update(engine): throw an error if an unexpected top level key is found in an override

Signed-off-by: Luca Guerra <luca@guerra.sh>
2025-07-18 16:51:30 +00:00 · 2023-12-22 15:53:53 +00:00 · 2023-12-22 15:53:53 +00:00 · 8a7ef687b1
commit 8a7ef687b1
parent 21c629dc4d
1 changed files with 44 additions and 16 deletions
--- a/userspace/engine/rule_loader_reader.cpp
+++ b/userspace/engine/rule_loader_reader.cpp
@ -331,14 +331,17 @@ static void read_rule_exceptions(
 	exceptions = decoded;
 }
-inline static bool check_override_defined(const YAML::Node& item, const std::set<std::string>& overrides, const std::string& override_type, const std::string& key, const rule_loader::context& ctx)
+inline static bool check_update_expected(std::set<std::string>& expected_keys, const std::set<std::string>& overrides, const std::string& override_type, const std::string& key, const rule_loader::context& ctx)
 {
 	if (overrides.find(key) == overrides.end())
 	{
 		return false;
 	}
-	THROW(!item[key].IsDefined(), std::string("An ") + override_type + " override for '" + key + "' was specified but '" + key + "' is not defined", ctx);
+	THROW(expected_keys.find(key) == expected_keys.end(),
 		std::string("An ") + override_type + " override for '" + key + "' was specified but '" + key + "' is not defined", ctx);
 	expected_keys.erase(key);
 	return true;
 }
@ -530,31 +533,50 @@ static void read_item(
 		if(has_overrides)
 		{
 			std::set<std::string> expected_keys;
 			for (auto& key : overridable_append)
 			{
 				if (item[key].IsDefined())
 				{
 					expected_keys.insert(key);
 				}
 			}
 			for (auto& key : overridable_replace)
 			{
 				if (item[key].IsDefined())
 				{
 					expected_keys.insert(key);
 				}
 			}
 			// expected_keys is (appendable U replaceable) ^ (defined)
 			if (has_overrides_append)
 			{
 				rule_loader::rule_update_info v(ctx);
 				v.name = name;
-				if (check_override_defined(item, override_append, "append", "condition", ctx))
+				if (check_update_expected(expected_keys, override_append, "append", "condition", ctx))
 				{
 					decode_val(item, "condition", v.cond, ctx);
 				}
-				if (check_override_defined(item, override_append, "append", "exceptions", ctx))
+				if (check_update_expected(expected_keys, override_append, "append", "exceptions", ctx))
 				{
 					read_rule_exceptions(item, v.exceptions, ctx, true);
 				}
-				if (check_override_defined(item, override_append, "append", "output", ctx))
+				if (check_update_expected(expected_keys, override_append, "append", "output", ctx))
 				{
 					decode_val(item, "output", v.output, ctx);
 				}
-				if (check_override_defined(item, override_append, "append", "desc", ctx))
+				if (check_update_expected(expected_keys, override_append, "append", "desc", ctx))
 				{
 					decode_val(item, "desc", v.desc, ctx);
 				}
-				if (check_override_defined(item, override_append, "append", "tags", ctx))
+				if (check_update_expected(expected_keys, override_append, "append", "tags", ctx))
 				{
 					decode_tags(item, v.tags, ctx);
 				}
@ -566,32 +588,32 @@ static void read_item(
 			{
 				rule_loader::rule_update_info v(ctx);
 				v.name = name;
-				if (check_override_defined(item, override_replace, "replace", "condition", ctx))
+				if (check_update_expected(expected_keys, override_replace, "replace", "condition", ctx))
 				{
 					decode_val(item, "condition", v.cond, ctx);
 				}
-				if (check_override_defined(item, override_replace, "replace", "exceptions", ctx))
+				if (check_update_expected(expected_keys, override_replace, "replace", "exceptions", ctx))
 				{
 					read_rule_exceptions(item, v.exceptions, ctx, true);
 				}
-				if (check_override_defined(item, override_replace, "replace", "output", ctx))
+				if (check_update_expected(expected_keys, override_replace, "replace", "output", ctx))
 				{
 					decode_val(item, "output", v.output, ctx);
 				}
-				if (check_override_defined(item, override_replace, "replace", "desc", ctx))
+				if (check_update_expected(expected_keys, override_replace, "replace", "desc", ctx))
 				{
 					decode_val(item, "desc", v.desc, ctx);
 				}
-				if (check_override_defined(item, override_replace, "replace", "tags", ctx))
+				if (check_update_expected(expected_keys, override_replace, "replace", "tags", ctx))
 				{
 					decode_tags(item, v.tags, ctx);
 				}
-				if (check_override_defined(item, override_replace, "replace", "priority", ctx))
+				if (check_update_expected(expected_keys, override_replace, "replace", "priority", ctx))
 				{
 					std::string priority;
 					decode_val(item, "priority", priority, ctx);
@ -601,23 +623,29 @@ static void read_item(
 					v.priority = parsed_priority;
 				}
-				if (check_override_defined(item, override_replace, "replace", "enabled", ctx))
+				if (check_update_expected(expected_keys, override_replace, "replace", "enabled", ctx))
 				{
 					decode_val(item, "enabled", v.enabled, ctx);
 				}
-				if (check_override_defined(item, override_replace, "replace", "warn_evttypes", ctx))
+				if (check_update_expected(expected_keys, override_replace, "replace", "warn_evttypes", ctx))
 				{
 					decode_val(item, "warn_evttypes", v.warn_evttypes, ctx);
 				}
-				if (check_override_defined(item, override_replace, "replace", "skip-if-unknown-filter", ctx))
+				if (check_update_expected(expected_keys, override_replace, "replace", "skip-if-unknown-filter", ctx))
 				{
 					decode_val(item, "skip-if-unknown-filter", v.skip_if_unknown_filter, ctx);
 				}
 				collector.selective_replace(cfg, v);
 			}
 			// if any expected key has not been defined throw an error
 			for (auto &key : expected_keys) {
 				rule_loader::context keyctx(item[key], rule_loader::context::OVERRIDE, key, ctx);
 				THROW(true, "Unexpected key '" + key + "': no corresponding entry under 'override' is defined.", keyctx);
 			}
 		}
 		else if(has_append_flag)
 		{