From a8bfc7cf48a382c863b026694e8fcb057e4b5cd1 Mon Sep 17 00:00:00 2001
From: Jason Dellaluce <jasondellaluce@gmail.com>
Date: Fri, 24 Jun 2022 15:46:30 +0000
Subject: [PATCH 1/2] refactor(userspace/engine): remove source field from
 macros in rule loader

Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
---
 userspace/engine/rule_loader.cpp | 13 -------------
 userspace/engine/rule_loader.h   |  1 -
 userspace/engine/rule_reader.cpp |  2 --
 3 files changed, 16 deletions(-)

diff --git a/userspace/engine/rule_loader.cpp b/userspace/engine/rule_loader.cpp
index ba7f686dbf0..ae3bdc39702 100644
--- a/userspace/engine/rule_loader.cpp
+++ b/userspace/engine/rule_loader.cpp
@@ -413,18 +413,6 @@ void rule_loader::append(configuration& cfg, list_info& info)
 
 void rule_loader::define(configuration& cfg, macro_info& info)
 {
-	if (!cfg.sources.at(info.source))
-	{
-		cfg.warnings.push_back("Macro " + info.name
-			+ ": warning (unknown-source): unknown source "
-			+ info.source + ", skipping");
-		return;
-	}
-	
-	auto prev = m_macro_infos.at(info.name);
-	THROW(prev && prev->source != info.source,
-		"Macro " + info.name + " has been re-defined with a different source");
-
 	define_info(m_macro_infos, info, m_cur_index++);
 }
 
@@ -566,7 +554,6 @@ void rule_loader::compile_macros_infos(
 	indexed_vector<list_info>& lists,
 	indexed_vector<macro_info>& out) const
 {
-	set<string> used;
 	const context* info_ctx = NULL;
 	try
 	{
diff --git a/userspace/engine/rule_loader.h b/userspace/engine/rule_loader.h
index 47bb2c27414..3dae2c2b60b 100644
--- a/userspace/engine/rule_loader.h
+++ b/userspace/engine/rule_loader.h
@@ -122,7 +122,6 @@ class rule_loader
 		size_t visibility;
 		std::string name;
 		std::string cond;
-		std::string source;
 		std::shared_ptr<libsinsp::filter::ast::expr> cond_ast;
 	};
 
diff --git a/userspace/engine/rule_reader.cpp b/userspace/engine/rule_reader.cpp
index 27e60ba59b1..e0993103f85 100644
--- a/userspace/engine/rule_reader.cpp
+++ b/userspace/engine/rule_reader.cpp
@@ -207,12 +207,10 @@ static void read_item(
 		rule_loader::macro_info v;
 		v.ctx = ctx;
 		bool append = false;
-		v.source = falco_common::syscall_source;
 		THROW(!decode_val(item["macro"], v.name) || v.name.empty(),
 			"Macro name is empty");
 		THROW(!decode_val(item["condition"], v.cond) || v.cond.empty(),
 			"Macro must have property condition");
-		decode_val(item["source"], v.source);
 		if(decode_val(item["append"], append) && append)
 		{
 			loader.append(cfg, v);

From f44d4f3554784dc4bdaa9278cde6a6d8dc66d4a6 Mon Sep 17 00:00:00 2001
From: Jason Dellaluce <jasondellaluce@gmail.com>
Date: Fri, 24 Jun 2022 15:47:58 +0000
Subject: [PATCH 2/2] test(plugins): drop macro source warning test

Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
---
 test/falco_tests_plugins.yaml            | 7 -------
 test/rules/plugins/cloudtrail_macro.yaml | 4 ----
 2 files changed, 11 deletions(-)
 delete mode 100644 test/rules/plugins/cloudtrail_macro.yaml

diff --git a/test/falco_tests_plugins.yaml b/test/falco_tests_plugins.yaml
index 592628b0d67..c905c4450ee 100644
--- a/test/falco_tests_plugins.yaml
+++ b/test/falco_tests_plugins.yaml
@@ -103,13 +103,6 @@ trace_files: !mux
       - Cloudtrail Create Instance
     stderr_contains: "Rule Cloudtrail Create Instance: warning .unknown-source.: unknown source aws_cloudtrail, skipping"
 
-  no_plugins_unknown_source_macro:
-    detect: False
-    rules_file:
-      - rules/plugins/cloudtrail_macro.yaml
-    trace_file: trace_files/empty.scap
-    stderr_contains: "Macro Some Cloudtrail Macro: warning .unknown-source.: unknown source aws_cloudtrail, skipping"
-
   no_plugins_unknown_source_rule_exception:
     detect: False
     rules_file:
diff --git a/test/rules/plugins/cloudtrail_macro.yaml b/test/rules/plugins/cloudtrail_macro.yaml
deleted file mode 100644
index 009d8a39112..00000000000
--- a/test/rules/plugins/cloudtrail_macro.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
-- macro: Some Cloudtrail Macro
-  condition: aws.user=bob
-  source: aws_cloudtrail
-