github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-18 14:17:12 +00:00
Code Issues Projects Releases Wiki Activity

new(engine): raise warning instead of error on not-unique exceptions names

Browse Source 
Signed-off-by: Gianmatteo Palmieri <mail@gian.im>
This commit is contained in:
Gianmatteo Palmieri 2024-04-09 13:24:56 +02:00 committed by poiana
parent 7ac5c36d5a
commit 83910be726
3 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
userspace/engine/falco_load_result.cpp
View File

@ -72,7 +72,8 @@ static const std::string warning_codes[] = {
"LOAD_UNKNOWN_ITEM",
"LOAD_DEPRECATED_ITEM",
"LOAD_WARNING_EXTENSION",
"LOAD_APPEND_NO_VALUES"
"LOAD_APPEND_NO_VALUES",
"LOAD_EXCEPTION_NAME_NOT_UNIQUE"
};
const std::string& falco::load_result::warning_code_str(warning_code wc)
@ -90,7 +91,8 @@ static const std::string warning_strings[] = {
"Unknown rules file item",
"Used deprecated item",
"Warning in extension item",
"Overriding/appending with no values"
"Overriding/appending with no values",
"Multiple exceptions defined with the same name"
};
const std::string& falco::load_result::warning_str(warning_code wc)
@ -108,7 +110,8 @@ static const std::string warning_descs[] = {
"An unknown top-level object is in the rules content. It will be ignored.",
"A deprecated item is employed by lists, macros, or rules.",
"An extension item has a warning",
"A rule exception is overriding/appending with no values"
"A rule exception is overriding/appending with no values",
"A rule is defining multiple exceptions with the same name"
};
const std::string& falco::load_result::warning_desc(warning_code wc)

3
userspace/engine/falco_load_result.h
View File

@ -58,7 +58,8 @@ public:
LOAD_UNKNOWN_ITEM,
LOAD_DEPRECATED_ITEM,
LOAD_WARNING_EXTENSION,
LOAD_APPEND_NO_VALUES
LOAD_APPEND_NO_VALUES,
LOAD_EXCEPTION_NAME_NOT_UNIQUE
};
virtual ~load_result() = default;

6
userspace/engine/rule_loader_reader.cpp
View File

@ -319,8 +319,10 @@ static void read_rule_exceptions(
// Check if an exception with the same name has already been defined
for (auto &exception : exceptions)
{
THROW((v_ex.name == exception.name),
"Exceptions names in the same object must be unique", ex_ctx);
if(v_ex.name == exception.name)
{
cfg.res->add_warning(falco::load_result::LOAD_EXCEPTION_NAME_NOT_UNIQUE, "Multiple definitions of exception '" + v_ex.name + "' in the same rule", ex_ctx);
}
}
// note: the legacy lua loader used to throw a "xxx must strings" error