Skip to content

Commit

Permalink
When overriding rules, ensure that the sources match
Browse files Browse the repository at this point in the history
In places where a second rule definition might replace, append to, or
replace items from a base rule, ensure that the source of the second
rule definiton matches the first.

This already existed for defines, but for other changes. There was a
bug where a second definition might exist for a different source, but
the additional rule was used anyway.

This now returns the same error for these other changes e.g. "Rule has
been re-defined..." as define.

Signed-off-by: Mark Stemm <[email protected]>
  • Loading branch information
mstemm committed Oct 16, 2024
1 parent 16b72fb commit 5adf991
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 6 deletions.
31 changes: 25 additions & 6 deletions userspace/engine/rule_loader_collector.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -182,10 +182,7 @@ void rule_loader::collector::append(configuration& cfg, macro_info& info) {
}

void rule_loader::collector::define(configuration& cfg, rule_info& info) {
const auto* prev = m_rule_infos.at(info.name);
THROW(prev && prev->source != info.source,
"Rule has been re-defined with a different source",
info.ctx);
auto prev __attribute__((unused)) = find_prev_rule(info);

const auto* source = cfg.sources.at(info.source);
if(!source) {
Expand All @@ -205,7 +202,7 @@ void rule_loader::collector::define(configuration& cfg, rule_info& info) {
}

void rule_loader::collector::append(configuration& cfg, rule_update_info& info) {
auto prev = m_rule_infos.at(info.name);
auto prev = find_prev_rule(info);

THROW(!prev, ERROR_NO_PREVIOUS_RULE_APPEND, info.ctx);
THROW(!info.has_any_value(),
Expand Down Expand Up @@ -275,7 +272,7 @@ void rule_loader::collector::append(configuration& cfg, rule_update_info& info)
}

void rule_loader::collector::selective_replace(configuration& cfg, rule_update_info& info) {
auto prev = m_rule_infos.at(info.name);
auto prev = find_prev_rule(info);

THROW(!prev, ERROR_NO_PREVIOUS_RULE_REPLACE, info.ctx);
THROW(!info.has_any_value(),
Expand Down Expand Up @@ -330,6 +327,28 @@ void rule_loader::collector::selective_replace(configuration& cfg, rule_update_i
replace_info(prev, info, m_cur_index++);
}

template<typename ruleInfo>
rule_loader::rule_info* rule_loader::collector::find_prev_rule(ruleInfo& info) {
auto ret = m_rule_infos.at(info.name);

std::string old_source = (ret ? ret->source : "");

if(old_source == "") {
old_source = falco_common::syscall_source;
}

std::string new_source = info.source;
if(new_source == "") {
new_source = falco_common::syscall_source;
}

THROW(ret && (old_source != new_source),
"Rule has been re-defined with a different source",
info.ctx);

return ret;
}

void rule_loader::collector::enable(configuration& cfg, rule_info& info) {
auto prev = m_rule_infos.at(info.name);
THROW(!prev, "Rule has 'enabled' key but no rule by that name already exists", info.ctx);
Expand Down
3 changes: 3 additions & 0 deletions userspace/engine/rule_loader_collector.h
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,9 @@ class collector {
virtual void selective_replace(configuration& cfg, rule_update_info& info);

private:
template<typename ruleInfo>
rule_info* find_prev_rule(ruleInfo& info);

uint32_t m_cur_index;
indexed_vector<rule_info> m_rule_infos;
indexed_vector<macro_info> m_macro_infos;
Expand Down

0 comments on commit 5adf991

Please sign in to comment.