From ad42baed7a47dafb0ca582427363d57553f9d172 Mon Sep 17 00:00:00 2001 From: Mark Stemm Date: Tue, 1 Mar 2022 16:46:01 -0800 Subject: [PATCH] Check for unknown sources earlier (to handle exceptions) If a rule has an unknown source, *and* has exceptions, loading the rule will result in an error and not skipping the rule. This is because exceptions are also validated for unknown fields, and that occurs before the current check for unknown sources. The fix is to move the check for unknown sources as soon as the rules object is read. Signed-off-by: Mark Stemm --- userspace/engine/lua/rule_loader.lua | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/userspace/engine/lua/rule_loader.lua b/userspace/engine/lua/rule_loader.lua index d8db151a..a03a48bd 100644 --- a/userspace/engine/lua/rule_loader.lua +++ b/userspace/engine/lua/rule_loader.lua @@ -542,6 +542,14 @@ function load_rules_doc(rules_mgr, doc, load_state) v['source'] = "syscall" end + valid = falco_rules.is_source_valid(rules_mgr, v['source']) + + if valid == false then + msg = "Rule "..v['rule']..": warning (unknown-source): unknown source "..v['source']..", skipping" + warnings[#warnings + 1] = msg + goto next_object + end + -- Add an empty exceptions property to the rule if not defined if v['exceptions'] == nil then v['exceptions'] = {} @@ -735,6 +743,8 @@ function load_rules_doc(rules_mgr, doc, load_state) arr = build_error_with_context(context, "Unknown top level object: "..table.tostring(v)) warnings[#warnings + 1] = arr[1] end + + ::next_object:: end return true, {}, warnings @@ -1008,14 +1018,6 @@ function load_rules(rules_content, if (filter_ast.type == "Rule") then - valid = falco_rules.is_source_valid(rules_mgr, v['source']) - - if valid == false then - msg = "Rule "..v['rule']..": warning (unknown-source): unknown source "..v['source']..", skipping" - warnings[#warnings + 1] = msg - goto next_rule - end - state.n_rules = state.n_rules + 1 state.rules_by_idx[state.n_rules] = v