github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2026-01-29 21:48:32 +00:00
Code Issues Projects Releases Wiki Activity

Handle rule patterns that are invalid regexes (#636)

Browse Source 
In the case where a rule name can't be compiled as a regex, fall back to
a substring search instead.
This commit is contained in:
Mark Stemm
2019-05-31 13:30:55 -07:00
committed by GitHub
parent 732d530202
commit 969374fcc7
1 changed files with 20 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
userspace/engine/ruleset.cpp
View File

@@ -176,7 +176,16 @@ void falco_ruleset::add(string &name,
void falco_ruleset::enable(const string &pattern, bool enabled, uint16_t ruleset)
{
regex re(pattern);
regex re;
bool match_using_regex = true;
try {
re.assign(pattern);
}
catch (std::regex_error e)
{
match_using_regex = false;
}
while (m_rulesets.size() < (size_t) ruleset + 1)
{
@@ -185,7 +194,16 @@ void falco_ruleset::enable(const string &pattern, bool enabled, uint16_t ruleset
for(const auto &val : m_filters)
{
if (regex_match(val.first, re))
bool matches;
if(match_using_regex)
{
matches = regex_match(val.first, re);
}
else
{
matches = (val.first.find(pattern) != string::npos);
}
if (matches)
{
if(enabled)
{