update(changelog): updated changelog for 0.39.1.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

CHANGELOG.md

@@ -1,5 +1,24 @@
 # Change Log
 
+## v0.39.1
+
+Released on 2024-10-09
+
+### Bug Fixes
+
+* fix(engine): allow null init_config for plugin info [[#3372](https://github.com/falcosecurity/falco/pull/3372)] - [@LucaGuerra](https://github.com/LucaGuerra)
+* fix(engine): fix parsing issues in -o key={object} when the object definition contains a comma [[#3363](https://github.com/falcosecurity/falco/pull/3363)] - [@LucaGuerra](https://github.com/LucaGuerra)
+* fix(userspace/falco): fix event set selection for plugin with parsing capability [[#3368](https://github.com/falcosecurity/falco/pull/3368)] - [@FedeDP](https://github.com/FedeDP)
+
+### Statistics
+
+|   MERGED PRS    | NUMBER |
+|-----------------|--------|
+| Not user-facing |      0 |
+| Release note    |      3 |
+| Total           |      3 |
+
+
 ## v0.39.0
 
 Released on 2024-10-01

unit_tests/falco/test_configuration_schema.cpp

@@ -18,6 +18,7 @@ limitations under the License.
 #include <gtest/gtest.h>
 #include <falco/configuration.h>
 #include <falco_test_var.h>
+#include <nlohmann/json.hpp>
 
 #define EXPECT_VALIDATION_STATUS(res, status)                                                     \
 	do {                                                                                          \
@@ -102,8 +103,13 @@ plugins:
       sslCertificate: /etc/falco/falco.pem
 )";
 
+	auto plugin_config_json = nlohmann::json::parse(
+	        R"({"maxEventSize": 262144, "sslCertificate": "/etc/falco/falco.pem"})");
+
 	EXPECT_NO_THROW(res = falco_config.init_from_content(config, {}));
 	EXPECT_VALIDATION_STATUS(res, yaml_helper::validation_ok);
+	auto parsed_init_config = nlohmann::json::parse(falco_config.m_plugins[0].m_init_config);
+	EXPECT_EQ(parsed_init_config, plugin_config_json);
 
 	config = R"(
 plugins:
@@ -114,6 +120,30 @@ plugins:
 
 	EXPECT_NO_THROW(res = falco_config.init_from_content(config, {}));
 	EXPECT_VALIDATION_STATUS(res, yaml_helper::validation_ok);
+	parsed_init_config = nlohmann::json::parse(falco_config.m_plugins[0].m_init_config);
+	EXPECT_EQ(parsed_init_config, plugin_config_json);
+
+	config = R"(
+plugins:
+  - name: k8saudit
+    library_path: libk8saudit.so
+    init_config: ""
+)";
+
+	EXPECT_NO_THROW(res = falco_config.init_from_content(config, {}));
+	EXPECT_VALIDATION_STATUS(res, yaml_helper::validation_ok);
+	EXPECT_EQ(falco_config.m_plugins[0].m_init_config, "");
+
+	config = R"(
+plugins:
+  - name: k8saudit
+    library_path: libk8saudit.so
+    init_config: null
+)";
+
+	EXPECT_NO_THROW(res = falco_config.init_from_content(config, {}));
+	EXPECT_VALIDATION_STATUS(res, yaml_helper::validation_ok);
+	EXPECT_EQ(falco_config.m_plugins[0].m_init_config, "");
 }
 
 TEST(Configuration, schema_yaml_helper_validator) {

userspace/falco/app/actions/configure_interesting_sets.cpp

@@ -78,11 +78,27 @@ static void select_event_set(falco::app::state& s,
 
 	/* Load PPM event codes needed by plugins with parsing capability */
 	libsinsp::events::set<ppm_event_code> plugin_ev_codes;
-	for(const auto& p : s.offline_inspector->get_plugin_manager()->plugins()) {
-		if(!(p->caps() & CAP_PARSING)) {
-			continue;
+	if(s.is_capture_mode()) {
+		// In capture mode, we need to use the offline inspector
+		// because plugins are inited under it; see init_inspectors action.
+		for(const auto& p : s.offline_inspector->get_plugin_manager()->plugins()) {
+			if(!(p->caps() & CAP_PARSING)) {
+				continue;
+			}
+			plugin_ev_codes.merge(p->parse_event_codes());
+		}
+	} else {
+		// In live mode, we need to use inspectors from the loaded sources,
+		// because plugins are inited under them; see init_inspectors action.
+		for(const auto& src : s.loaded_sources) {
+			auto src_info = s.source_infos.at(src);
+			for(const auto& p : src_info->inspector->get_plugin_manager()->plugins()) {
+				if(!(p->caps() & CAP_PARSING)) {
+					continue;
+				}
+				plugin_ev_codes.merge(p->parse_event_codes());
+			}
 		}
-		plugin_ev_codes.merge(p->parse_event_codes());
 	}
 	const auto plugin_sc_set = libsinsp::events::event_set_to_sc_set(plugin_ev_codes);
 	const auto plugin_names = libsinsp::events::sc_set_to_event_names(plugin_sc_set);

userspace/falco/app/options.cpp

@@ -19,6 +19,9 @@ limitations under the License.
 #include "../configuration.h"
 #include "config_falco.h"
 
+// disable cxxopts vector delimiter, meaning that
+// -o test1,test2,test3 won't be treated like -o test1 -o test2 -o test3
+#define CXXOPTS_VECTOR_DELIMITER '\0'
 #include <cxxopts.hpp>
 
 #include <fstream>

userspace/falco/config_json_schema.h

@@ -593,6 +593,9 @@ const char config_schema_string[] = LONG_STRING_CONST(
                         },
                         {
                             "type": "string"
+                        },
+                        {
+                            "type": "null"
                         }
                     ]
                 },