Don't create rulesets a second time when loading rules

Currently, m_sources.ruleset is created twice: 1. When calling add_source() 2. When calling load_rules() We shouldn't do this twice, so remove the second create. Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
2026-03-31 09:02:43 +00:00 · 2023-06-02 14:02:02 -07:00
5 changed files with 20 additions and 34 deletions
--- a/cmake/modules/falcosecurity-libs.cmake
+++ b/cmake/modules/falcosecurity-libs.cmake
@@ -27,8 +27,8 @@ else()
  # In case you want to test against another falcosecurity/libs version (or branch, or commit) just pass the variable -
  # ie., `cmake -DFALCOSECURITY_LIBS_VERSION=dev ..` 
  if(NOT FALCOSECURITY_LIBS_VERSION)
-    set(FALCOSECURITY_LIBS_VERSION "0.11.0")
-    set(FALCOSECURITY_LIBS_CHECKSUM "SHA256=90414d00591986e94f2c49e7d65eef5c2dedee266354dd3db8234bb3b06c86fa")
+    set(FALCOSECURITY_LIBS_VERSION "0.11.0-rc5")
+    set(FALCOSECURITY_LIBS_CHECKSUM "SHA256=079ab5f596a0d8af2a7f843e8159f83cb7c864331019aaed822daa737c75e9e7")
  endif()

  # cd /path/to/build && cmake /path/to/source
--- a/cmake/modules/plugins.cmake
+++ b/cmake/modules/plugins.cmake
@@ -14,7 +14,7 @@
 include(ExternalProject)

 # 'stable' or 'dev'
-set(PLUGINS_DOWNLOAD_BUCKET "stable")
+set(PLUGINS_DOWNLOAD_BUCKET "dev")

 string(TOLOWER ${CMAKE_HOST_SYSTEM_NAME} PLUGINS_SYSTEM_NAME)

@@ -23,11 +23,11 @@ if(NOT DEFINED PLUGINS_COMPONENT_NAME)
 endif()

 # k8saudit
-set(PLUGIN_K8S_AUDIT_VERSION "0.6.0")
+set(PLUGIN_K8S_AUDIT_VERSION "0.6.0-0.5.3-33%2B81ffddd")
 if(${CMAKE_HOST_SYSTEM_PROCESSOR} STREQUAL "x86_64")
-    set(PLUGIN_K8S_AUDIT_HASH "560e8f8dc8fd169e524d95462d65b5227415a7a157442e82383c7d9f456ce58f")
+    set(PLUGIN_K8S_AUDIT_HASH "990e5c67d3b3c7cf5d30c73d73871b58767171ce7c998c1ca1d94d70c67db290")
 else() # aarch64
-    set(PLUGIN_K8S_AUDIT_HASH "e4757af1bac42b21c5937340790841dedc3805759050a6ffb22d1761e1dd1d31")
+    set(PLUGIN_K8S_AUDIT_HASH "c3634dfa83c8c8898811ab6b7587ea6d1c6dfffbdfa56def28cab43aaf01f88c")
 endif()

 ExternalProject_Add(
@@ -43,7 +43,7 @@ install(FILES "${PROJECT_BINARY_DIR}/k8saudit-plugin-prefix/src/k8saudit-plugin/
 ExternalProject_Add(
  k8saudit-rules
  URL "https://download.falco.org/plugins/${PLUGINS_DOWNLOAD_BUCKET}/k8saudit-rules-${PLUGIN_K8S_AUDIT_VERSION}.tar.gz"
-  URL_HASH "SHA256=44cee2fb88312d889213e1dbe1b9902d0a3f5c594cce73b2cac8e54fb51321b7"
+  URL_HASH "SHA256=2e3214fee00a012b32402aad5198df889773fc5f86b8ab87583fbc56ae5fb78c"
  CONFIGURE_COMMAND ""
  BUILD_COMMAND ""
  INSTALL_COMMAND "")
@@ -51,11 +51,11 @@ ExternalProject_Add(
 install(FILES "${PROJECT_BINARY_DIR}/k8saudit-rules-prefix/src/k8saudit-rules/k8s_audit_rules.yaml" DESTINATION "${FALCO_ETC_DIR}" COMPONENT "${PLUGINS_COMPONENT_NAME}")

 # cloudtrail
-set(PLUGIN_CLOUDTRAIL_VERSION "0.8.0")
+set(PLUGIN_CLOUDTRAIL_VERSION "0.8.0-0.7.3-33%2B81ffddd")
 if(${CMAKE_HOST_SYSTEM_PROCESSOR} STREQUAL "x86_64")
-    set(PLUGIN_CLOUDTRAIL_HASH "13ba77602c0859936f6e3b00f93bd218c463300c6a797b694a0d5aeecde13976")
+    set(PLUGIN_CLOUDTRAIL_HASH "144c297ae4285ea84b04af272f708a8b824f58bc9427a2eb91b467a6285d9e10")
 else() # aarch64
-    set(PLUGIN_CLOUDTRAIL_HASH "a01730738e9d5769f69957a204c8afe528b059e9a22f59792dfc65e19d6a43db")
+    set(PLUGIN_CLOUDTRAIL_HASH "19e7e8e11aaecd16442f65a265d3cd80ffb736ca4d3d8215893900fa0f04b926")
 endif()

 ExternalProject_Add(
@@ -71,7 +71,7 @@ install(FILES "${PROJECT_BINARY_DIR}/cloudtrail-plugin-prefix/src/cloudtrail-plu
 ExternalProject_Add(
  cloudtrail-rules
  URL "https://download.falco.org/plugins/${PLUGINS_DOWNLOAD_BUCKET}/cloudtrail-rules-${PLUGIN_CLOUDTRAIL_VERSION}.tar.gz"
-  URL_HASH "SHA256=27f2fc0a74d39476ad968a61318dec65a82b109c4a462b9fa22be45425ddaaad"
+  URL_HASH "SHA256=4f51d4bd9679f7f244c225b6fe530323f3536663da26a5b9d94d6953ed4e2cbc"
  CONFIGURE_COMMAND ""
  BUILD_COMMAND ""
  INSTALL_COMMAND "")
@@ -79,11 +79,11 @@ ExternalProject_Add(
 install(FILES "${PROJECT_BINARY_DIR}/cloudtrail-rules-prefix/src/cloudtrail-rules/aws_cloudtrail_rules.yaml" DESTINATION "${FALCO_ETC_DIR}" COMPONENT "${PLUGINS_COMPONENT_NAME}")

 # json
-set(PLUGIN_JSON_VERSION "0.7.0")
+set(PLUGIN_JSON_VERSION "0.7.0-0.6.2-36%2B81ffddd")
 if(${CMAKE_HOST_SYSTEM_PROCESSOR} STREQUAL "x86_64")
-    set(PLUGIN_JSON_HASH "a7bf52009a935f22b473724f722566fde27aec5c7d618ecd426eed81e477e94d")
+    set(PLUGIN_JSON_HASH "a9d8c595a139df5dc0cf2117127b496c94a9d3a3d0e84c1f18b3ccc9163f5f4a")
 else() # aarch64
-    set(PLUGIN_JSON_HASH "9cd65fac3f1cbc7f723b69671d42d35901cd322a23d8f2b9dc95fb0593918a7e")
+    set(PLUGIN_JSON_HASH "7d78620395526d1e6a948cc915d1d52a343c2b637c9ac0e3892e76826fcdc2df")
 endif()

 ExternalProject_Add(
--- a/cmake/modules/rules.cmake
+++ b/cmake/modules/rules.cmake
@@ -15,8 +15,8 @@ include(GNUInstallDirs)
 include(ExternalProject)

 # falco_rules.yaml
-set(FALCOSECURITY_RULES_FALCO_VERSION "falco-rules-1.0.0-rc1")
-set(FALCOSECURITY_RULES_FALCO_CHECKSUM "SHA256=3474d170e6cd1ac5c6ee0cfe6a226e3fd8ef5f7191b0363ecd69672601e7914f")
+set(FALCOSECURITY_RULES_FALCO_VERSION "falco-rules-0.1.0")
+set(FALCOSECURITY_RULES_FALCO_CHECKSUM "SHA256=0d3705a4650f09d10e7831b16e7af59c1da34ff19e788896e9ee77010014db4d")
 set(FALCOSECURITY_RULES_FALCO_PATH "${PROJECT_BINARY_DIR}/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml")
 ExternalProject_Add(
  falcosecurity-rules-falco
--- a/userspace/engine/falco_engine.cpp
+++ b/userspace/engine/falco_engine.cpp
@@ -199,11 +199,6 @@ std::unique_ptr<load_result> falco_engine::load_rules(const std::string &rules_c
 	rule_loader::reader reader;
 	if (reader.read(cfg, m_rule_collector))
 	{
-		for (auto &src : m_sources)
-		{
-			src.ruleset = src.ruleset_factory->new_ruleset();
-		}
-
 		rule_loader::compiler compiler;
 		m_rules.clear();
 		compiler.compile(cfg, m_rule_collector, m_rules);
--- a/userspace/falco/outputs_http.cpp
+++ b/userspace/falco/outputs_http.cpp
@@ -38,18 +38,9 @@ void falco::outputs::output_http::output(const message *msg)

 		if(res == CURLE_OK)
 		{
-			// if the URL is quoted the quotes should be removed to satisfy libcurl expected format
-			std::string unquotedUrl = m_oc.options["url"];
-			if (!unquotedUrl.empty() && (
-				(unquotedUrl.front() == '\"' && unquotedUrl.back() == '\"') ||
-				(unquotedUrl.front() == '\'' && unquotedUrl.back() == '\'')
-			))
-			{
-				unquotedUrl = libsinsp::filter::unescape_str(unquotedUrl);
-			}
-			res = curl_easy_setopt(curl, CURLOPT_URL, unquotedUrl.c_str());
+			res = curl_easy_setopt(curl, CURLOPT_URL, m_oc.options["url"].c_str());
 		}
-
+		
 		if(res == CURLE_OK)
 		{
 			res = curl_easy_setopt(curl, CURLOPT_POSTFIELDS, msg->msg.c_str());
@@ -64,7 +55,7 @@ void falco::outputs::output_http::output(const message *msg)
 		{
 		   res = curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, -1L);
 		}
-
+		
 		if(res == CURLE_OK)
 		{
 			if(m_oc.options["insecure"] == std::string("true"))
@@ -90,7 +81,7 @@ void falco::outputs::output_http::output(const message *msg)
 				res = curl_easy_setopt(curl, CURLOPT_CAPATH, m_oc.options["ca_path"].c_str());
 			}
 		}
-
+		
  		if(res == CURLE_OK)
 		{
 			res = curl_easy_perform(curl);