github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2026-04-09 05:24:34 +00:00
Code Issues Projects Releases Wiki Activity

Change enable_rule() to use substr match vs regex

Browse Source 
Change falco_engine::enable_rule to use substring matches instead of
regex pattern matches. Only substrings were actually used in practice
outside of tests and regex matches weren't even working, due to
regex_match() not working properly with the default compiler we
use. This is noted on the c++11 compatibility notes for gcc 4.8.2:
https://gcc.gnu.org/onlinedocs/gcc-4.8.2/libstdc++/manual/manual/status.html#status.iso.2011.
This commit is contained in:
Mark Stemm
2019-07-29 10:44:00 -07:00
parent 8d3cf12522
commit e01d3d68a3
5 changed files with 16 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
userspace/engine/rules.cpp
View File

@@ -196,20 +196,7 @@ int falco_rules::enable_rule(lua_State *ls)
std::string rule = rulec;
bool enabled = (lua_tonumber(ls, -1) ? true : false);
// Escape any regex special characters in the rule name
std::string sanitized = rule;
std::string escape_chars = R"($\.*+?()[]{}|^)";
size_t pos = sanitized.find_first_of(escape_chars);
while (pos != std::string::npos)
{
sanitized.insert(pos, "\\");
pos = sanitized.find_first_of(escape_chars, pos+2);
}
rules->enable_rule(sanitized, enabled);
rules->enable_rule(rule, enabled);
return 0;
}