From baf5540c308597315b4a94170f01c770399fb9e0 Mon Sep 17 00:00:00 2001 From: Mark Stemm Date: Mon, 27 Jun 2022 14:51:13 -0700 Subject: [PATCH] Remove required_engine_version from falco engine load_rules APIs The only use of it was to include in --support output, which is redundant as the support output already includes the full contents of each rules file. Additionally, it wasn't even being updated after the switch from lua rules loading to c++ rules loading (https://github.com/falcosecurity/falco/pull/1966/ or surrounding PRs). This will simplify follow-on changes to add a real "result" to rules loading methods, as there will be fewer API variants to support. Signed-off-by: Mark Stemm --- userspace/engine/falco_engine.cpp | 22 ++++--------------- userspace/engine/falco_engine.h | 7 ------ .../falco/app_actions/load_rules_files.cpp | 4 +--- userspace/falco/app_actions/print_support.cpp | 1 - userspace/falco/application.h | 2 -- 5 files changed, 5 insertions(+), 31 deletions(-) diff --git a/userspace/engine/falco_engine.cpp b/userspace/engine/falco_engine.cpp index da1b234f..c51a7afd 100644 --- a/userspace/engine/falco_engine.cpp +++ b/userspace/engine/falco_engine.cpp @@ -164,13 +164,6 @@ void falco_engine::list_fields(std::string &source, bool verbose, bool names_onl } void falco_engine::load_rules(const string &rules_content, bool verbose, bool all_events) -{ - uint64_t dummy; - - return load_rules(rules_content, verbose, all_events, dummy); -} - -void falco_engine::load_rules(const string &rules_content, bool verbose, bool all_events, uint64_t &required_engine_version) { rule_loader::configuration cfg(rules_content, m_sources); cfg.min_priority = m_min_priority; @@ -217,13 +210,6 @@ void falco_engine::load_rules(const string &rules_content, bool verbose, bool al } void falco_engine::load_rules_file(const string &rules_filename, bool verbose, bool all_events) -{ - uint64_t dummy; - - return load_rules_file(rules_filename, verbose, all_events, dummy); -} - -void falco_engine::load_rules_file(const string &rules_filename, bool verbose, bool all_events, uint64_t &required_engine_version) { ifstream is; @@ -238,7 +224,7 @@ void falco_engine::load_rules_file(const string &rules_filename, bool verbose, b string rules_content((istreambuf_iterator(is)), istreambuf_iterator()); - load_rules(rules_content, verbose, all_events, required_engine_version); + load_rules(rules_content, verbose, all_events); } void falco_engine::enable_rule(const string &substring, bool enabled, const string &ruleset) @@ -339,7 +325,7 @@ unique_ptr falco_engine::process_event(std::size_t so { return unique_ptr(); } - + unique_ptr res(new rule_result()); res->evt = ev; res->rule = rule.name; @@ -441,8 +427,8 @@ bool falco_engine::check_plugin_requirements( if (!plugin_version.check(req_version)) { err = "Plugin '" + plugin.name - + "' version '" + plugin.version - + "' is not compatible with required plugin version '" + + "' version '" + plugin.version + + "' is not compatible with required plugin version '" + reqver + "'"; return false; } diff --git a/userspace/engine/falco_engine.h b/userspace/engine/falco_engine.h index 81a307b7..44fe1489 100644 --- a/userspace/engine/falco_engine.h +++ b/userspace/engine/falco_engine.h @@ -63,13 +63,6 @@ public: void load_rules_file(const std::string &rules_filename, bool verbose, bool all_events); void load_rules(const std::string &rules_content, bool verbose, bool all_events); - // - // Identical to above, but also returns the required engine version for the file/content. - // (If no required engine version is specified, returns 0). - // - void load_rules_file(const std::string &rules_filename, bool verbose, bool all_events, uint64_t &required_engine_version); - void load_rules(const std::string &rules_content, bool verbose, bool all_events, uint64_t &required_engine_version); - // // Enable/Disable any rules matching the provided substring. // If the substring is "", all rules are enabled/disabled. diff --git a/userspace/falco/app_actions/load_rules_files.cpp b/userspace/falco/app_actions/load_rules_files.cpp index 000a15a5..8722d8d6 100644 --- a/userspace/falco/app_actions/load_rules_files.cpp +++ b/userspace/falco/app_actions/load_rules_files.cpp @@ -96,16 +96,14 @@ application::run_result application::load_rules_files() for (const auto& filename : m_state->config->m_loaded_rules_filenames) { falco_logger::log(LOG_INFO, "Loading rules from file " + filename + "\n"); - uint64_t required_engine_version; try { - m_state->engine->load_rules_file(filename, m_options.verbose, m_options.all_events, required_engine_version); + m_state->engine->load_rules_file(filename, m_options.verbose, m_options.all_events); } catch(falco_exception &e) { return run_result::fatal(string("Could not load rules file ") + filename + ": " + e.what()); } - m_state->required_engine_versions[filename] = required_engine_version; } // Ensure that all plugins are compatible with the loaded set of rules diff --git a/userspace/falco/app_actions/print_support.cpp b/userspace/falco/app_actions/print_support.cpp index 33ecdfa3..d4ff0e9a 100644 --- a/userspace/falco/app_actions/print_support.cpp +++ b/userspace/falco/app_actions/print_support.cpp @@ -58,7 +58,6 @@ application::run_result application::print_support() nlohmann::json finfo; finfo["name"] = filename; nlohmann::json variant; - variant["required_engine_version"] = m_state->required_engine_versions[filename]; variant["content"] = read_file(filename); finfo["variants"].push_back(variant); support["rules_files"].push_back(finfo); diff --git a/userspace/falco/application.h b/userspace/falco/application.h index d87f136d..a981d01e 100644 --- a/userspace/falco/application.h +++ b/userspace/falco/application.h @@ -81,8 +81,6 @@ private: // from event source to filtercheck list. std::map plugin_filter_checks; - std::map required_engine_versions; - std::string cmdline; #ifndef MINIMAL_BUILD