update(userspace/engine): add event codes to json output

Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
falcosecurity · May 16, 2023 · c803516 · c803516
1 parent 93aef41
commit c803516
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 1 deletion.
diff --git a/userspace/engine/falco_engine.cpp b/userspace/engine/falco_engine.cpp
@@ -601,6 +601,13 @@ Json::Value falco_engine::get_json_rule_details(const falco_rule& r, filter_deta
 	}
 	output["lists"] = lists;
 
+	Json::Value events = Json::arrayValue;
+	for(const auto &e : rule_info->evttypes)
+	{
+		events.append(e);
+	}
+	output["eventCodes"] = events;
+
 	details.reset();
 
 	return output;

diff --git a/userspace/engine/rule_loader.h b/userspace/engine/rule_loader.h
@@ -456,6 +456,7 @@ namespace rule_loader
 		std::set<std::string> tags;
 		std::vector<rule_exception_info> exceptions;
 		falco_common::priority_type priority;
+		libsinsp::events::set<ppm_event_code> evttypes;
 		bool enabled;
 		bool warn_evttypes;
 		bool skip_if_unknown_filter;

diff --git a/userspace/engine/rule_loader_compiler.cpp b/userspace/engine/rule_loader_compiler.cpp
@@ -386,7 +386,7 @@ void rule_loader::compiler::compile_rule_infos(
 	std::string err, condition;
 	std::set<falco::load_result::load_result::warning_code> warn_codes;
 	filter_warning_resolver warn_resolver;
-	for (auto &r : col.rules())
+	for (auto &r : const_cast<indexed_vector<rule_info>&>(col.rules()))
 	{
 		// skip the rule if below the minimum priority
 		if (r.priority > cfg.min_priority)
@@ -507,6 +507,7 @@ void rule_loader::compiler::compile_rule_infos(
 					"Rule matches too many evt.type values. This has a significant performance penalty.",
 					r.ctx);
 			}
+			r.evttypes = evttypes;
 		}
 	}
 }