update(userspace/engine): use rule schema from falco-playground.

FedeDP · FedeDP · commit a68102450578 · 2024-09-06T15:51:47.000+02:00
Signed-off-by: Federico Di Pierro &lt;nierro92@gmail.com&gt;
diff --git a/userspace/engine/falco_engine.cpp b/userspace/engine/falco_engine.cpp
@@ -47,7 +47,7 @@ limitations under the License.
 
 const std::string falco_engine::s_default_ruleset = "falco-default-ruleset";
 
-static const std::string rule_schema_string = R"({"$schema":"http://json-schema.org/draft-06/schema#","type":"array","items":{"$ref":"#/definitions/FalcoRule"},"definitions":{"FalcoRule":{"type":"object","additionalProperties":false,"properties":{"required_engine_version":{"type":"string"},"macro":{"type":"string"},"condition":{"type":"string"},"list":{"type":"string"},"items":{"type":"array","items":{"$ref":"#/definitions/Item"}},"rule":{"type":"string"},"desc":{"type":"string"},"enabled":{"type":"boolean"},"output":{"type":"string"},"append":{"type":"boolean"},"priority":{"$ref":"#/definitions/Priority"},"exceptions":{"type":"array","items":{"$ref":"#/definitions/Exception"}},"override":{"$ref":"#/definitions/Override"},"tags":{"type":"array","items":{"type":"string"}}},"required":[],"title":"FalcoRule"},"Item":{"anyOf":[{"type":"integer"},{"type":"string"}],"title":"Item"},"Exception":{"type":"object","additionalProperties":false,"properties":{"name":{"type":"string"},"fields":{},"comps":{},"values":{}},"required":["name","values"],"title":"Exception"},"Priority":{"type":"string","enum":["WARNING","NOTICE","INFO","ERROR","CRITICAL"],"title":"Priority"},"OverriddenItem":{"type":"string","enum":["append","replace"],"title":"Priority"},"Override":{"type":"object","additionalProperties":false,"properties":{"items":{"$ref":"#/definitions/OverriddenItem"},"desc":{"$ref":"#/definitions/OverriddenItem"},"condition":{"$ref":"#/definitions/OverriddenItem"},"output":{"$ref":"#/definitions/OverriddenItem"},"priority":{"$ref":"#/definitions/OverriddenItem"},"enabled":{"$ref":"#/definitions/OverriddenItem"},"exceptions":{"$ref":"#/definitions/OverriddenItem"}},"minProperties":1,"title":"Override"}}})";
+static const std::string rule_schema_string = R"({"$schema":"http://json-schema.org/draft-06/schema#","type":"array","items":{"anyOf":[{"$ref":"#definitions/RequiredEngineVersionRef"},{"$ref":"#definitions/ListRef"},{"$ref":"#definitions/MacroRef"},{"$ref":"#definitions/RuleRef"},{"$ref":"#definitions/AppendOnlyRuleRef"},{"$ref":"#definitions/EnableOnlyRuleRef"}]},"definitions":{"RequiredEngineVersionRef":{"type":"object","additionalProperties":false,"properties":{"required_engine_version":{"type":"integer"}},"required":["required_engine_version"],"title":"RequiredEngineVersion"},"ListRef":{"type":"object","additionalProperties":false,"properties":{"list":{"type":"string"},"items":{"type":"array","items":{"anyOf":[{"type":"integer"},{"type":"string"}]}},"append":{"type":"boolean"}},"required":["list","items"],"title":"List"},"MacroRef":{"type":"object","additionalProperties":false,"properties":{"macro":{"type":"string"},"condition":{"type":"string"},"append":{"type":"boolean"}},"required":["macro","condition"],"title":"Macro"},"RuleRef":{"type":"object","additionalProperties":false,"properties":{"rule":{"type":"string"},"condition":{"type":"string"},"desc":{"type":"string"},"enabled":{"type":"boolean"},"append":{"type":"boolean"},"output":{"type":"string"},"priority":{"type":"string","enum":["ALERT","EMERGENCY","NOTICE","WARNING","ERROR","DEBUG","INFO","INFORMATIONAL","CRITICAL"]},"tags":{"type":"array","items":{"anyOf":[{"type":"integer"},{"type":"string"}]}},"warn_evttypes":{"type":"boolean"},"skip-if-unknown-filter":{"type":"boolean"}},"required":["rule","desc","condition","output","priority"],"title":"Rule"},"AppendOnlyRuleRef":{"type":"object","additionalProperties":false,"properties":{"rule":{"type":"string"},"condition":{"type":"string"},"append":{"type":"boolean"}},"required":["rule","append","condition"],"title":"AppendOnlyRule"},"EnableOnlyRuleRef":{"type":"object","additionalProperties":false,"properties":{"rule":{"type":"string"},"enabled":{"type":"boolean"}},"required":["rule","enabled"],"title":"EnableOnlyRule"}}})";
 
 using namespace falco;
 
