github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-06 09:12:20 +00:00
Code Issues Projects Releases Wiki Activity

fix(userspace/engine): print rules fields with arguments

Browse Source 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
This commit is contained in:
Jason Dellaluce
2023-09-05 11:26:58 +00:00
committed by poiana
parent 26bdefae8e
commit cba80a404f
2 changed files with 26 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
userspace/engine/falco_engine.cpp
View File

@@ -819,6 +819,19 @@ void falco_engine::get_json_used_plugins(
const std::unordered_set<std::string>& fields,
const std::vector<std::shared_ptr<sinsp_plugin>>& plugins) const
{
// note: condition and output fields may have an argument, so
// we need to isolate the field names
std::unordered_set<std::string> fieldnames;
for (auto f: fields)
{
auto argpos = f.find('[');
if (argpos != std::string::npos)
{
f = f.substr(0, argpos);
}
fieldnames.insert(f);
}
out = Json::arrayValue;
for (const auto& p : plugins)
{
@@ -846,7 +859,7 @@ void falco_engine::get_json_used_plugins(
{
for (const auto &f : p->fields())
{
if (!used && fields.find(f.m_name) != fields.end())
if (!used && fieldnames.find(f.m_name) != fieldnames.end())
{
out.append(p->name());
used = true;