github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-15 06:19:12 +00:00
Code Issues Projects Releases Wiki Activity

Add a source to rule_update_info

Browse Source 
It's possible that someone might want to override a property for a
non-syscall rule source. To assist in this, decode any source property
for rules with append/override and save it in the rule_update_info
object. For the source property only, the value for source can be
empty e.g. 'source: ' or an empty string e.g. 'source: ""'. Both of
those are considered valid but result in an empty source.

A later change will ensure that the sources match up when
appending/redefining/overriding/enabling.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
This commit is contained in:
Mark Stemm
2024-10-16 13:44:56 -07:00
committed by poiana
parent 24f824dfb5
commit a44b311333
3 changed files with 41 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
userspace/engine/rule_loader_reader.h
View File

@@ -66,6 +66,11 @@ public:
const char* key,
T& out,
const rule_loader::context& ctx);
template<typename T>
static void decode_optional_empty_val(const YAML::Node& item,
const char* key,
T& out,
const rule_loader::context& ctx);
protected:
virtual void read_item(rule_loader::configuration& cfg,