update(userspace/engine): remove warnings for missing exceptions

We want users to continue using rules without having to use exceptions. Exceptions are an additional feature for more advanced use-cases, having a warning in there will mean that everyone now adds an empty exception to avoid the warning. Co-Authored-By: Leonardo Grasso <me@leonardograsso.com> Signed-off-by: Lorenzo Fontana <lo@linux.com>
falcosecurity · Apr 8, 2021 · 1b0e379 · 1b0e379
1 parent 548ad42
commit 1b0e379
Show file tree

Hide file tree

Showing 4 changed files with 1 addition and 45 deletions.
diff --git a/test/falco_tests.yaml b/test/falco_tests.yaml
@@ -356,8 +356,6 @@ trace_files: !mux
         condition: evt.type=fork
         priority: INFO
       ---
-      1 warnings:
-      Rule no output rule: consider adding an exceptions property to define supported exceptions fields
     validate_rules_file:
       - rules/invalid_rule_without_output.yaml
     trace_file: trace_files/cat_write.scap
@@ -413,8 +411,6 @@ trace_files: !mux
         condition: evt.type=open
         append: true
       ---
-      1 warnings:
-      Rule my_rule: consider adding an exceptions property to define supported exceptions fields
     validate_rules_file:
       - rules/rule_append_failure.yaml
     trace_file: trace_files/cat_write.scap
@@ -542,9 +538,6 @@ trace_files: !mux
         priority: INFO
         append: false
       ---
-      2 warnings:
-      Rule some rule: consider adding an exceptions property to define supported exceptions fields
-      Rule some rule: consider adding an exceptions property to define supported exceptions fields
     validate_rules_file:
       - rules/invalid_overwrite_rule_multiple_docs.yaml
     trace_file: trace_files/cat_write.scap
@@ -567,9 +560,6 @@ trace_files: !mux
         priority: INFO
         append: true
       ---
-      2 warnings:
-      Rule some rule: consider adding an exceptions property to define supported exceptions fields
-      Rule some rule: consider adding an exceptions property to define supported exceptions fields
     validate_rules_file:
       - rules/invalid_append_rule_multiple_docs.yaml
     trace_file: trace_files/cat_write.scap
@@ -627,8 +617,6 @@ trace_files: !mux
         output: "An open was seen %not_a_real_field"
         priority: WARNING
       ---
-      1 warnings:
-      Rule rule_with_invalid_output: consider adding an exceptions property to define supported exceptions fields
     validate_rules_file:
       - rules/invalid_rule_output.yaml
     trace_file: trace_files/cat_write.scap

diff --git a/test/falco_tests_exceptions.yaml b/test/falco_tests_exceptions.yaml
@@ -185,15 +185,6 @@ trace_files: !mux
       - rules/exceptions/append_item_not_in_rule.yaml
     trace_file: trace_files/cat_write.scap
 
-  rule_without_exception:
-    exit_status: 0
-    stderr_contains: |+
-      1 warnings:
-      Rule My Rule: consider adding an exceptions property to define supported exceptions fields
-    validate_rules_file:
-      - rules/exceptions/rule_without_exception.yaml
-    trace_file: trace_files/cat_write.scap
-
   rule_exception_no_values:
     detect: True
     detect_level: WARNING

diff --git a/test/rules/exceptions/rule_without_exception.yaml b/test/rules/exceptions/rule_without_exception.yaml
diff --git a/userspace/engine/lua/rule_loader.lua b/userspace/engine/lua/rule_loader.lua
@@ -522,10 +522,8 @@ function load_rules_doc(rules_mgr, doc, load_state)
 	    v['source'] = "syscall"
 	 end
 
-	 -- Add an empty exceptions property to the rule if not
-	 -- defined, but add a warning about defining one
+	 -- Add an empty exceptions property to the rule if not defined
 	 if v['exceptions'] == nil then
-	    warnings[#warnings + 1] = "Rule "..v['rule']..": consider adding an exceptions property to define supported exceptions fields"
 	    v['exceptions'] = {}
 	 end