github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-01 14:47:00 +00:00
Code Issues Projects Releases Wiki Activity

fix(engine): index old version of events in rulesets

Browse Source 
Co-authored-by: Andrea Terzolo <andrea.terzolo@polito.it>
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
This commit is contained in:
Jason Dellaluce
2022-08-03 12:55:30 +00:00
committed by poiana
parent 577ba5904b
commit a46cbcffe8
1 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
userspace/engine/filter_evttype_resolver.cpp
View File

@@ -48,9 +48,8 @@ void filter_evttype_resolver::visitor::evttypes(string evtname, set<uint16_t>& o
const struct ppm_event_info* etable = g_infotables.m_event_info; const struct ppm_event_info* etable = g_infotables.m_event_info;
for(uint16_t i = 2; i < PPM_EVENT_MAX; i++) for(uint16_t i = 2; i < PPM_EVENT_MAX; i++)
{ {
// Skip "old" event versions, unused events, or events not matching // Skip unused events or events not matching the requested evtname
// the requested evtname if(!(etable[i].flags & EF_UNUSED)
if(!(etable[i].flags & (EF_OLD_VERSION | EF_UNUSED))
&& (evtname.empty() || string(etable[i].name) == evtname)) && (evtname.empty() || string(etable[i].name) == evtname))
{ {
out.insert(i); out.insert(i);