github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-03 15:46:33 +00:00
Code Issues Projects Releases Wiki Activity

refactor(userspace/engine): polish evttype resolver and use it in rule loader

Browse Source 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
This commit is contained in:
Jason Dellaluce
2022-04-11 11:41:40 +00:00
committed by poiana
parent dd3d235d7f
commit b8a95d262f
5 changed files with 58 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
userspace/engine/falco_engine.cpp
View File

@@ -412,6 +412,7 @@ void falco_engine::print_stats()
void falco_engine::add_filter(std::shared_ptr<gen_event_filter> filter,
std::string &rule,
std::string &source,
std::set<uint16_t> &evttypes,
std::set<std::string> &tags)
{
auto it = find_ruleset(source);
@@ -421,7 +422,7 @@ void falco_engine::add_filter(std::shared_ptr<gen_event_filter> filter,
throw falco_exception(err);
}
it->ruleset->add(source, rule, tags, filter);
it->ruleset->add(source, rule, tags, evttypes, filter);
}
bool falco_engine::is_source_valid(const std::string &source)