Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[PoC] Simplify rule evaluation #218

Draft
wants to merge 7 commits into
base: master
Choose a base branch
from

Conversation

Anilm3
Copy link
Collaborator

@Anilm3 Anilm3 commented Sep 26, 2023

This change aims to reduce the number of rules that are evaluated on every call to ddwaf_run. Currently the following changes have been done:

  • Replace collections with a multiset ordered depending on rule priority (actions, user vs base, type).
  • Remove disabled rules from ruleset.
  • Select relevant rules based on available targets.

Remaining:

  • Replace collections tests.
  • Reinstate ruleset test.
  • Add other tests.

Note that this is an experimental effort which might lead to a different implementation later on.

@codecov-commenter
Copy link

codecov-commenter commented Sep 26, 2023

Codecov Report

Merging #218 (dff59da) into master (28d106d) will increase coverage by 0.25%.
The diff coverage is 86.55%.

@@            Coverage Diff             @@
##           master     #218      +/-   ##
==========================================
+ Coverage   82.43%   82.69%   +0.25%     
==========================================
  Files         106      104       -2     
  Lines        4003     4021      +18     
  Branches     1823     1818       -5     
==========================================
+ Hits         3300     3325      +25     
- Misses        281      282       +1     
+ Partials      422      414       -8     
Flag Coverage Δ
waf_test_none 82.57% <86.55%> (+0.25%) ⬆️
waf_test_sse2 82.65% <86.55%> (+0.25%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files Coverage Δ
src/context.hpp 88.46% <ø> (+0.96%) ⬆️
src/context_allocator.hpp 73.91% <ø> (ø)
src/indexer.hpp 96.15% <100.00%> (+1.41%) ⬆️
src/mkmap.hpp 68.33% <100.00%> (+1.66%) ⬆️
src/object_store.hpp 85.71% <100.00%> (+2.38%) ⬆️
src/parser/parser_v1.cpp 64.35% <100.00%> (ø)
src/expression.hpp 82.05% <80.00%> (-0.31%) ⬇️
src/rule.hpp 90.47% <95.65%> (+6.47%) ⬆️
src/ruleset_builder.cpp 80.61% <80.00%> (-0.21%) ⬇️
src/ruleset.hpp 73.52% <50.00%> (+9.42%) ⬆️
... and 1 more

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@Anilm3 Anilm3 changed the title Simplify rule evaluation [APPSEC-11363] Simplify rule evaluation Sep 28, 2023
@Anilm3 Anilm3 changed the title [APPSEC-11363] Simplify rule evaluation [PoC] Simplify rule evaluation Dec 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants