github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-17 00:01:52 +00:00
Code Issues Projects Releases Wiki Activity

fix(userspace/falco): enforce filtercheck overlap check for static fields too against plugin fields.

Browse Source 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Jason Dellaluce <jasondellaluce@gmail.com>
This commit is contained in:
Federico Di Pierro 2025-06-25 12:17:49 +02:00
parent ca954c0508
commit 9ed05db767
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
userspace/falco/app/actions/init_inspectors.cpp
View File

@ -56,6 +56,12 @@ static bool populate_filterchecks(const std::shared_ptr<sinsp>& inspector,
std::unordered_set<std::string>& used_plugins, std::unordered_set<std::string>& used_plugins,
std::map<std::string, std::string> static_fields, std::map<std::string, std::string> static_fields,
std::string& err) { std::string& err) {
// Add static filterchecks loaded from config
if(!static_fields.empty()) {
filterchecks.add_filter_check(std::make_unique<sinsp_filter_check_static>(static_fields));
}
// Add plugin-defined filterchecks, checking that they do not overlap any internal filtercheck
std::vector<const filter_check_info*> infos; std::vector<const filter_check_info*> infos;
for(const auto& plugin : inspector->get_plugin_manager()->plugins()) { for(const auto& plugin : inspector->get_plugin_manager()->plugins()) {
if(!(plugin->caps() & CAP_EXTRACTION)) { if(!(plugin->caps() & CAP_EXTRACTION)) {
@ -85,9 +91,6 @@ static bool populate_filterchecks(const std::shared_ptr<sinsp>& inspector,
used_plugins.insert(plugin->name()); used_plugins.insert(plugin->name());
} }
if(!static_fields.empty()) {
filterchecks.add_filter_check(std::make_unique<sinsp_filter_check_static>(static_fields));
}
return true; return true;
} }