github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-12 03:22:41 +00:00
Code Issues Projects Releases Wiki Activity

fix(userspace/engine): always consider all rules (even the ones below min_prio) in m_rule_stats_manager.

Browse Source 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Andrea Terzolo <andreaterzolo3@gmail.com>
This commit is contained in:
Federico Di Pierro 2024-02-08 14:34:19 +01:00 committed by poiana
parent 71f3c77a1a
commit 7bcbc08b52
1 changed files with 6 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
userspace/engine/falco_engine.cpp
View File

@ -207,7 +207,6 @@ std::unique_ptr<load_result> falco_engine::load_rules(const std::string &rules_c
// clear the rules known by the engine and each ruleset // clear the rules known by the engine and each ruleset
m_rules.clear(); m_rules.clear();
for (auto &src : m_sources) for (auto &src : m_sources)
// add rules to each ruleset // add rules to each ruleset
{ {
src.ruleset = create_ruleset(src.ruleset_factory); src.ruleset = create_ruleset(src.ruleset_factory);
@ -219,12 +218,6 @@ std::unique_ptr<load_result> falco_engine::load_rules(const std::string &rules_c
// add rules to the engine and the rulesets // add rules to the engine and the rulesets
for (const auto& rule : m_last_compile_output->rules) for (const auto& rule : m_last_compile_output->rules)
{ {
// skip the rule if below the minimum priority
if (rule.priority > m_min_priority)
{
continue;
}
auto info = m_rule_collector->rules().at(rule.name); auto info = m_rule_collector->rules().at(rule.name);
if (!info) if (!info)
{ {
@ -233,10 +226,14 @@ std::unique_ptr<load_result> falco_engine::load_rules(const std::string &rules_c
} }
auto source = find_source(rule.source); auto source = find_source(rule.source);
auto rule_id = m_rules.insert(rule, rule.name); m_rules.insert(rule, rule.name);
m_rules.at(rule_id)->id = rule_id;
// By default rules are enabled/disabled for the default ruleset // By default rules are enabled/disabled for the default ruleset
// skip the rule if below the minimum priority
if (rule.priority > m_min_priority)
{
continue;
}
if(info->enabled) if(info->enabled)
{ {
source->ruleset->enable(rule.name, true, m_default_ruleset_id); source->ruleset->enable(rule.name, true, m_default_ruleset_id);