diff --git a/userspace/engine/falco_engine.cpp b/userspace/engine/falco_engine.cpp index 008ccf86..1fa4dc74 100644 --- a/userspace/engine/falco_engine.cpp +++ b/userspace/engine/falco_engine.cpp @@ -40,6 +40,7 @@ extern "C" { string lua_on_event = "on_event"; string lua_print_stats = "print_stats"; +const std::string falco_engine::m_default_ruleset = "falco-default-ruleset"; using namespace std; @@ -196,11 +197,6 @@ void falco_engine::enable_rule(const string &substring, bool enabled, const stri } } -void falco_engine::enable_rule(const string &substring, bool enabled) -{ - enable_rule(substring, enabled, m_default_ruleset); -} - void falco_engine::enable_rule_exact(const string &rule_name, bool enabled, const string &ruleset) { uint16_t ruleset_id = find_ruleset_id(ruleset); @@ -212,11 +208,6 @@ void falco_engine::enable_rule_exact(const string &rule_name, bool enabled, cons } } -void falco_engine::enable_rule_exact(const string &rule_name, bool enabled) -{ - enable_rule_exact(rule_name, enabled, m_default_ruleset); -} - void falco_engine::enable_rule_by_tag(const set &tags, bool enabled, const string &ruleset) { uint16_t ruleset_id = find_ruleset_id(ruleset); @@ -227,11 +218,6 @@ void falco_engine::enable_rule_by_tag(const set &tags, bool enabled, con } } -void falco_engine::enable_rule_by_tag(const set &tags, bool enabled) -{ - enable_rule_by_tag(tags, enabled, m_default_ruleset); -} - void falco_engine::set_min_priority(falco_common::priority_type priority) { m_min_priority = priority; @@ -279,11 +265,6 @@ void falco_engine::evttypes_for_ruleset(std::string &source, std::set } -void falco_engine::evttypes_for_ruleset(std::string &source, std::set &evttypes) -{ - evttypes_for_ruleset(source, evttypes, m_default_ruleset); -} - std::shared_ptr falco_engine::create_formatter(const std::string &source, const std::string &output) { diff --git a/userspace/engine/falco_engine.h b/userspace/engine/falco_engine.h index dee86045..c5c0fc39 100644 --- a/userspace/engine/falco_engine.h +++ b/userspace/engine/falco_engine.h @@ -78,25 +78,16 @@ public: // be passed as an argument to process_event(). This allows // for different sets of rules being active at once. // - void enable_rule(const std::string &substring, bool enabled, const std::string &ruleset); - - // Wrapper that assumes the default ruleset - void enable_rule(const std::string &substring, bool enabled); + void enable_rule(const std::string &substring, bool enabled, const std::string &ruleset = m_default_ruleset); // Like enable_rule, but the rule name must be an exact match. - void enable_rule_exact(const std::string &rule_name, bool enabled, const std::string &ruleset); - - // Wrapper that assumes the default ruleset - void enable_rule_exact(const std::string &rule_name, bool enabled); + void enable_rule_exact(const std::string &rule_name, bool enabled, const std::string &ruleset = m_default_ruleset); // // Enable/Disable any rules with any of the provided tags (set, exact matches only) // - void enable_rule_by_tag(const std::set &tags, bool enabled, const std::string &ruleset); - - // Wrapper that assumes the default ruleset - void enable_rule_by_tag(const std::set &tags, bool enabled); + void enable_rule_by_tag(const std::set &tags, bool enabled, const std::string &ruleset = m_default_ruleset); // Only load rules having this priority or more severe. void set_min_priority(falco_common::priority_type priority); @@ -206,11 +197,7 @@ public: // void evttypes_for_ruleset(std::string &source, std::set &evttypes, - const std::string &ruleset); - - // Assuming default ruleset - void evttypes_for_ruleset(std::string &source, - std::set &evttypes); + const std::string &ruleset = m_default_ruleset); // // Given a source and output string, return an @@ -279,7 +266,7 @@ private: double m_sampling_multiplier; std::string m_lua_main_filename = "rule_loader.lua"; - std::string m_default_ruleset = "falco-default-ruleset"; + static std::string m_default_ruleset; uint32_t m_default_ruleset_id; std::string m_extra;