,10 +441,11 @@ static void read_item(
std::set<std::string> override_append, override_replace; std::set<std::string> override_append, override_replace;
std::set<std::string> overridable {"items"}; std::set<std::string> overridable {"items"};
decode_overrides(item, overridable, overridable, override_append, override_replace, ctx); decode_overrides(item, overridable, overridable, override_append, override_replace, ctx);
bool has_overrides = !override_append.empty() || !override_replace.empty();
if(append == true && !override_replace.empty()) if(append == true && has_overrides)
{ {
THROW(true, "Cannot specify a replace override when 'append: true' is set", ctx); THROW(true, "Keys 'override' and 'append: true' cannot be used together.", ctx);
} }
// Since a list only has items, if we have chosen to append them we can append the entire object // Since a list only has items, if we have chosen to append them we can append the entire object
@@ -482,10 +483,11 @@ static void read_item(
std::set<std::string> override_append, override_replace; std::set<std::string> override_append, override_replace;
std::set<std::string> overridable {"condition"}; std::set<std::string> overridable {"condition"};
decode_overrides(item, overridable, overridable, override_append, override_replace, ctx); decode_overrides(item, overridable, overridable, override_append, override_replace, ctx);
bool has_overrides = !override_append.empty() || !override_replace.empty();
if(append == true && !override_replace.empty()) if(append == true && has_overrides)
{ {
THROW(true, "Cannot specify a replace override when 'append: true' is set", ctx); THROW(true, "Keys 'override' and 'append: true' cannot be used together.", ctx);
} }
// Since a macro only has a condition, if we have chosen to append to it we can append the entire object // Since a macro only has a condition, if we have chosen to append to it we can append the entire object
@@ -523,7 +525,8 @@ static void read_item(
bool has_overrides_replace = !override_replace.empty(); bool has_overrides_replace = !override_replace.empty();
bool has_overrides = has_overrides_append || has_overrides_replace; bool has_overrides = has_overrides_append || has_overrides_replace;
THROW((has_append_flag && has_overrides), "Keys 'override' and 'append' cannot be used together.", ctx); THROW((has_append_flag && has_overrides),
"Keys 'override' and 'append: true' cannot be used together. Add an append entry (e.g. 'condition: append') under override instead.", ctx);
if(has_overrides) if(has_overrides)
{ {