github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-02 06:52:10 +00:00
Code Issues Projects Releases Wiki Activity

fix(userspace/engine): always consider all rules (even the ones below min_prio) in m_rule_stats_manager.

Browse Source 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Andrea Terzolo <andreaterzolo3@gmail.com>
This commit is contained in:
Federico Di Pierro 2024-02-08 14:34:19 +01:00 committed by poiana
parent 71f3c77a1a
commit 7bcbc08b52
1 changed files with 6 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
userspace/engine/falco_engine.cpp
View File

@ -207,7 +207,6 @@ std::unique_ptr<load_result> falco_engine::load_rules(const std::string &rules_c
// clear the rules known by the engine and each ruleset
m_rules.clear();
for (auto &src : m_sources)
// add rules to each ruleset
{
src.ruleset = create_ruleset(src.ruleset_factory);
@ -219,12 +218,6 @@ std::unique_ptr<load_result> falco_engine::load_rules(const std::string &rules_c
// add rules to the engine and the rulesets
for (const auto& rule : m_last_compile_output->rules)
{
// skip the rule if below the minimum priority
if (rule.priority > m_min_priority)
{
continue;
}
auto info = m_rule_collector->rules().at(rule.name);
if (!info)
{
@ -233,10 +226,14 @@ std::unique_ptr<load_result> falco_engine::load_rules(const std::string &rules_c
}
auto source = find_source(rule.source);
auto rule_id = m_rules.insert(rule, rule.name);
m_rules.at(rule_id)->id = rule_id;
m_rules.insert(rule, rule.name);
// By default rules are enabled/disabled for the default ruleset
// skip the rule if below the minimum priority
if (rule.priority > m_min_priority)
{
continue;
}
if(info->enabled)
{
source->ruleset->enable(rule.name, true, m_default_ruleset_id);