falcosecurity · poiana · Jun 28, 2022 · Jun 24, 2022 · Jun 24, 2022
diff --git a/test/falco_tests_plugins.yaml b/test/falco_tests_plugins.yaml
@@ -103,13 +103,6 @@ trace_files: !mux
       - Cloudtrail Create Instance
     stderr_contains: "Rule Cloudtrail Create Instance: warning .unknown-source.: unknown source aws_cloudtrail, skipping"
 
-  no_plugins_unknown_source_macro:
-    detect: False
-    rules_file:
-      - rules/plugins/cloudtrail_macro.yaml
-    trace_file: trace_files/empty.scap
-    stderr_contains: "Macro Some Cloudtrail Macro: warning .unknown-source.: unknown source aws_cloudtrail, skipping"
-
   no_plugins_unknown_source_rule_exception:
     detect: False
     rules_file:

diff --git a/test/rules/plugins/cloudtrail_macro.yaml b/test/rules/plugins/cloudtrail_macro.yaml
diff --git a/userspace/engine/rule_loader.cpp b/userspace/engine/rule_loader.cpp
@@ -413,18 +413,6 @@ void rule_loader::append(configuration& cfg, list_info& info)
 
 void rule_loader::define(configuration& cfg, macro_info& info)
 {
-	if (!cfg.sources.at(info.source))
-	{
-		cfg.warnings.push_back("Macro " + info.name
-			+ ": warning (unknown-source): unknown source "
-			+ info.source + ", skipping");
-		return;
-	}
-
-	auto prev = m_macro_infos.at(info.name);
-	THROW(prev && prev->source != info.source,
-		"Macro " + info.name + " has been re-defined with a different source");
-
 	define_info(m_macro_infos, info, m_cur_index++);
 }
 
@@ -566,7 +554,6 @@ void rule_loader::compile_macros_infos(
 	indexed_vector<list_info>& lists,
 	indexed_vector<macro_info>& out) const
 {
-	set<string> used;
 	const context* info_ctx = NULL;
 	try
 	{

diff --git a/userspace/engine/rule_loader.h b/userspace/engine/rule_loader.h
@@ -122,7 +122,6 @@ class rule_loader
 		size_t visibility;
 		std::string name;
 		std::string cond;
-		std::string source;
 		std::shared_ptr<libsinsp::filter::ast::expr> cond_ast;
 	};
 

diff --git a/userspace/engine/rule_reader.cpp b/userspace/engine/rule_reader.cpp
@@ -207,12 +207,10 @@ static void read_item(
 		rule_loader::macro_info v;
 		v.ctx = ctx;
 		bool append = false;
-		v.source = falco_common::syscall_source;
 		THROW(!decode_val(item["macro"], v.name) || v.name.empty(),
 			"Macro name is empty");
 		THROW(!decode_val(item["condition"], v.cond) || v.cond.empty(),
 			"Macro must have property condition");
-		decode_val(item["source"], v.source);
 		if(decode_val(item["append"], append) && append)
 		{
 			loader.append(cfg, v);