From c8035169775036d064c297ca728af56f49f7635e Mon Sep 17 00:00:00 2001
From: Lorenzo Susini <susinilorenzo1@gmail.com>
Date: Tue, 16 May 2023 09:22:00 +0000
Subject: [PATCH] update(userspace/engine): add event codes to json output

Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
---
 userspace/engine/falco_engine.cpp         | 7 +++++++
 userspace/engine/rule_loader.h            | 1 +
 userspace/engine/rule_loader_compiler.cpp | 3 ++-
 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/userspace/engine/falco_engine.cpp b/userspace/engine/falco_engine.cpp
index 31c3eb94c6c..1ec654eacc8 100644
--- a/userspace/engine/falco_engine.cpp
+++ b/userspace/engine/falco_engine.cpp
@@ -601,6 +601,13 @@ Json::Value falco_engine::get_json_rule_details(const falco_rule& r, filter_deta
 	}
 	output["lists"] = lists;
 
+	Json::Value events = Json::arrayValue;
+	for(const auto &e : rule_info->evttypes)
+	{
+		events.append(e);
+	}
+	output["eventCodes"] = events;
+
 	details.reset();
 
 	return output;
diff --git a/userspace/engine/rule_loader.h b/userspace/engine/rule_loader.h
index c0c30522cb3..95d2e923b9c 100644
--- a/userspace/engine/rule_loader.h
+++ b/userspace/engine/rule_loader.h
@@ -456,6 +456,7 @@ namespace rule_loader
 		std::set<std::string> tags;
 		std::vector<rule_exception_info> exceptions;
 		falco_common::priority_type priority;
+		libsinsp::events::set<ppm_event_code> evttypes;
 		bool enabled;
 		bool warn_evttypes;
 		bool skip_if_unknown_filter;
diff --git a/userspace/engine/rule_loader_compiler.cpp b/userspace/engine/rule_loader_compiler.cpp
index 47dec22a89b..3d3a6b39a03 100644
--- a/userspace/engine/rule_loader_compiler.cpp
+++ b/userspace/engine/rule_loader_compiler.cpp
@@ -386,7 +386,7 @@ void rule_loader::compiler::compile_rule_infos(
 	std::string err, condition;
 	std::set<falco::load_result::load_result::warning_code> warn_codes;
 	filter_warning_resolver warn_resolver;
-	for (auto &r : col.rules())
+	for (auto &r : const_cast<indexed_vector<rule_info>&>(col.rules()))
 	{
 		// skip the rule if below the minimum priority
 		if (r.priority > cfg.min_priority)
@@ -507,6 +507,7 @@ void rule_loader::compiler::compile_rule_infos(
 					"Rule matches too many evt.type values. This has a significant performance penalty.",
 					r.ctx);
 			}
+			r.evttypes = evttypes;
 		}
 	}
 }