From fa3de65d24a4a35b20eee44a2ca5ff5d9444e894 Mon Sep 17 00:00:00 2001 From: Ross Georgiev Date: Fri, 21 Jun 2024 19:00:03 +0300 Subject: [PATCH] Revert "overhaul of return values" This reverts commit 55391ecce8efb75062aabd6059990f54cc241e18. --- MAPL_engine/check.go | 151 +++---- MAPL_engine/check_test.go | 284 ++++---------- MAPL_engine/conditions_tree.go | 371 ++++++++---------- MAPL_engine/conditions_tree_test.go | 64 +-- MAPL_engine/definitions_rule.go | 26 +- MAPL_engine/rules_load.go | 4 +- MAPL_engine/unmarshal_test.go | 6 +- .../messages_basic_sender_receiver_names.yaml | 57 --- ...son_raw_data1_with_wildcard_in_field0.json | 109 ----- ...son_raw_data1_with_wildcard_in_field1.json | 109 ----- ...son_raw_data1_with_wildcard_in_field2.json | 109 ----- ...son_raw_data1_with_wildcard_in_field3.json | 109 ----- .../json_raw_data_suspicious_behaviour1.json | 20 - files/rules/basic_rules/rules_basic_v2.yaml | 4 + ...es_basic_v2_wildcards_sender_receiver.yaml | 16 - .../debugging/rule_suspicious_behaviour1.yaml | 25 -- .../rules_with_variables_AND_with_error.yaml | 25 -- ..._jsonpath_conditions_EQ_with_wildcard.yaml | 20 - ..._jsonpath_conditions_RE_with_wildcard.yaml | 20 - ...itions_RE_with_wildcard_correct_regex.yaml | 20 - ...nditions_RE_with_wildcard_wrong_regex.yaml | 20 - ...sonpath_EQ_on_array_with_return_value.yaml | 4 +- ...onpath_EQ_on_array_with_return_value2.yaml | 27 -- ...n_array_with_return_value_in_sub_node.yaml | 32 -- ..._array_with_return_value_in_sub_node2.yaml | 36 -- ...ate_rules.go_z => test_translate_rules.go} | 2 +- 26 files changed, 342 insertions(+), 1328 deletions(-) delete mode 100644 files/messages/main_fields/messages_basic_sender_receiver_names.yaml delete mode 100644 files/raw_json_data/basic_jsonpath/json_raw_data1_with_wildcard_in_field0.json delete mode 100644 files/raw_json_data/basic_jsonpath/json_raw_data1_with_wildcard_in_field1.json delete mode 100644 files/raw_json_data/basic_jsonpath/json_raw_data1_with_wildcard_in_field2.json delete mode 100644 files/raw_json_data/basic_jsonpath/json_raw_data1_with_wildcard_in_field3.json delete mode 100644 files/raw_json_data/debugging/json_raw_data_suspicious_behaviour1.json delete mode 100644 files/rules/basic_rules/rules_basic_v2_wildcards_sender_receiver.yaml delete mode 100644 files/rules/debugging/rule_suspicious_behaviour1.yaml delete mode 100644 files/rules/invalid_rules/with_variables/rules_with_variables_AND_with_error.yaml delete mode 100644 files/rules/with_jsonpath_conditions/rules_with_jsonpath_conditions_EQ_with_wildcard.yaml delete mode 100644 files/rules/with_jsonpath_conditions/rules_with_jsonpath_conditions_RE_with_wildcard.yaml delete mode 100644 files/rules/with_jsonpath_conditions/rules_with_jsonpath_conditions_RE_with_wildcard_correct_regex.yaml delete mode 100644 files/rules/with_jsonpath_conditions/rules_with_jsonpath_conditions_RE_with_wildcard_wrong_regex.yaml delete mode 100644 files/rules/with_return_value/rules_with_jsonpath_EQ_on_array_with_return_value2.yaml delete mode 100644 files/rules/with_return_value/rules_with_jsonpath_EQ_on_array_with_return_value_in_sub_node.yaml delete mode 100644 files/rules/with_return_value/rules_with_jsonpath_EQ_on_array_with_return_value_in_sub_node2.yaml rename tests/{test_translate_rules.go_z => test_translate_rules.go} (95%) diff --git a/MAPL_engine/check.go b/MAPL_engine/check.go index cbd145f..e0f5817 100755 --- a/MAPL_engine/check.go +++ b/MAPL_engine/check.go @@ -31,7 +31,7 @@ var DecisionNames = [...]string{ NONE: "none", } -func Check(message *MessageAttributes, rules *Rules) (decision int, descisionString string, relevantRuleIndex int, results []int, appliedRulesIndices []int, ruleDescription string, checkExtraData []*map[string][]interface{}) { +func Check(message *MessageAttributes, rules *Rules) (decision int, descisionString string, relevantRuleIndex int, results []int, appliedRulesIndices []int, ruleDescription string, checkExtraData [][]map[string]interface{}) { // // for each message we check its attributes against all of the rules and return a decision // @@ -40,18 +40,14 @@ func Check(message *MessageAttributes, rules *Rules) (decision int, descisionStr results = make([]int, N) ruleDescriptions := make([]string, N) - // checkExtraData = make([][]map[string]interface{}, N) - checkExtraData = make([]*map[string][]interface{}, N) + checkExtraData = make([][]map[string]interface{}, N) sem := make(chan int, N) // semaphore pattern if false { // check in parallel for i, rule := range rules.Rules { // check all the rules in parallel go func(in_i int, in_rule Rule) { - returnedValues := make(map[string][]interface{}) - returnedValuesPointer := &returnedValues - results[in_i], returnedValuesPointer = CheckOneRule(message, &in_rule) - checkExtraData[in_i] = returnedValuesPointer + results[in_i], checkExtraData[in_i] = CheckOneRule(message, &in_rule) if desc, ok := in_rule.Metadata["description"]; ok { ruleDescriptions[in_i] = desc } else { @@ -70,9 +66,7 @@ func Check(message *MessageAttributes, rules *Rules) (decision int, descisionStr } else { // used only for debugging for in_i, in_rule := range rules.Rules { - result, returnedValuesPointer := CheckOneRule(message, &in_rule) - results[in_i] = result - checkExtraData[in_i] = returnedValuesPointer + results[in_i], checkExtraData[in_i] = CheckOneRule(message, &in_rule) if desc, ok := in_rule.Metadata["description"]; ok { ruleDescriptions[in_i] = desc } else { @@ -104,7 +98,7 @@ func Check(message *MessageAttributes, rules *Rules) (decision int, descisionStr } // CheckOneRules gives the result of testing the message attributes with of one rule -func CheckOneRule(message *MessageAttributes, ruleOriginal *Rule) (int, *map[string][]interface{}) { +func CheckOneRule(message *MessageAttributes, ruleOriginal *Rule) (int, []map[string]interface{}) { if !ruleOriginal.ruleAlreadyPrepared { ruleOriginal.SetPredefinedStringsAndLists(GlobalPredefinedStringsAndLists) // use the global if not set already @@ -115,17 +109,17 @@ func CheckOneRule(message *MessageAttributes, ruleOriginal *Rule) (int, *map[str match := TestSender(rule, message) if !match { - return DEFAULT, nil + return DEFAULT, []map[string]interface{}{} } match = TestReceiver(rule, message) if !match { - return DEFAULT, nil + return DEFAULT, []map[string]interface{}{} } match = rule.OperationRegex.Match([]byte(message.RequestMethod)) // supports wildcards if !match { - return DEFAULT, nil + return DEFAULT, []map[string]interface{}{} } // ---------------------- @@ -133,22 +127,22 @@ func CheckOneRule(message *MessageAttributes, ruleOriginal *Rule) (int, *map[str if rule.Protocol == "tcp" { match = rule.Resource.ResourceNameRegex.Match([]byte(message.DestinationPort)) if !match { - return DEFAULT, nil + return DEFAULT, []map[string]interface{}{} } } else { if rule.Protocol != "*" { if !strings.EqualFold(message.ContextProtocol, rule.Protocol) { // regardless of case // need to support wildcards! - return DEFAULT, nil + return DEFAULT, []map[string]interface{}{} } if rule.Resource.ResourceType != "*" { if message.ContextType != rule.Resource.ResourceType { // need to support wildcards? - return DEFAULT, nil + return DEFAULT, []map[string]interface{}{} } } match = rule.Resource.ResourceNameRegex.Match([]byte(message.RequestPath)) // supports wildcards if !match { - return DEFAULT, nil + return DEFAULT, []map[string]interface{}{} } } } @@ -156,37 +150,28 @@ func CheckOneRule(message *MessageAttributes, ruleOriginal *Rule) (int, *map[str // ---------------------- // test conditions: conditionsResult := true // if there are no conditions then we skip the test and return the rule.Decision - returnedValues := make(map[string][]interface{}) + extraData := []map[string]interface{}{} if rule.Conditions.ConditionsTree != nil { - conditionsResult = TestConditions(ruleOriginal, message, &returnedValues) // using original rule here. using prepared rule inside. + conditionsResult, extraData = TestConditions(ruleOriginal, message) // using original rule here. using prepared rule inside. } if conditionsResult == false { - return DEFAULT, nil + return DEFAULT, []map[string]interface{}{} } // ---------------------- // if we got here then the rule applies and we use the rule's decision switch rule.Decision { case "allow", "ALLOW", "Allow": - if len(returnedValues) == 0 { - return ALLOW, nil - } - return ALLOW, &returnedValues + return ALLOW, extraData case "alert", "ALERT", "Alert": - if len(returnedValues) == 0 { - return ALERT, nil - } - return ALERT, &returnedValues + return ALERT, extraData case "block", "BLOCK", "Block": - if len(returnedValues) == 0 { - return BLOCK, nil - } - return BLOCK, &returnedValues + return BLOCK, extraData } - return DEFAULT, nil + return DEFAULT, []map[string]interface{}{} } -func (rule *Rule) Check(message *MessageAttributes) (int, *map[string][]interface{}) { +func (rule *Rule) Check(message *MessageAttributes) (int, []map[string]interface{}) { return CheckOneRule(message, rule) } @@ -260,32 +245,25 @@ func TestReceiver(rule *Rule, message *MessageAttributes) bool { } // testConditions tests the conditions of the rule with the message attributes -func TestConditions(rule *Rule, message *MessageAttributes, returnValues *map[string][]interface{}) bool { // to-do return error - - if returnValues == nil { - returnValuesTemp := make(map[string][]interface{}, 0) - returnValues = &returnValuesTemp - } +func TestConditions(rule *Rule, message *MessageAttributes) (bool, []map[string]interface{}) { // to-do return error if !rule.ruleAlreadyPrepared { rule.SetPredefinedStringsAndLists(GlobalPredefinedStringsAndLists) } if rule.preparedRule.Conditions.ConditionsTree != nil { - return rule.preparedRule.Conditions.ConditionsTree.Eval(message, returnValues) + return rule.preparedRule.Conditions.ConditionsTree.Eval(message) } - return false + return false, []map[string]interface{}{} } -func (rule *Rule) TestConditions(message *MessageAttributes) (bool, *map[string][]interface{}) { - returnValuesTemp := make(map[string][]interface{}, 0) - returnValues := &returnValuesTemp - return TestConditions(rule, message, returnValues), returnValues +func (rule *Rule) TestConditions(message *MessageAttributes) (bool, []map[string]interface{}) { + return TestConditions(rule, message) } // testOneCondition tests one condition of the rule with the message attributes -func testOneCondition(c *Condition, message *MessageAttributes, returnValues *map[string][]interface{}) bool { +func testOneCondition(c *Condition, message *MessageAttributes) (bool, []map[string]interface{}) { var valueToCompareInt int64 var valueToCompareFloat float64 @@ -337,16 +315,16 @@ func testOneCondition(c *Condition, message *MessageAttributes, returnValues *ma } case ("$sender"): - return testSenderAttributeCondition(c, message) + return testSenderAttributeCondition(c, message), []map[string]interface{}{} case ("$receiver"): - return testReceiverAttributeCondition(c, message) + return testReceiverAttributeCondition(c, message), []map[string]interface{}{} case ("senderLabel"): - return testSenderLabelCondition(c, message) + return testSenderLabelCondition(c, message), []map[string]interface{}{} case ("receiverLabel"): - return testReceiverLabelCondition(c, message) + return testReceiverLabelCondition(c, message), []map[string]interface{}{} case ("jsonpath"): var flag bool @@ -356,89 +334,76 @@ func testOneCondition(c *Condition, message *MessageAttributes, returnValues *ma flag = testJsonPathCondition(c, message) } if flag && c.ReturnValueJsonpath != nil { - getExtraData(c, message, returnValues) - return flag + extraDataTemp := getExtraData(c, message) + return flag, []map[string]interface{}{extraDataTemp} } - return flag + return flag, []map[string]interface{}{} default: log.Printf("condition keyword not supported: %+v\n", c) // was log.Fatalf - return false + return false, []map[string]interface{}{} } - return result + return result, []map[string]interface{}{} } -func getExtraData(c *Condition, message *MessageAttributes, returnValue *map[string][]interface{}) { +func getExtraData(c *Condition, message *MessageAttributes) map[string]interface{} { if message.RequestRawInterface != nil { - getExtraDataFromInterface(c.PreparedReturnValueJsonpathQuery, c.PreparedReturnValueJsonpathQueryRelativeFlag, c.ReturnValueJsonpath, message, returnValue) - } else { - getExtraDataFromByteArray(c.ReturnValueJsonpath, c.PreparedReturnValueJsonpathQueryRelativeFlag, message, returnValue) + return getExtraDataFromInterface(c.PreparedReturnValueJsonpathQuery, c.PreparedReturnValueJsonpathQueryRelativeFlag, c.ReturnValueJsonpath, message) } + return getExtraDataFromByteArray(c.ReturnValueJsonpath, c.PreparedReturnValueJsonpathQueryRelativeFlag, message) } -func getExtraDataFromInterface(preparedReturnValueJsonpathQueryMap map[string]jsonpath.FilterFunc, preparedReturnValueJsonpathQueryRelativeFlag map[string]bool, returnValueJsonpathMap map[string]string, message *MessageAttributes, returnValue *map[string][]interface{}) { +func getExtraDataFromInterface(preparedReturnValueJsonpathQueryMap map[string]jsonpath.FilterFunc, preparedReturnValueJsonpathQueryRelativeFlag map[string]bool, returnValueJsonpathMap map[string]string, message *MessageAttributes) map[string]interface{} { + extraDataTemp := make(map[string]interface{}) for queryName, preparedQuery := range preparedReturnValueJsonpathQueryMap { if returnValueJsonpathMap[queryName] == "$*" { if preparedReturnValueJsonpathQueryRelativeFlag[queryName] { - appendReturnValue(queryName, returnValue, *message.RequestRawInterfaceRelative) - //extraDataTemp[queryName] = *message.RequestRawInterfaceRelative + extraDataTemp[queryName] = *message.RequestRawInterfaceRelative } else { - appendReturnValue(queryName, returnValue, *message.RequestRawInterface) - //extraDataTemp[queryName] = *message.RequestRawInterface + extraDataTemp[queryName] = *message.RequestRawInterface } } else { if preparedQuery != nil { var err error - var returnValueEntry interface{} + var extraDataTempTemp interface{} if preparedReturnValueJsonpathQueryRelativeFlag[queryName] { - returnValueEntry, err = queryInterface(preparedQuery, *message.RequestRawInterfaceRelative) + extraDataTempTemp, err = queryInterface(preparedQuery, *message.RequestRawInterfaceRelative) } else { - returnValueEntry, err = queryInterface(preparedQuery, *message.RequestRawInterface) + extraDataTempTemp, err = queryInterface(preparedQuery, *message.RequestRawInterface) } if err == nil { - //extraDataTemp[queryName] = extraDataTempTemp - appendReturnValue(queryName, returnValue, returnValueEntry) + extraDataTemp[queryName] = extraDataTempTemp } } else { - // var x interface{} - // extraDataTemp[queryName] = x + var x interface{} + extraDataTemp[queryName] = x } } } - return //extraDataTemp -} - -func appendReturnValue(queryName string, returnValue *map[string][]interface{}, value interface{}) { - if array, ok := (*returnValue)[queryName]; !ok { - (*returnValue)[queryName] = []interface{}{value} - } else { - array = append(array, value) - (*returnValue)[queryName] = array - } + return extraDataTemp } -func getExtraDataFromByteArray(returnValueJsonpathMap map[string]string, returnValueJsonpathQueryRelativeFlag map[string]bool, message *MessageAttributes, returnValue *map[string][]interface{}) { - //extraDataTemp := make(map[string]interface{}) +func getExtraDataFromByteArray(returnValueJsonpathMap map[string]string, returnValueJsonpathQueryRelativeFlag map[string]bool, message *MessageAttributes) map[string]interface{} { + extraDataTemp := make(map[string]interface{}) for queryName, queryString := range returnValueJsonpathMap { - var returnValueEntryBytes []byte + var extraDataBytes []byte if returnValueJsonpathQueryRelativeFlag[queryName] { - returnValueEntryBytes, _ = jsonslice.Get(*message.RequestJsonRawRelative, queryString) + extraDataBytes, _ = jsonslice.Get(*message.RequestJsonRawRelative, queryString) } else { - returnValueEntryBytes, _ = jsonslice.Get(*message.RequestJsonRaw, queryString) + extraDataBytes, _ = jsonslice.Get(*message.RequestJsonRaw, queryString) } - var returnValueEntry interface{} - err := json.Unmarshal(returnValueEntryBytes, &returnValueEntry) + var tempInterface interface{} + err := json.Unmarshal(extraDataBytes, &tempInterface) if err == nil { - appendReturnValue(queryName, returnValue, returnValueEntry) - //extraDataTemp[queryName] = tempInterface + extraDataTemp[queryName] = tempInterface } } - //return extraDataTemp + return extraDataTemp } func testSenderAttributeCondition(c *Condition, message *MessageAttributes) bool { diff --git a/MAPL_engine/check_test.go b/MAPL_engine/check_test.go index 75ed64b..bbd8731 100755 --- a/MAPL_engine/check_test.go +++ b/MAPL_engine/check_test.go @@ -160,7 +160,7 @@ func TestMaplEngine(t *testing.T) { Convey("tests", t, func() { results, _ := test_CheckMessages("../files/rules/basic_rules/rules_basic_v2.yaml", "../files/messages/main_fields/messages_basic_sender_name.yaml") - So(results[0], ShouldEqual, ALLOW) + So(results[0], ShouldEqual, DEFAULT) So(results[1], ShouldEqual, DEFAULT) So(results[2], ShouldEqual, DEFAULT) So(results[3], ShouldEqual, DEFAULT) @@ -169,86 +169,6 @@ func TestMaplEngine(t *testing.T) { }) } -func TestMaplEngineWildcardsInSenderReceiver(t *testing.T) { - - logging := false - if logging { - // setup a log outfile file - f, err := os.OpenFile("log.txt", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0777) //create your file with desired read/write permissions - if err != nil { - log.Fatal(err) - } - defer f.Sync() - defer f.Close() - log.SetOutput(f) //set output of logs to f - } else { - log.SetOutput(ioutil.Discard) // when we complete the debugging we discard the logs [output discarded] - } - - reporting.QuietMode() - Convey("tests", t, func() { - - results, _ := test_CheckMessages("../files/rules/basic_rules/rules_basic_v2_wildcards_sender_receiver.yaml", "../files/messages/main_fields/messages_basic_sender_receiver_names.yaml") - So(results[0], ShouldEqual, ALLOW) - So(results[1], ShouldEqual, ALLOW) - So(results[2], ShouldEqual, DEFAULT) - So(results[3], ShouldEqual, ALLOW) - fmt.Println("----------------------") - - }) -} - -func TestMaplEngineNoAutomaticWildcardsInConditions(t *testing.T) { - - // string in jsonpath condition is regarded as a string and not converted to regex. - // RE should be used with a correct regex (i.e. use ".*" and not "*") - // in other fields (sender, receiver, etc...) it is converted to regex. - - logging := false - if logging { - // setup a log outfile file - f, err := os.OpenFile("log.txt", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0777) //create your file with desired read/write permissions - if err != nil { - log.Fatal(err) - } - defer f.Sync() - defer f.Close() - log.SetOutput(f) //set output of logs to f - } else { - log.SetOutput(ioutil.Discard) // when we complete the debugging we discard the logs [output discarded] - } - - reporting.QuietMode() - Convey("tests", t, func() { - - results, _ := test_CheckMessagesWithRawData("../files/rules/with_jsonpath_conditions/rules_with_jsonpath_conditions_RE_with_wildcard_wrong_regex.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/basic_jsonpath/json_raw_data1_with_wildcard_in_field3.json") - So(results[0], ShouldEqual, DEFAULT) - results, _ = test_CheckMessagesWithRawData("../files/rules/with_jsonpath_conditions/rules_with_jsonpath_conditions_RE_with_wildcard_correct_regex.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/basic_jsonpath/json_raw_data1_with_wildcard_in_field3.json") - So(results[0], ShouldEqual, ALLOW) - - results, _ = test_CheckMessagesWithRawData("../files/rules/with_jsonpath_conditions/rules_with_jsonpath_conditions_EQ_with_wildcard.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/basic_jsonpath/json_raw_data1_with_wildcard_in_field0.json") - So(results[0], ShouldEqual, ALLOW) - results, _ = test_CheckMessagesWithRawData("../files/rules/with_jsonpath_conditions/rules_with_jsonpath_conditions_EQ_with_wildcard.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/basic_jsonpath/json_raw_data1_with_wildcard_in_field1.json") - So(results[0], ShouldEqual, DEFAULT) - results, _ = test_CheckMessagesWithRawData("../files/rules/with_jsonpath_conditions/rules_with_jsonpath_conditions_EQ_with_wildcard.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/basic_jsonpath/json_raw_data1_with_wildcard_in_field2.json") - So(results[0], ShouldEqual, DEFAULT) - results, _ = test_CheckMessagesWithRawData("../files/rules/with_jsonpath_conditions/rules_with_jsonpath_conditions_EQ_with_wildcard.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/basic_jsonpath/json_raw_data1_with_wildcard_in_field3.json") - So(results[0], ShouldEqual, DEFAULT) - - results, _ = test_CheckMessagesWithRawData("../files/rules/with_jsonpath_conditions/rules_with_jsonpath_conditions_RE_with_wildcard.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/basic_jsonpath/json_raw_data1_with_wildcard_in_field0.json") - So(results[0], ShouldEqual, ALLOW) - results, _ = test_CheckMessagesWithRawData("../files/rules/with_jsonpath_conditions/rules_with_jsonpath_conditions_RE_with_wildcard.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/basic_jsonpath/json_raw_data1_with_wildcard_in_field1.json") - So(results[0], ShouldEqual, ALLOW) - results, _ = test_CheckMessagesWithRawData("../files/rules/with_jsonpath_conditions/rules_with_jsonpath_conditions_RE_with_wildcard.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/basic_jsonpath/json_raw_data1_with_wildcard_in_field2.json") - So(results[0], ShouldEqual, ALLOW) - results, _ = test_CheckMessagesWithRawData("../files/rules/with_jsonpath_conditions/rules_with_jsonpath_conditions_RE_with_wildcard.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/basic_jsonpath/json_raw_data1_with_wildcard_in_field3.json") - So(results[0], ShouldEqual, DEFAULT) - - fmt.Println("----------------------") - - }) -} - // TODO: test json path with '*' func TestRuleHashes(t *testing.T) { //To-do: re-write @@ -568,9 +488,6 @@ func TestMaplEngineJsonConditionsDebugging(t *testing.T) { err = json.Unmarshal([]byte(dataJson2), &c2) So(err, ShouldBeNil) - results_debug, _ := test_ConditionsWithJsonRaw("../files/rules/debugging/rule_suspicious_behaviour1.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/debugging/json_raw_data_suspicious_behaviour1.json") - So(results_debug[0][0], ShouldBeTrue) - results, _ := test_CheckMessagesWithRawData("../files/rules/debugging/rules_with_jsonpath_debug_with_array_index.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/debugging/json_raw_data_debug_with_array_index_1.json") So(results[0], ShouldEqual, DEFAULT) results, _ = test_CheckMessagesWithRawData("../files/rules/debugging/rules_with_jsonpath_debug_with_array_index.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/debugging/json_raw_data_debug_with_array_index_2.json") @@ -640,53 +557,22 @@ func TestMaplEngineJsonConditionWithReturnValues(t *testing.T) { // test on arrays str := "test jsonpath condition" fmt.Println(str) - /* - results, extraData, _ := test_CheckMessagesWithRawDataWithReturnValue("../files/rules/with_return_value/rules_with_condition_keyword_and_return_value.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/basic_jsonpath/json_raw_data_condition_with_return_values.json") - So(len(*extraData[0]), ShouldEqual, 2) - So((*extraData[0])["name"][0], ShouldEqual, "containerName") - So((*extraData[0])["command"][0], ShouldEqual, "containerCommand") - So(results[0], ShouldEqual, ALLOW) - results, extraData, _ = test_CheckMessagesWithRawDataWithReturnValue("../files/rules/with_return_value/rules_with_condition_keyword_and_return_value2.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/basic_jsonpath/json_raw_data_condition_with_return_values.json") - So(len((*extraData[0])), ShouldEqual, 3) // when we have more than one returnValues in seperate conditions we merge them - So((*extraData[0])["name"][0], ShouldEqual, "containerName") - So((*extraData[0])["command"][0], ShouldEqual, "containerCommand") - So((*extraData[0])["otherStuff"][0], ShouldEqual, "otherStuff") - So(results[0], ShouldEqual, ALLOW) + results, extraData, _ := test_CheckMessagesWithRawDataWithReturnValue("../files/rules/with_return_value/rules_with_condition_keyword_and_return_value.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/basic_jsonpath/json_raw_data_condition_with_return_values.json") + So(len(extraData[0]), ShouldEqual, 1) + So(len(extraData[0][0]), ShouldEqual, 2) + So(extraData[0][0]["name"], ShouldEqual, "containerName") + So(extraData[0][0]["command"], ShouldEqual, "containerCommand") + So(results[0], ShouldEqual, ALLOW) - results, extraData, _ = test_CheckMessagesWithRawDataWithReturnValue("../files/rules/with_return_value/rules_with_jsonpath_EQ_on_array_with_return_value.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/any_all2/json_raw_data_EQ1.json") - So(len((*extraData[0])), ShouldEqual, 2) // in ANY node we use the ANY global return value and also the return value within the condition! - So(len((*extraData[0])["name1"]), ShouldEqual, 1) - So(len((*extraData[0])["name2"]), ShouldEqual, 1) - So((*extraData[0])["name1"][0], ShouldEqual, "proxy") - So((*extraData[0])["name2"][0], ShouldEqual, "proxy") - So(results[0], ShouldEqual, BLOCK) + results, extraData, _ = test_CheckMessagesWithRawDataWithReturnValue("../files/rules/with_return_value/rules_with_condition_keyword_and_return_value2.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/basic_jsonpath/json_raw_data_condition_with_return_values.json") + So(len(extraData[0]), ShouldEqual, 1) + So(len(extraData[0][0]), ShouldEqual, 1) // when we have more than one returnValues we keep only the last one! + So(extraData[0][0]["otherStuff"], ShouldEqual, "otherStuff") + So(results[0], ShouldEqual, ALLOW) - results, extraData, _ = test_CheckMessagesWithRawDataWithReturnValue("../files/rules/with_return_value/rules_with_jsonpath_EQ_on_array_with_return_value2.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/any_all2/json_raw_data_EQ1.json") - So(len((*extraData[0])), ShouldEqual, 1) // in ANY node we use the ANY global return value and also the return value within the condition! - So(len((*extraData[0])["name"]), ShouldEqual, 2) // but if we give the same name then they will be appended - So((*extraData[0])["name"][0], ShouldEqual, "proxy") - So((*extraData[0])["name"][1], ShouldEqual, "proxy") - So(results[0], ShouldEqual, BLOCK) - */ - results, extraData, _ := test_CheckMessagesWithRawDataWithReturnValue("../files/rules/with_return_value/rules_with_jsonpath_EQ_on_array_with_return_value_in_sub_node.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/any_all2/json_raw_data_EQ1.json") - So(len((*extraData[0])), ShouldEqual, 2) - So(len((*extraData[0])["name1"]), ShouldEqual, 2) - So(len((*extraData[0])["name2"]), ShouldEqual, 2) - So((*extraData[0])["name1"][0], ShouldEqual, "cart7") - So((*extraData[0])["name1"][1], ShouldEqual, "cart7b") - So((*extraData[0])["name2"][0], ShouldEqual, "cart7") - So((*extraData[0])["name2"][1], ShouldEqual, "cart7b") - So(results[0], ShouldEqual, BLOCK) - - results, extraData, _ = test_CheckMessagesWithRawDataWithReturnValue("../files/rules/with_return_value/rules_with_jsonpath_EQ_on_array_with_return_value_in_sub_node2.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/any_all2/json_raw_data_EQ1.json") - So(len((*extraData[0])), ShouldEqual, 2) - So(len((*extraData[0])["name1"]), ShouldEqual, 2) - So(len((*extraData[0])["name2"]), ShouldEqual, 2) - So((*extraData[0])["name1"][0], ShouldEqual, "cart7") - So((*extraData[0])["name1"][1], ShouldEqual, "cart7b") - So((*extraData[0])["name2"][0], ShouldEqual, "cart7") - So((*extraData[0])["name2"][1], ShouldEqual, "cart7b") + results, extraData, _ = test_CheckMessagesWithRawDataWithReturnValue("../files/rules/with_return_value/rules_with_jsonpath_EQ_on_array_with_return_value.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/any_all2/json_raw_data_EQ1.json") + So(len(extraData[0]), ShouldEqual, 0) // in ANY node we use the ANY global return value and not the return value within the condition! So(results[0], ShouldEqual, BLOCK) }) @@ -776,31 +662,29 @@ func TestMaplEngineJsonConditionsWildcards(t *testing.T) { } results, extraData, _ := test_CheckMessagesWithRawDataWithReturnValue("../files/rules/deepscan/rules_with_jsonpath_deepscan.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/deepscan/json_raw_data_2containers.json") - So((*extraData[0])["name"][0].(string), ShouldEqual, "c2") + So(extraData[0][0]["name"].(string), ShouldEqual, "c2") So(results[0], ShouldEqual, BLOCK) results, extraData, _ = test_CheckMessagesWithRawDataWithReturnValue("../files/rules/deepscan/rules_with_jsonpath_deepscan.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/deepscan/json_raw_data_2containers.json") - So((*extraData[0])["name"][0].(string), ShouldEqual, "c2") + So(extraData[0][0]["name"].(string), ShouldEqual, "c2") So(results[0], ShouldEqual, BLOCK) results, extraData, _ = test_CheckMessagesWithRawDataWithReturnValue("../files/rules/deepscan/rules_with_jsonpath_deepscan.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/deepscan/json_raw_data_2containers_dep.json") - z := extraData[0] - fmt.Println(z) - So(extraData[0], ShouldBeNil) + So(len(extraData[0]), ShouldEqual, 0) So(results[0], ShouldEqual, DEFAULT) results, extraData, _ = test_CheckMessagesWithRawDataWithReturnValue("../files/rules/deepscan/rules_with_jsonpath_deepscan2.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/deepscan/json_raw_data_2containers_dep.json") - So((*extraData[0])["name"][0].(string), ShouldEqual, "c2") + So(extraData[0][0]["name"].(string), ShouldEqual, "c2") So(results[0], ShouldEqual, BLOCK) results, extraData, _ = test_CheckMessagesWithRawDataWithReturnValue("../files/rules/deepscan/rules_with_jsonpath_deepscan2.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/deepscan/json_raw_data_2containers_dep2.json") - So((*extraData[0])["name"][0].(string), ShouldEqual, "c2A") - So((*extraData[0])["name"][1].(string), ShouldEqual, "c2B") + So(extraData[0][0]["name"].(string), ShouldEqual, "c2A") + So(extraData[0][1]["name"].(string), ShouldEqual, "c2B") So(results[0], ShouldEqual, BLOCK) results, extraData, _ = test_CheckMessagesWithRawDataWithReturnValue("../files/rules/deepscan/rules_with_jsonpath_deepscan2b.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/deepscan/json_raw_data_2containers_dep2.json") - So((*extraData[0])["name"][0].(string), ShouldEqual, "c2A") - So((*extraData[0])["name"][1].(string), ShouldEqual, "c2B") + So(extraData[0][0]["name"].(string), ShouldEqual, "c2A") + So(extraData[0][1]["name"].(string), ShouldEqual, "c2B") So(results[0], ShouldEqual, BLOCK) }) } @@ -1393,42 +1277,42 @@ func TestMaplEngineJsonConditionsOnArraysAnyReturnValues(t *testing.T) { fmt.Println(str) results, extraData, _ := test_CheckMessagesWithRawDataWithReturnValue("../files/rules/with_jsonpath_conditions_ALL_ANY/rules_with_jsonpath_conditions_LT_and_LT_spec_containers_ANY.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/any_all/json_raw_data_1container.json") - So(extraData[0], ShouldBeNil) + So(len(extraData[0]), ShouldEqual, 0) So(results[0], ShouldEqual, BLOCK) results, extraData, _ = test_CheckMessagesWithRawDataWithReturnValue("../files/rules/with_jsonpath_conditions_ALL_ANY/rules_with_jsonpath_conditions_LT_and_LT_spec_containers_ANY2.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/any_all/json_raw_data_1container.json") - val := (*extraData[0])["name"][0].(string) + val := extraData[0][0]["name"].(string) So(val, ShouldEqual, "c1") So(results[0], ShouldEqual, BLOCK) results, extraData, _ = test_CheckMessagesWithRawDataWithReturnValue("../files/rules/with_jsonpath_conditions_ALL_ANY/rules_with_jsonpath_conditions_LT_and_LT_spec_containers_ANY2.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/any_all/json_raw_data_2containers_cpu2_mem2000.json") //So(extraData[0], ShouldEqual, "c1") - val = (*extraData[0])["name"][0].(string) + val = extraData[0][0]["name"].(string) So(val, ShouldEqual, "c1") So(results[0], ShouldEqual, BLOCK) results, extraData, _ = test_CheckMessagesWithRawDataWithReturnValue("../files/rules/with_jsonpath_conditions_ALL_ANY/rules_with_jsonpath_conditions_LT_and_LT_spec_containers_ANY2.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/any_all/json_raw_data_2containers_cpu2_mem2000b.json") - So(extraData[0], ShouldBeNil) + So(len(extraData[0]), ShouldEqual, 0) So(results[0], ShouldEqual, DEFAULT) results, extraData, _ = test_CheckMessagesWithRawDataWithReturnValue("../files/rules/with_jsonpath_conditions_ALL_ANY/rules_with_jsonpath_conditions_LT_and_LT_spec_containers_ANY2.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/any_all/json_raw_data_2containers_cpu2_mem2000c.json") //So(extraData[0], ShouldEqual, "c1") - val = (*extraData[0])["name"][0].(string) + val = extraData[0][0]["name"].(string) So(val, ShouldEqual, "c1") So(results[0], ShouldEqual, BLOCK) results, extraData, _ = test_CheckMessagesWithRawDataWithReturnValue("../files/rules/with_jsonpath_conditions_ALL_ANY/rules_with_jsonpath_conditions_LT_and_LT_spec_containers_ANY2b.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/any_all/json_raw_data_2containers_cpu2_mem2000c.json") //So(extraData[0], ShouldEqual, "c1") - val = (*extraData[0])["name"][0].(string) + val = extraData[0][0]["name"].(string) So(val, ShouldEqual, "c1") - valBytes, _ := json.Marshal((*extraData[0])["resources"][0]) + valBytes, _ := json.Marshal(extraData[0][0]["resources"]) val = string(valBytes) val2 := `{"limits":{"cpu":"2","memory":"1000Mi"}}` So(val, ShouldEqual, val2) var buf bytes.Buffer e := json.NewEncoder(&buf) e.SetEscapeHTML(false) - e.Encode((*extraData[0])["all"][0]) // we use encode instead of marshal so that we do not translate to utf-8 for easier comparison of strings + e.Encode(extraData[0][0]["all"]) // we use encode instead of marshal so that we do not translate to utf-8 for easier comparison of strings //valBytes,_=json.Marshal(extraData[0][0]["all"]) //val=string(valBytes) val = buf.String() @@ -1440,36 +1324,36 @@ func TestMaplEngineJsonConditionsOnArraysAnyReturnValues(t *testing.T) { //----------- results, extraData, _ = test_CheckMessagesWithRawDataWithReturnValue("../files/rules/with_jsonpath_conditions_ALL_ANY/rules_with_jsonpath_conditions_LT_and_LT_spec_containers_ANY2.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/any_all/json_raw_data_2containers_cpu2_mem2000d.json") //So(extraData[0], ShouldEqual, "c1,c2") - val = (*extraData[0])["name"][0].(string) + val = extraData[0][0]["name"].(string) So(val, ShouldEqual, "c1") - val = (*extraData[0])["name"][1].(string) + val = extraData[0][1]["name"].(string) So(val, ShouldEqual, "c2") So(results[0], ShouldEqual, BLOCK) results, extraData, _ = test_CheckMessagesWithRawDataWithReturnValue("../files/rules/with_jsonpath_conditions_ALL_ANY/rules_with_jsonpath_conditions_LT_and_LT_spec_containers_ANY2b.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/any_all/json_raw_data_2containers_cpu2_mem2000d.json") // first container that pass the ANY [0][0] - val = (*extraData[0])["name"][0].(string) + val = extraData[0][0]["name"].(string) So(val, ShouldEqual, "c1") - valBytes, _ = json.Marshal((*extraData[0])["resources"][0]) + valBytes, _ = json.Marshal(extraData[0][0]["resources"]) val = string(valBytes) val2 = `{"limits":{"cpu":"2","memory":"1000Mi"}}` So(val, ShouldEqual, val2) buf.Reset() - e.Encode((*extraData[0])["all"][0]) // we use encode instead of marshal so that we do not translate to utf-8 for easier comparison of strings + e.Encode(extraData[0][0]["all"]) // we use encode instead of marshal so that we do not translate to utf-8 for easier comparison of strings val = buf.String() val = val[0 : len(val)-1] // since Encode adds a line break val2 = `{"command":["sh","-c","echo 'Hello1 AppArmor!' && sleep 1h"],"image":"busybox","name":"c1","resources":{"limits":{"cpu":"2","memory":"1000Mi"}}}` So(val, ShouldEqual, val2) // second container that pass the ANY [0][1] - val = (*extraData[0])["name"][1].(string) + val = extraData[0][1]["name"].(string) So(val, ShouldEqual, "c2") - valBytes, _ = json.Marshal((*extraData[0])["resources"][1]) + valBytes, _ = json.Marshal(extraData[0][1]["resources"]) val = string(valBytes) val2 = `{"limits":{"cpu":"1","memory":"1100Mi"}}` So(val, ShouldEqual, val2) buf.Reset() - e.Encode((*extraData[0])["all"][1]) // we use encode instead of marshal so that we do not translate to utf-8 for easier comparison of strings + e.Encode(extraData[0][1]["all"]) // we use encode instead of marshal so that we do not translate to utf-8 for easier comparison of strings val = buf.String() val = val[0 : len(val)-1] // since Encode adds a line break val2 = `{"command":["sh","-c","echo 'Hello AppArmor!' && sleep 2h"],"image":"busybox","name":"c2","resources":{"limits":{"cpu":"1","memory":"1100Mi"}}}` @@ -1484,36 +1368,36 @@ func TestMaplEngineJsonConditionsOnArraysAnyReturnValues(t *testing.T) { results, extraData, _ = test_CheckMessagesWithRawDataWithReturnValue("../files/rules/with_jsonpath_conditions_ALL_ANY/rules_with_jsonpath_conditions_LT_and_LT_spec_containers_ANY2.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/any_all/json_raw_data_2containers_cpu2_mem2000e.json") //So(extraData[0], ShouldEqual, "c1,c3") - val = (*extraData[0])["name"][0].(string) + val = extraData[0][0]["name"].(string) So(val, ShouldEqual, "c1") - val = (*extraData[0])["name"][1].(string) + val = extraData[0][1]["name"].(string) So(val, ShouldEqual, "c3") So(results[0], ShouldEqual, BLOCK) results, extraData, _ = test_CheckMessagesWithRawDataWithReturnValue("../files/rules/with_jsonpath_conditions_ALL_ANY/rules_with_jsonpath_conditions_LT_and_LT_spec_containers_ANY2b.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/any_all/json_raw_data_2containers_cpu2_mem2000e.json") //So(extraData[0], ShouldEqual, "c1,c3") // first container that pass the ANY [0][0] - val = (*extraData[0])["name"][0].(string) + val = extraData[0][0]["name"].(string) So(val, ShouldEqual, "c1") - valBytes, _ = json.Marshal((*extraData[0])["resources"][0]) + valBytes, _ = json.Marshal(extraData[0][0]["resources"]) val = string(valBytes) val2 = `{"limits":{"cpu":"2","memory":"1000Mi"}}` So(val, ShouldEqual, val2) buf.Reset() - e.Encode((*extraData[0])["all"][0]) // we use encode instead of marshal so that we do not translate to utf-8 for easier comparison of strings + e.Encode(extraData[0][0]["all"]) // we use encode instead of marshal so that we do not translate to utf-8 for easier comparison of strings val = buf.String() val = val[0 : len(val)-1] // since Encode adds a line break val2 = `{"command":["sh","-c","echo 'Hello1 AppArmor!' && sleep 1h"],"image":"busybox","name":"c1","resources":{"limits":{"cpu":"2","memory":"1000Mi"}}}` So(val, ShouldEqual, val2) // second container that pass the ANY [0][1] - val = (*extraData[0])["name"][1].(string) + val = extraData[0][1]["name"].(string) So(val, ShouldEqual, "c3") - valBytes, _ = json.Marshal((*extraData[0])["resources"][1]) + valBytes, _ = json.Marshal(extraData[0][1]["resources"]) val = string(valBytes) val2 = `{"limits":{"cpu":"1","memory":"1100Mi"}}` So(val, ShouldEqual, val2) buf.Reset() - e.Encode((*extraData[0])["all"][1]) // we use encode instead of marshal so that we do not translate to utf-8 for easier comparison of strings + e.Encode(extraData[0][1]["all"]) // we use encode instead of marshal so that we do not translate to utf-8 for easier comparison of strings val = buf.String() val = val[0 : len(val)-1] // since Encode adds a line break val2 = `{"command":["sh","-c","echo 'Hello1 AppArmor!' && sleep 3h"],"image":"busybox","name":"c3","resources":{"limits":{"cpu":"1","memory":"1100Mi"}}}` @@ -1523,91 +1407,84 @@ func TestMaplEngineJsonConditionsOnArraysAnyReturnValues(t *testing.T) { results, extraData, _ = test_CheckMessagesWithRawDataWithReturnValue("../files/rules/with_jsonpath_conditions_ALL_ANY/rules_with_jsonpath_conditions_LT_and_LT_spec_containers_ANY2.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/any_all/json_raw_data_2containers_cpu2_mem2000f.json") //So(extraData[0], ShouldEqual, "c3") - val = (*extraData[0])["name"][0].(string) + val = extraData[0][0]["name"].(string) So(val, ShouldEqual, "c3") So(results[0], ShouldEqual, BLOCK) //--------- results, extraData, _ = test_CheckMessagesWithRawDataWithReturnValue("../files/rules/with_jsonpath_conditions_ALL_ANY/rules_with_jsonpath_conditions_LT_and_LT_spec_containers_ANY3.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/any_all/json_raw_data_1container.json") - val = (*extraData[0])["name"][0].(string) + val = extraData[0][0]["name"].(string) So(val, ShouldEqual, "c1") So(results[0], ShouldEqual, BLOCK) results, extraData, _ = test_CheckMessagesWithRawDataWithReturnValue("../files/rules/with_jsonpath_conditions_ALL_ANY/rules_with_jsonpath_conditions_LT_and_LT_spec_containers_ANY3.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/any_all/json_raw_data_2containers_cpu2_mem2000.json") - val = (*extraData[0])["name"][0].(string) + val = extraData[0][0]["name"].(string) So(val, ShouldEqual, "c1") So(results[0], ShouldEqual, BLOCK) results, extraData, _ = test_CheckMessagesWithRawDataWithReturnValue("../files/rules/with_jsonpath_conditions_ALL_ANY/rules_with_jsonpath_conditions_LT_and_LT_spec_containers_ANY3.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/any_all/json_raw_data_2containers_cpu2_mem2000b.json") - So(extraData[0], ShouldBeNil) + So(len(extraData[0]), ShouldEqual, 0) So(results[0], ShouldEqual, DEFAULT) results, extraData, _ = test_CheckMessagesWithRawDataWithReturnValue("../files/rules/with_jsonpath_conditions_ALL_ANY/rules_with_jsonpath_conditions_LT_and_LT_spec_containers_ANY3.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/any_all/json_raw_data_2containers_cpu2_mem2000c.json") - val = (*extraData[0])["name"][0].(string) + val = extraData[0][0]["name"].(string) So(val, ShouldEqual, "c1") So(results[0], ShouldEqual, BLOCK) results, extraData, _ = test_CheckMessagesWithRawDataWithReturnValue("../files/rules/with_jsonpath_conditions_ALL_ANY/rules_with_jsonpath_conditions_LT_and_LT_spec_containers_ANY3.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/any_all/json_raw_data_2containers_cpu2_mem2000d.json") - val = (*extraData[0])["name"][0].(string) + val = extraData[0][0]["name"].(string) So(val, ShouldEqual, "c1") - val = (*extraData[0])["name"][1].(string) + val = extraData[0][1]["name"].(string) So(val, ShouldEqual, "c2") So(results[0], ShouldEqual, BLOCK) results, extraData, _ = test_CheckMessagesWithRawDataWithReturnValue("../files/rules/with_jsonpath_conditions_ALL_ANY/rules_with_jsonpath_conditions_LT_and_LT_spec_containers_ANY3.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/any_all/json_raw_data_2containers_cpu2_mem2000e.json") - val = (*extraData[0])["name"][0].(string) + val = extraData[0][0]["name"].(string) So(val, ShouldEqual, "c1") - val = (*extraData[0])["name"][1].(string) + val = extraData[0][1]["name"].(string) So(val, ShouldEqual, "c3") So(results[0], ShouldEqual, BLOCK) results, extraData, _ = test_CheckMessagesWithRawDataWithReturnValue("../files/rules/with_jsonpath_conditions_ALL_ANY/rules_with_jsonpath_conditions_LT_and_LT_spec_containers_ANY3.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/any_all/json_raw_data_2containers_cpu2_mem2000f.json") - val = (*extraData[0])["name"][0].(string) + val = extraData[0][0]["name"].(string) So(val, ShouldEqual, "c3") So(results[0], ShouldEqual, BLOCK) //--------------- // OR with two ANYs results, extraData, _ = test_CheckMessagesWithRawDataWithReturnValue("../files/rules/with_jsonpath_conditions_ALL_ANY/rules_with_jsonpath_conditions_LT_and_LT_spec_containers_ANY4.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/any_all/json_raw_data_2containers_cpu2_mem2000g.json") - val = (*extraData[0])["name"][0].(string) + val = extraData[0][0]["name"].(string) So(val, ShouldEqual, "c1") // the first (2 ANYs under OR) - val = (*extraData[0])["name"][1].(string) - So(val, ShouldEqual, "c2") // the second (2 ANYs under OR) So(results[0], ShouldEqual, BLOCK) results, extraData, _ = test_CheckMessagesWithRawDataWithReturnValue("../files/rules/with_jsonpath_conditions_ALL_ANY/rules_with_jsonpath_conditions_LT_and_LT_spec_containers_ANY4.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/any_all/json_raw_data_2containers_cpu2_mem2000h.json") - val = (*extraData[0])["name"][0].(string) + val = extraData[0][0]["name"].(string) So(val, ShouldEqual, "c2") // the first (2 ANYs under OR) So(results[0], ShouldEqual, BLOCK) //--------------- // AND with two ANYs results, extraData, _ = test_CheckMessagesWithRawDataWithReturnValue("../files/rules/with_jsonpath_conditions_ALL_ANY/rules_with_jsonpath_conditions_LT_and_LT_spec_containers_ANY7.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/any_all/json_raw_data_2containers_cpu2_mem2000g.json") - val = (*extraData[0])["name2"][0].(string) + val = extraData[0][0]["name2"].(string) So(val, ShouldEqual, "c2") // the last (2 ANYs under AND) So(results[0], ShouldEqual, BLOCK) //--------------- // NOT with ANY results, extraData, _ = test_CheckMessagesWithRawDataWithReturnValue("../files/rules/with_jsonpath_conditions_ALL_ANY/rules_with_jsonpath_conditions_LT_and_LT_spec_containers_ANY5.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/any_all/json_raw_data_2containers_cpu2_mem2000h.json") - So(extraData[0], ShouldBeNil) // NOT removes the extraData from the ANY node + So(len(extraData[0]), ShouldEqual, 0) // NOT removes the extraData from the ANY node So(results[0], ShouldEqual, BLOCK) - // now with the inner condition returned value not empty. The NOT should clear it - results, extraData, _ = test_CheckMessagesWithRawDataWithReturnValue("../files/rules/with_jsonpath_conditions_ALL_ANY/rules_with_jsonpath_conditions_LT_and_LT_spec_containers_ANY5.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/any_all/json_raw_data_2containers_cpu2_mem2000g.json") - So(extraData[0], ShouldBeNil) // NOT removes the extraData from the ANY node - So(results[0], ShouldEqual, DEFAULT) - //--------- // with units results, extraData, _ = test_CheckMessagesWithRawDataWithReturnValue("../files/rules/with_jsonpath_conditions_ALL_ANY/rules_with_jsonpath_conditions_LT_and_LT_spec_containers_ANY6.yaml", "../files/messages/messages_base_jsonpath.yaml", "../files/raw_json_data/any_all/json_raw_data_2containers_cpu2_mem2000i.json") - So(len((*extraData[0])["name"]), ShouldEqual, 3) - val = (*extraData[0])["name"][0].(string) + So(len(extraData[0]), ShouldEqual, 3) + val = extraData[0][0]["name"].(string) So(val, ShouldEqual, "c2") - val = (*extraData[0])["name"][1].(string) + val = extraData[0][1]["name"].(string) So(val, ShouldEqual, "c4") - val = (*extraData[0])["name"][2].(string) + val = extraData[0][2]["name"].(string) So(val, ShouldEqual, "c6") So(results[0], ShouldEqual, BLOCK) @@ -2261,23 +2138,21 @@ func test_CheckMessagesWithRawData(rulesFilename, messagesFilename, rawFilename So(msg, ShouldEqual, msg2) So(relevantRuleIndex, ShouldEqual, relevantRuleIndex2) So(fmt.Sprintf("%v", appliedRulesIndices), ShouldEqual, fmt.Sprintf("%v", appliedRulesIndices2)) - for i, _ := range extraData { - So(fmt.Sprintf("%v", extraData[i]), ShouldEqual, fmt.Sprintf("%v", extraData2[i])) - } + So(fmt.Sprintf("%v", extraData), ShouldEqual, fmt.Sprintf("%v", extraData2)) + } return outputResults, nil } -func test_CheckMessagesWithRawDataWithReturnValue(rulesFilename, messagesFilename, rawFilename string) ([]int, []*map[string][]interface{}, error) { +func test_CheckMessagesWithRawDataWithReturnValue(rulesFilename, messagesFilename, rawFilename string) ([]int, [][]map[string]interface{}, error) { rules, messages, data, err := readRulesMessageRawData(rulesFilename, messagesFilename, rawFilename, "") - So(err, ShouldBeNil) if err != nil { - return []int{}, []*map[string][]interface{}{}, err + return []int{}, [][]map[string]interface{}{}, err } var outputResults []int - var outputResultsExtraData []*map[string][]interface{} + var outputResultsExtraData [][]map[string]interface{} for _, message := range messages.Messages { @@ -2323,9 +2198,8 @@ func test_CheckMessagesWithRawDataWithReturnValue(rulesFilename, messagesFilenam So(msg, ShouldEqual, msg2) So(relevantRuleIndex, ShouldEqual, relevantRuleIndex2) So(fmt.Sprintf("%v", appliedRulesIndices), ShouldEqual, fmt.Sprintf("%v", appliedRulesIndices2)) - for i := range extraData { - So(fmt.Sprintf("%+v", extraData[i]), ShouldEqual, fmt.Sprintf("%+v", extraData2[i])) // this checks the returnValueJsonpath - } + So(fmt.Sprintf("%+v", extraData), ShouldEqual, fmt.Sprintf("%+v", extraData2)) // this checks the returnValueJsonpath + } return outputResults, outputResultsExtraData, nil } @@ -2390,22 +2264,22 @@ func test_ConditionsWithJsonRaw(rulesFilename string, messagesFilename string, r return [][]bool{}, err } - outputResults := make([][]bool, len(messages.Messages)) - outputResultsExtraData := make([][]map[string][]interface{}, len(messages.Messages)) - + var outputResults [][]bool + outputResults = make([][]bool, len(messages.Messages)) + var outputResultsExtraData [][][]map[string]interface{} + outputResultsExtraData = make([][][]map[string]interface{}, len(messages.Messages)) for i_message, message := range messages.Messages { outputResults[i_message] = make([]bool, len(rules.Rules)) - outputResultsExtraData[i_message] = make([]map[string][]interface{}, len(rules.Rules)) + outputResultsExtraData[i_message] = make([][]map[string]interface{}, len(rules.Rules)) for i_rule, rule := range rules.Rules { message.RequestJsonRaw = &data - extraData := make(map[string][]interface{}) - result := TestConditions(&rule, &message, &extraData) + result, extraData := TestConditions(&rule, &message) if TestPerformance { t0 := time.Now() for i := 0; i < NumberOfChecks; i++ { - TestConditions(&rule, &message, &extraData) + TestConditions(&rule, &message) } d := time.Since(t0) elapsedBytes += d @@ -2430,7 +2304,7 @@ func test_ConditionsWithJsonRaw(rulesFilename string, messagesFilename string, r if TestPerformance { t0 := time.Now() for i := 0; i < NumberOfChecks; i++ { - TestConditions(&rule, &message, &extraData) + TestConditions(&rule, &message) } d := time.Since(t0) elapsedInterface += d diff --git a/MAPL_engine/conditions_tree.go b/MAPL_engine/conditions_tree.go index 980edd5..9533e86 100755 --- a/MAPL_engine/conditions_tree.go +++ b/MAPL_engine/conditions_tree.go @@ -12,9 +12,9 @@ import ( "strings" ) -// ----------------------- +//----------------------- // ConditionsTree -// ----------------------- +//----------------------- type ConditionsTree struct { ConditionsTree Node `yaml:"conditionsTree,omitempty" json:"conditionsTree,omitempty" bson:"conditionsTree,omitempty" structs:"conditionsTree,omitempty"` } @@ -94,13 +94,13 @@ func (c ConditionsTree) MarshalBSON() ([]byte, error) { return bson.Marshal(doc) } -// -------------------------------------- +//-------------------------------------- // Node Interface -// -------------------------------------- +//-------------------------------------- type Node interface { - Eval(message *MessageAttributes, returnValues *map[string][]interface{}) bool + Eval(message *MessageAttributes) (bool, []map[string]interface{}) Append(node Node) - PrepareAndValidate(stringsAndlists PredefinedStringsAndLists) (bool, error) + PrepareAndValidate(stringsAndlists PredefinedStringsAndLists) error String() string // to-do: order terms so that hash will be the same ToMongoQuery(base string, parentString string, inArrayCounter int) (bson.M, []bson.M, error) } @@ -115,72 +115,38 @@ type AnyAllNode interface { GetPreparedJsonpathQuery() []jsonpath.FilterFunc } -// -------------------------------------- -func mergeReturnValues(returnValues *map[string][]interface{}, returnValues2 *map[string][]interface{}) { - for key, array2 := range *returnValues2 { - if array, ok := (*returnValues)[key]; !ok { - (*returnValues)[key] = array2 - } else { - array = append(array, array2...) - (*returnValues)[key] = array - } - } - -} - -// -------------------------------------- +//-------------------------------------- // And Node -// -------------------------------------- +//-------------------------------------- type And struct { - Nodes []Node `yaml:"AND,omitempty" json:"AND,omitempty" bson:"AND,omitempty" structs:"AND,omitempty"` - ReturnValueInNode bool `yaml:"-" json:"-" bson:"-" structs:"-"` + Nodes []Node `yaml:"AND,omitempty" json:"AND,omitempty" bson:"AND,omitempty" structs:"AND,omitempty"` } -func (a *And) Eval(message *MessageAttributes, returnValues *map[string][]interface{}) bool { - - returnValuesAfter := make(map[string][]interface{}) // we use temporary return values since we do not want to update them unless the AND result is true - returnValuesBefore := make(map[string][]interface{}) - mergeReturnValues(&returnValuesAfter, returnValues) - mergeReturnValues(&returnValuesBefore, returnValues) +func (a *And) Eval(message *MessageAttributes) (bool, []map[string]interface{}) { + extraData := []map[string]interface{}{} for _, node := range a.Nodes { - - flag := node.Eval(message, &returnValuesAfter) + flag, extraDataTemp := node.Eval(message) + if len(extraDataTemp) > 0 { + extraData = extraDataTemp + } if flag == false { - // clean previous map and enter new values. to-do: find a better way. - for k := range *returnValues { - delete(*returnValues, k) - } - mergeReturnValues(returnValues, &returnValuesBefore) - return false // no need to check the rest + return false, extraData // no need to check the rest } - - } - - // clean previous map and enter new values. to-do: find a better way - for k := range *returnValues { - delete(*returnValues, k) } - mergeReturnValues(returnValues, &returnValuesAfter) - - return true + return true, extraData } func (a *And) Append(node Node) { a.Nodes = append(a.Nodes, node) } -func (a *And) PrepareAndValidate(stringsAndlists PredefinedStringsAndLists) (bool, error) { - returnValuesInNode := false +func (a *And) PrepareAndValidate(stringsAndlists PredefinedStringsAndLists) error { for _, node := range a.Nodes { - returnValuesInNodeTemp, err := node.PrepareAndValidate(stringsAndlists) - if returnValuesInNodeTemp { - returnValuesInNode = true - } + err := node.PrepareAndValidate(stringsAndlists) if err != nil { - return returnValuesInNode, err + return err } } - a.ReturnValueInNode = returnValuesInNode - return returnValuesInNode, nil + return nil } func (a *And) String() string { @@ -210,71 +176,64 @@ func AndOrString(a_nodes []Node, andOrStr string) string { return str } -// -------------------------------------- +//-------------------------------------- // Or Node -// -------------------------------------- +//-------------------------------------- type Or struct { - Nodes []Node `yaml:"OR,omitempty" json:"OR,omitempty" bson:"OR,omitempty" structs:"OR,omitempty"` - ReturnValueInNode bool `yaml:"-" json:"-" bson:"-" structs:"-"` + Nodes []Node `yaml:"OR,omitempty" json:"OR,omitempty" bson:"OR,omitempty" structs:"OR,omitempty"` } -func (o *Or) Eval(message *MessageAttributes, returnValues *map[string][]interface{}) bool { +func (o *Or) Eval(message *MessageAttributes) (bool, []map[string]interface{}) { flagOut := false + extraDataOut := []map[string]interface{}{} for _, node := range o.Nodes { - returnValuesTemp := make(map[string][]interface{}) - flag := node.Eval(message, &returnValuesTemp) - if flag && !o.ReturnValueInNode { - return true // no need to check the rest if we do not need to extract return values - } + flag, extraData := node.Eval(message) + // if flag { + // return true, extraData // no need to check the rest + //} flagOut = flagOut || flag if flag { - mergeReturnValues(returnValues, &returnValuesTemp) + for _, e := range extraData { + extraDataOut = append(extraDataOut, e) + } } } - return flagOut + return flagOut, extraDataOut } func (o *Or) Append(node Node) { o.Nodes = append(o.Nodes, node) } -func (o *Or) PrepareAndValidate(stringsAndlists PredefinedStringsAndLists) (bool, error) { - returnValuesInNode := false +func (o *Or) PrepareAndValidate(stringsAndlists PredefinedStringsAndLists) error { for _, node := range o.Nodes { - returnValuesInNodeTemp, err := node.PrepareAndValidate(stringsAndlists) - if returnValuesInNodeTemp { - returnValuesInNode = true - } + err := node.PrepareAndValidate(stringsAndlists) if err != nil { - return false, err + return err } } - o.ReturnValueInNode = returnValuesInNode - return returnValuesInNode, nil + return nil } func (o *Or) String() string { return AndOrString(o.Nodes, " || ") } -// -------------------------------------- +//-------------------------------------- // Not Node -// -------------------------------------- +//-------------------------------------- type Not struct { - Node Node `yaml:"NOT,omitempty" json:"NOT,omitempty" bson:"NOT,omitempty" structs:"NOT,omitempty"` - ReturnValueInNode bool `yaml:"-" json:"-" bson:"-" structs:"-"` + Node Node `yaml:"NOT,omitempty" json:"NOT,omitempty" bson:"NOT,omitempty" structs:"NOT,omitempty"` } -func (n *Not) Eval(message *MessageAttributes, returnValues *map[string][]interface{}) bool { - flag := n.Node.Eval(message, returnValues) - (*returnValues) = nil // returned values from inner nodes are no-longer relevant! - return !flag +func (n *Not) Eval(message *MessageAttributes) (bool, []map[string]interface{}) { + flag, _ := n.Node.Eval(message) + return !flag, []map[string]interface{}{} } func (n *Not) Append(node Node) { n.Node = node } -func (n *Not) PrepareAndValidate(stringsAndlists PredefinedStringsAndLists) (bool, error) { +func (n *Not) PrepareAndValidate(stringsAndlists PredefinedStringsAndLists) error { - returnValuesInNode, err := n.Node.PrepareAndValidate(stringsAndlists) - n.ReturnValueInNode = returnValuesInNode - return returnValuesInNode, err + err := n.Node.PrepareAndValidate(stringsAndlists) + return err } func (n *Not) String() string { @@ -282,9 +241,9 @@ func (n *Not) String() string { return str } -// -------------------------------------- +//-------------------------------------- // Any Node -// -------------------------------------- +//-------------------------------------- type Any struct { ParentJsonpathAttribute string ParentJsonpathAttributeArray []string @@ -295,7 +254,6 @@ type Any struct { ReturnValueJsonpathOriginal map[string]string Node Node `yaml:"condition,omitempty" json:"condition,omitempty" bson:"condition,omitempty" structs:"condition,omitempty"` PreparedJsonpathQuery []jsonpath.FilterFunc `yaml:"-,omitempty" json:"-,omitempty"` - ReturnValueInNode bool `yaml:"-" json:"-" bson:"-" structs:"-"` } func (a *Any) MarshalJSON() ([]byte, error) { @@ -325,90 +283,90 @@ func (a *Any) MarshalJSON() ([]byte, error) { return []byte(str), nil } -func (a *Any) Eval(message *MessageAttributes, returnValues *map[string][]interface{}) bool { // to-do: return errors +func (a *Any) Eval(message *MessageAttributes) (bool, []map[string]interface{}) { // to-do: return errors if message.RequestRawInterface != nil && a.PreparedJsonpathQuery != nil { - return evalAnyRawInterface(a, message, returnValues) + return evalAnyRawInterface(a, message) } else { - return evalAnyRawBytes(a, message, returnValues) + return evalAnyRawBytes(a, message) } } -func evalAnyRawInterface(a *Any, message *MessageAttributes, returnValues *map[string][]interface{}) bool { +func evalAnyRawInterface(a *Any, message *MessageAttributes) (bool, []map[string]interface{}) { rawArrayData, err := getArrayOfInterfaces(a, message) if err != nil { - return false + return false, []map[string]interface{}{} } - //extraData := []map[string]interface{}{} + extraData := []map[string]interface{}{} result := false checkAllValuesInTheArray := false - if a.ReturnValueInNode { // if we seek return values in sub-nodes then we cannot skip + if len(a.ReturnValueJsonpath) > 0 { checkAllValuesInTheArray = true } originalRequestRawInterfaceRelative := message.RequestRawInterfaceRelative for _, val := range rawArrayData { message.RequestRawInterfaceRelative = &val - flag := a.Node.Eval(message, returnValues) + flag, _ := a.Node.Eval(message) if flag { result = true if a.ReturnValueJsonpath != nil { - getExtraDataFromInterface(a.ReturnValuePreparedJsonpathQuery, a.ReturnValuePreparedJsonpathQueryRelativeFlag, a.ReturnValueJsonpath, message, returnValues) - //extraData = append(extraData, extraDataTemp) + extraDataTemp := getExtraDataFromInterface(a.ReturnValuePreparedJsonpathQuery, a.ReturnValuePreparedJsonpathQueryRelativeFlag, a.ReturnValueJsonpath, message) + extraData = append(extraData, extraDataTemp) } if !checkAllValuesInTheArray { message.RequestRawInterfaceRelative = originalRequestRawInterfaceRelative - return result + return result, extraData } } } message.RequestRawInterfaceRelative = originalRequestRawInterfaceRelative - return result + return result, extraData } -func evalAnyRawBytes(a *Any, message *MessageAttributes, returnValues *map[string][]interface{}) bool { +func evalAnyRawBytes(a *Any, message *MessageAttributes) (bool, []map[string]interface{}) { rawArrayData, err := getArrayOfJsons(a, message) if err != nil { - return false + return false, []map[string]interface{}{} } - //extraData := []map[string]interface{}{} + extraData := []map[string]interface{}{} result := false checkAllValuesInTheArray := false - if a.ReturnValueInNode { // if we seek return values in sub-nodes then we cannot skip + if len(a.ReturnValueJsonpath) > 0 { checkAllValuesInTheArray = true } originalRequestJsonRawRelative := message.RequestJsonRawRelative for _, val := range rawArrayData { message.RequestJsonRawRelative = &val - flag := a.Node.Eval(message, returnValues) + flag, _ := a.Node.Eval(message) if flag { result = true - if a.ReturnValueJsonpath != nil { // this is for the ANY node returnValue - getExtraDataFromByteArray(a.ReturnValueJsonpath, a.ReturnValuePreparedJsonpathQueryRelativeFlag, message, returnValues) - //extraData = append(extraData, extraDataTemp) + if a.ReturnValueJsonpath != nil { + extraDataTemp := getExtraDataFromByteArray(a.ReturnValueJsonpath, a.ReturnValuePreparedJsonpathQueryRelativeFlag, message) + extraData = append(extraData, extraDataTemp) } if !checkAllValuesInTheArray { message.RequestJsonRawRelative = originalRequestJsonRawRelative - return result + return result, extraData } } } message.RequestJsonRawRelative = originalRequestJsonRawRelative - return result + return result, extraData } func (a *Any) Append(node Node) { a.Node = node } -func (a *Any) PrepareAndValidate(stringsAndlists PredefinedStringsAndLists) (bool, error) { +func (a *Any) PrepareAndValidate(stringsAndlists PredefinedStringsAndLists) error { - returnValuesInNode, err := a.Node.PrepareAndValidate(stringsAndlists) + err := a.Node.PrepareAndValidate(stringsAndlists) if err != nil { - return false, err + return err } a.ParentJsonpathAttributeArray = strings.Split(a.GetParentJsonpathAttribute(), ",") @@ -416,16 +374,11 @@ func (a *Any) PrepareAndValidate(stringsAndlists PredefinedStringsAndLists) (boo for _, j := range a.GetParentJsonpathAttributeArray() { preparedJsonpath, err := prepareJsonpathQuery(j) if err != nil { - return false, err + return err } a.PreparedJsonpathQuery = append(a.PreparedJsonpathQuery, preparedJsonpath) } - - if len(a.ReturnValueJsonpath) > 0 { - returnValuesInNode = true - } - a.ReturnValueInNode = returnValuesInNode - return returnValuesInNode, nil + return nil } func prepareJsonpathQuery(query string) (jsonpath.FilterFunc, error) { @@ -499,9 +452,9 @@ func (a *Any) GetPreparedJsonpathQuery() []jsonpath.FilterFunc { return a.PreparedJsonpathQuery } -// -------------------------------------- +//-------------------------------------- // All Node -// -------------------------------------- +//-------------------------------------- type All struct { ParentJsonpathAttribute string ParentJsonpathAttributeArray []string @@ -512,7 +465,6 @@ type All struct { ReturnValuePreparedJsonpathQueryRelativeFlag map[string]bool Node Node `yaml:"condition,omitempty" json:"condition,omitempty" bson:"condition,omitempty" structs:"condition,omitempty"` PreparedJsonpathQuery []jsonpath.FilterFunc `yaml:"-,omitempty" json:"-,omitempty"` - ReturnValueInNode bool `yaml:"-" json:"-" bson:"-" structs:"-"` } func (a *All) MarshalJSON() ([]byte, error) { @@ -542,65 +494,64 @@ func (a *All) MarshalJSON() ([]byte, error) { return []byte(str), nil } -func (a *All) Eval(message *MessageAttributes, returnValues *map[string][]interface{}) bool { +func (a *All) Eval(message *MessageAttributes) (bool, []map[string]interface{}) { if message.RequestRawInterface != nil && a.PreparedJsonpathQuery != nil { - return evalAllRawInterface(a, message, returnValues) + return evalAllRawInterface(a, message) } else { - return evalAllRawBytes(a, message, returnValues) + return evalAllRawBytes(a, message) } } -func evalAllRawInterface(a *All, message *MessageAttributes, returnValues *map[string][]interface{}) bool { +func evalAllRawInterface(a *All, message *MessageAttributes) (bool, []map[string]interface{}) { rawArrayData, err := getArrayOfInterfaces(a, message) if err != nil { - return false + return false, []map[string]interface{}{} } originalRequestRawInterfaceRelative := message.RequestRawInterfaceRelative for _, val := range rawArrayData { message.RequestRawInterfaceRelative = &val - flag := a.Node.Eval(message, returnValues) + flag, _ := a.Node.Eval(message) if !flag { message.RequestRawInterfaceRelative = originalRequestRawInterfaceRelative - return false + return false, []map[string]interface{}{} } } message.RequestRawInterfaceRelative = originalRequestRawInterfaceRelative - return true + return true, []map[string]interface{}{} } -func evalAllRawBytes(a *All, message *MessageAttributes, returnValues *map[string][]interface{}) bool { +func evalAllRawBytes(a *All, message *MessageAttributes) (bool, []map[string]interface{}) { rawArrayData, err := getArrayOfJsons(a, message) if err != nil { - return false + return false, []map[string]interface{}{} } originalRequestJsonRawRelative := message.RequestJsonRawRelative for _, val := range rawArrayData { message.RequestJsonRawRelative = &val - flag := a.Node.Eval(message, returnValues) + flag, _ := a.Node.Eval(message) if !flag { message.RequestJsonRawRelative = originalRequestJsonRawRelative - return false + return false, []map[string]interface{}{} } } message.RequestJsonRawRelative = originalRequestJsonRawRelative - return true + return true, []map[string]interface{}{} } func (a *All) Append(node Node) { a.Node = node } -func (a *All) PrepareAndValidate(stringsAndlists PredefinedStringsAndLists) (bool, error) { - - returnValuesInNode, err := a.Node.PrepareAndValidate(stringsAndlists) +func (a *All) PrepareAndValidate(stringsAndlists PredefinedStringsAndLists) error { + err := a.Node.PrepareAndValidate(stringsAndlists) if err != nil { - return false, err + return err } a.ParentJsonpathAttributeArray = strings.Split(a.GetParentJsonpathAttribute(), ",") @@ -608,17 +559,12 @@ func (a *All) PrepareAndValidate(stringsAndlists PredefinedStringsAndLists) (boo for _, j := range a.GetParentJsonpathAttributeArray() { preparedJsonpath, err := prepareJsonpathQuery(j) if err != nil { - return false, err + return err } a.PreparedJsonpathQuery = append(a.PreparedJsonpathQuery, preparedJsonpath) } - if len(a.ReturnValueJsonpath) > 0 { - returnValuesInNode = true - } - a.ReturnValueInNode = returnValuesInNode - - return returnValuesInNode, nil + return nil } func (a *All) String() string { @@ -676,18 +622,18 @@ func (a *All) GetPreparedJsonpathQuery() []jsonpath.FilterFunc { return a.PreparedJsonpathQuery } -// -------------------------------------- +//-------------------------------------- // True Node (used in unit tests) -// -------------------------------------- +//-------------------------------------- type True struct{} -func (t True) Eval(message *MessageAttributes, _ *map[string][]interface{}) bool { - return true +func (t True) Eval(message *MessageAttributes) (bool, []map[string]interface{}) { + return true, []map[string]interface{}{} } func (t True) Append(node Node) { } -func (t True) PrepareAndValidate(stringsAndlists PredefinedStringsAndLists) (bool, error) { - return false, nil +func (t True) PrepareAndValidate(stringsAndlists PredefinedStringsAndLists) error { + return nil } func (t True) String() string { return "true" @@ -696,18 +642,18 @@ func (t True) ToMongoQuery(base, str string, inArrayCounter int) (bson.M, []bson return bson.M{}, []bson.M{}, fmt.Errorf("not supported") } -// -------------------------------------- +//-------------------------------------- // False Node (used in unit tests) -// -------------------------------------- +//-------------------------------------- type False struct{} -func (f False) Eval(message *MessageAttributes, _ *map[string][]interface{}) bool { - return false +func (f False) Eval(message *MessageAttributes) (bool, []map[string]interface{}) { + return false, []map[string]interface{}{} } func (f False) Append(node Node) { } -func (f False) PrepareAndValidate(stringsAndlists PredefinedStringsAndLists) (bool, error) { - return false, nil +func (f False) PrepareAndValidate(stringsAndlists PredefinedStringsAndLists) error { + return nil } func (f False) String() string { return "false" @@ -716,58 +662,50 @@ func (f False) ToMongoQuery(base, str string, inArrayCounter int) (bson.M, []bso return bson.M{}, []bson.M{}, fmt.Errorf("not supported") } -// -------------------------------------- +//-------------------------------------- // Basic Condition Node -// -------------------------------------- -func (c *Condition) Eval(message *MessageAttributes, returnValues *map[string][]interface{}) bool { - return testOneCondition(c, message, returnValues) +//-------------------------------------- +func (c *Condition) Eval(message *MessageAttributes) (bool, []map[string]interface{}) { + return testOneCondition(c, message) } func (c *Condition) Append(node Node) { } -func (c *Condition) PrepareAndValidate(stringsAndlists PredefinedStringsAndLists) (bool, error) { +func (c *Condition) PrepareAndValidate(stringsAndlists PredefinedStringsAndLists) error { err := ReplaceStringsAndListsInCondition(c, stringsAndlists) if err != nil { - return false, err + return err + } + valid, err := ValidateOneCondition(c) + if err != nil { + return err + } + if !valid { + return fmt.Errorf("error in validating condition [%+v]", c) } - if true { - valid, err := ValidateOneCondition(c) - if err != nil { - return false, err - } - if !valid { - return false, fmt.Errorf("error in validating condition [%+v]", c) - } + err = ConvertConditionStringToIntFloatRegex(c) + if err != nil { + return err + } - err = ConvertConditionStringToIntFloatRegex(c) + if c.AttributeIsJsonpath { + preparedJsonpath, err := prepareJsonpathQuery(c.AttributeJsonpathQuery) if err != nil { - return false, err - } - - if c.AttributeIsJsonpath { - preparedJsonpath, err := prepareJsonpathQuery(c.AttributeJsonpathQuery) - if err != nil { - return false, err - } - c.PreparedJsonpathQuery = preparedJsonpath + return err } + c.PreparedJsonpathQuery = preparedJsonpath } - returnValuesInNode := false - if len(c.ReturnValueJsonpath) > 0 { - returnValuesInNode = true - } - - return returnValuesInNode, nil + return nil } -// -------------------------------------- +//-------------------------------------- // parsing utilities -// -------------------------------------- +//-------------------------------------- func ParseConditionsTree(c interface{}) (Node, error) { - conditionsTree, err := InterpretNode(c, "", false) + conditionsTree, err := InterpretNode(c, "") if err != nil { return nil, err } @@ -775,15 +713,15 @@ func ParseConditionsTree(c interface{}) (Node, error) { return conditionsTree, nil } -func InterpretNode(node interface{}, parentString string, isWithinAnyAll bool) (Node, error) { +func InterpretNode(node interface{}, parentString string) (Node, error) { switch v := node.(type) { case map[string]interface{}: - return handleMapStringInterface(v, parentString, isWithinAnyAll) + return handleMapStringInterface(v, parentString) case map[interface{}]interface{}: - return handleMapInterfaceInterface(v, parentString, isWithinAnyAll) + return handleMapInterfaceInterface(v, parentString) case []interface{}: // array of nodes if parentString == "" { @@ -791,9 +729,9 @@ func InterpretNode(node interface{}, parentString string, isWithinAnyAll bool) ( return nil, fmt.Errorf("node type not supported. possible error: array of conditions without AND,OR (etc) parent") //return nil, fmt.Errorf("can't parse conditions %+v", v) } - return InterpretNode(v[0], "", isWithinAnyAll) // recursion + return InterpretNode(v[0], "") // recursion } else { - return handleInterfaceArray(node, parentString, isWithinAnyAll) + return handleInterfaceArray(node, parentString) } default: @@ -802,18 +740,18 @@ func InterpretNode(node interface{}, parentString string, isWithinAnyAll bool) ( return nil, errors.New("can't parse conditions") } -func handleMapInterfaceInterface(v map[interface{}]interface{}, parentString string, isWithinAnyAll bool) (Node, error) { +func handleMapInterfaceInterface(v map[interface{}]interface{}, parentString string) (Node, error) { v2 := mapInterfaceToMapString(v) - return handleMapStringInterface(v2, parentString, isWithinAnyAll) + return handleMapStringInterface(v2, parentString) } -func handleMapStringInterface(v2 map[string]interface{}, parentString string, isWithinAnyAll bool) (Node, error) { +func handleMapStringInterface(v2 map[string]interface{}, parentString string) (Node, error) { // test if this is a condition: if isConditionNode(v2) { - nodeOut, err := getNodeCondition(v2, parentString, isWithinAnyAll) + nodeOut, err := getNodeCondition(v2, parentString) if err != nil { return nil, err } else { @@ -828,14 +766,14 @@ func handleMapStringInterface(v2 map[string]interface{}, parentString string, is anyAllNode, err := getAnyAllNode(v2, parentString) return anyAllNode, err case "NOT": - notNode, err := getNotNode(v2, parentString, isWithinAnyAll) + notNode, err := getNotNode(v2, parentString) return notNode, err case "OR", "AND", "", "condition", "conditions", "conditionsTree": val, nodeType, err := getNodeValType(v2, parentString) if err != nil { return nil, err } - node, err := InterpretNode(val, nodeType, isWithinAnyAll) // recursion! + node, err := InterpretNode(val, nodeType) // recursion! if err != nil { return nil, err } @@ -846,12 +784,10 @@ func handleMapStringInterface(v2 map[string]interface{}, parentString string, is return nil, fmt.Errorf("can't interpret map[interface{}]interface{}") } -func getNodeCondition(v map[string]interface{}, parentString string, isWithinAnyAll bool) (Node, error) { +func getNodeCondition(v map[string]interface{}, parentString string) (Node, error) { + + cond := ReadCondition(v) - cond, err := ReadCondition(v, isWithinAnyAll) - if err != nil { - return nil, err - } c, err := prepareOneConditionNode(cond) // add regexes etc... and validate the condition if err != nil { return nil, err @@ -922,11 +858,10 @@ func getAnyAllNode(v2 map[string]interface{}, parentString string) (Node, error) } else { return nil, fmt.Errorf("invalid returnValueJsonpath [%v] [should start with jsonpath:$RELATIVE]", returnValueJsonpath[k]) } + anyAllNode.SetReturnValueJsonpath(returnValueJsonpathMap) } - anyAllNode.SetReturnValueJsonpath(returnValueJsonpathMap) - default: - node, err := InterpretNode(val, key, true) // recursion! + node, err := InterpretNode(val, key) // recursion! if err != nil { return nil, err } @@ -948,7 +883,7 @@ func isValidNotNode(v map[string]interface{}) error { return nil } -func getNotNode(v2 map[string]interface{}, parentString string, isWithinAnyAll bool) (Node, error) { +func getNotNode(v2 map[string]interface{}, parentString string) (Node, error) { err := isValidNotNode(v2) if err != nil { return nil, err @@ -958,7 +893,7 @@ func getNotNode(v2 map[string]interface{}, parentString string, isWithinAnyAll b return nil, err } notNode := &Not{} - nodeInner, err := InterpretNode(val, nodeType, isWithinAnyAll) // recursion! + nodeInner, err := InterpretNode(val, nodeType) // recursion! if err != nil { return nil, err } @@ -1011,7 +946,7 @@ func prepareOneConditionNode(cond ConditionNode) (Node, error) { return &c, nil } -func handleInterfaceArray(node interface{}, parentString string, isWithinAnyAll bool) (Node, error) { +func handleInterfaceArray(node interface{}, parentString string) (Node, error) { v2 := node.([]interface{}) nodes, err := getNodeByParentString(parentString) @@ -1019,7 +954,7 @@ func handleInterfaceArray(node interface{}, parentString string, isWithinAnyAll return nil, err } for _, subNode := range v2 { - subNode2, err := InterpretNode(subNode, "", isWithinAnyAll) // recursion! + subNode2, err := InterpretNode(subNode, "") // recursion! if err != nil { return nil, fmt.Errorf("can't parse subNode [%+v]: %v", subNode, err) } diff --git a/MAPL_engine/conditions_tree_test.go b/MAPL_engine/conditions_tree_test.go index 1e290ea..5d2acde 100644 --- a/MAPL_engine/conditions_tree_test.go +++ b/MAPL_engine/conditions_tree_test.go @@ -40,27 +40,26 @@ func TestConditionsTree(t *testing.T) { // so we take one from V2. rules, err := YamlReadRulesFromFile("../files/rules/basic_rules/rules_basic_v1v2.yaml") So(err, ShouldEqual, nil) - condition := rules.Rules[0].Conditions.ConditionsTree + condition:=rules.Rules[0].Conditions.ConditionsTree + messages, err := YamlReadMessagesFromFile("../files/messages/main_fields/messages_basic_sender_name.yaml") So(err, ShouldEqual, nil) message := messages.Messages[0] - returnValues := make(map[string][]interface{}) - - t1 := And{[]Node{True{}, True{}}, false} - t1Eval := t1.Eval(&message, &returnValues) // returns true + t1 := And{[]Node{True{}, True{}}} + t1Eval, _ := t1.Eval(&message) // returns true So(t1Eval, ShouldEqual, true) - t2 := Or{[]Node{False{}, True{}}, false} - t2Eval := t2.Eval(&message, &returnValues) // returns true + t2 := Or{[]Node{False{}, True{}}} + t2Eval, _ := t2.Eval(&message) // returns true So(t2Eval, ShouldEqual, true) - node1 := And{[]Node{True{}, True{}, True{}}, false} - node2 := Or{[]Node{False{}, True{}, &node1}, false} - node3 := And{[]Node{condition}, false} - node := And{[]Node{&node1, &node2, True{}, &node3}, false} - nodeEval := node.Eval(&message, &returnValues) // returns true + node1 := And{[]Node{True{}, True{}, True{}}} + node2 := Or{[]Node{False{}, True{}, &node1}} + node3 := And{[]Node{condition}} + node := And{[]Node{&node1, &node2, True{}, &node3}} + nodeEval, _ := node.Eval(&message) // returns true So(nodeEval, ShouldEqual, true) }) @@ -100,6 +99,8 @@ func TestConditionsTree2(t *testing.T) { condString = "((( && ) || ) && ( && ))" So(rules.Rules[0].Conditions.ConditionsTree.String(), ShouldEqual, condString) + + rules, err = YamlReadRulesFromFile("../files/rules/basic_rules/invalid_rules_basic_v2c.yaml") errStr := fmt.Sprintf("%v", err) So(errStr, ShouldEqual, "node type not supported. possible error: array of conditions without AND,OR (etc) parent") @@ -170,11 +171,11 @@ func TestConditionsTree3(t *testing.T) { Convey("tests", t, func() { rules, err := YamlReadRulesFromFile("../files/rules/with_return_value/rules_with_condition_keyword_and_return_value.yaml") - So(rules.Rules[0].Conditions.ConditionsTree, ShouldNotEqual, nil) + So(rules.Rules[0].Conditions.ConditionsTree,ShouldNotEqual,nil) So(err, ShouldEqual, nil) rules, err = YamlReadRulesFromFile("../files/rules/condition_keyword/rules_with_condition_keyword.yaml") - So(rules.Rules[0].Conditions.ConditionsTree, ShouldNotEqual, nil) + So(rules.Rules[0].Conditions.ConditionsTree,ShouldNotEqual,nil) So(err, ShouldEqual, nil) rules, err = YamlReadRulesFromFile("../files/rules/condition_keyword/rules_with_condition_keyword2.yaml") So(err, ShouldEqual, nil) @@ -185,25 +186,28 @@ func TestConditionsTree3(t *testing.T) { //------------------ - hash5 := compareJsonAndYamlHash("../files/rules/condition_keyword/rules_with_condition_keyword5.yaml") - hash5b := compareJsonAndYamlHash("../files/rules/condition_keyword/rules_with_condition_keyword5b.yaml") - hash5c := compareJsonAndYamlHash("../files/rules/condition_keyword/rules_with_condition_keyword5c.yaml") - hash5d := compareJsonAndYamlHash("../files/rules/condition_keyword/rules_with_condition_keyword5d.yaml") + hash5:=compareJsonAndYamlHash("../files/rules/condition_keyword/rules_with_condition_keyword5.yaml") + hash5b:=compareJsonAndYamlHash("../files/rules/condition_keyword/rules_with_condition_keyword5b.yaml") + hash5c:=compareJsonAndYamlHash("../files/rules/condition_keyword/rules_with_condition_keyword5c.yaml") + hash5d:=compareJsonAndYamlHash("../files/rules/condition_keyword/rules_with_condition_keyword5d.yaml") + + So(hash5,ShouldEqual,hash5b) + So(hash5,ShouldEqual,hash5c) + So(hash5,ShouldEqual,hash5d) + +//------- + - So(hash5, ShouldEqual, hash5b) - So(hash5, ShouldEqual, hash5c) - So(hash5, ShouldEqual, hash5d) + hash6:=compareJsonAndYamlHash("../files/rules/condition_keyword/rules_with_condition_keyword6.yaml") + hash6b:=compareJsonAndYamlHash("../files/rules/condition_keyword/rules_with_condition_keyword6b.yaml") + hash6c:=compareJsonAndYamlHash("../files/rules/condition_keyword/rules_with_condition_keyword6c.yaml") + hash6d:=compareJsonAndYamlHash("../files/rules/condition_keyword/rules_with_condition_keyword6d.yaml") - //------- - hash6 := compareJsonAndYamlHash("../files/rules/condition_keyword/rules_with_condition_keyword6.yaml") - hash6b := compareJsonAndYamlHash("../files/rules/condition_keyword/rules_with_condition_keyword6b.yaml") - hash6c := compareJsonAndYamlHash("../files/rules/condition_keyword/rules_with_condition_keyword6c.yaml") - hash6d := compareJsonAndYamlHash("../files/rules/condition_keyword/rules_with_condition_keyword6d.yaml") + So(hash6,ShouldEqual,hash6b) + So(hash6,ShouldEqual,hash6c) + So(hash6,ShouldEqual,hash6d) - So(hash6, ShouldEqual, hash6b) - So(hash6, ShouldEqual, hash6c) - So(hash6, ShouldEqual, hash6d) rules, err = YamlReadRulesFromFile("../files/rules/condition_keyword/invalid_rules_with_condition_keyword.yaml") So(err, ShouldNotEqual, nil) @@ -211,7 +215,7 @@ func TestConditionsTree3(t *testing.T) { }) } -func compareJsonAndYamlHash(filename string) string { +func compareJsonAndYamlHash(filename string)(string) { rules, err := YamlReadRulesFromFile(filename) So(err, ShouldEqual, nil) hash1 := RuleMD5Hash(rules.Rules[0]) diff --git a/MAPL_engine/definitions_rule.go b/MAPL_engine/definitions_rule.go index e1d0493..b433801 100644 --- a/MAPL_engine/definitions_rule.go +++ b/MAPL_engine/definitions_rule.go @@ -147,11 +147,11 @@ func ConditionFromConditionNode(c ConditionNode) Condition { if strings.HasPrefix(c.ReturnValueJsonpath[k], "jsonpath:$RELATIVE") { relativeFlag = true } - v = strings.Replace(v, "jsonpath:$RELATIVE", "$", 1) - v = strings.Replace(v, "jsonpath:$", "$", 1) - c_out.ReturnValueJsonpath[k] = v + c_out.ReturnValueJsonpath[k] = strings.Replace(v, "jsonpath:$RELATIVE", "$", 1) + c_out.ReturnValueJsonpath[k] = strings.Replace(v, "jsonpath:$", "$", 1) - p, err := jsonpath.Prepare(v) + tempAtt := c_out.ReturnValueJsonpath[k] + p, err := jsonpath.Prepare(tempAtt) if err != nil { c_out.PreparedReturnValueJsonpathQuery[k] = nil } else { @@ -164,7 +164,7 @@ func ConditionFromConditionNode(c ConditionNode) Condition { } -func ReadCondition(v map[string]interface{}, isWithinAnyAll bool) (ConditionNode, error) { +func ReadCondition(v map[string]interface{}) ConditionNode { c := ConditionNode{} for k, val := range v { @@ -184,27 +184,17 @@ func ReadCondition(v map[string]interface{}, isWithinAnyAll bool) (ConditionNode case map[string]interface{}: val2 := val.(map[string]interface{}) for kk, vv := range val2 { - vString := vv.(string) - if !isWithinAnyAll || strings.HasPrefix(vString, "jsonpath:$RELATIVE") { - c.ReturnValueJsonpath[kk] = vString - } else { - return ConditionNode{}, fmt.Errorf("invalid returnValueJsonpath [%v] [should start with jsonpath:$RELATIVE]", vString) - } + c.ReturnValueJsonpath[kk] = vv.(string) } case map[interface{}]interface{}: val2 := val.(map[interface{}]interface{}) for kk, vv := range val2 { - vString := vv.(string) - if !isWithinAnyAll || strings.HasPrefix(vString, "jsonpath:$RELATIVE") { - c.ReturnValueJsonpath[kk.(string)] = vString - } else { - return ConditionNode{}, fmt.Errorf("invalid returnValueJsonpath [%v] [should start with jsonpath:$RELATIVE]", vString) - } + c.ReturnValueJsonpath[kk.(string)] = vv.(string) } } } } - return c, nil + return c } func getKeys(v map[string]interface{}) []string { diff --git a/MAPL_engine/rules_load.go b/MAPL_engine/rules_load.go index f836893..c92017f 100644 --- a/MAPL_engine/rules_load.go +++ b/MAPL_engine/rules_load.go @@ -217,7 +217,7 @@ func PrepareOneRuleWithPredefinedStrings(rule *Rule, stringsAndLists PredefinedS // also do some validation on fields other than the conditions if rule.Conditions.ConditionsTree != nil { - _, err := rule.Conditions.ConditionsTree.PrepareAndValidate(stringsAndLists) + err := rule.Conditions.ConditionsTree.PrepareAndValidate(stringsAndLists) if err != nil { return err } @@ -561,7 +561,7 @@ func ValidateRule(rule *Rule) error { } if rule2.Conditions.ConditionsTree != nil { - _, err = rule2.Conditions.ConditionsTree.PrepareAndValidate(PredefinedStringsAndLists{}) + err = rule2.Conditions.ConditionsTree.PrepareAndValidate(PredefinedStringsAndLists{}) if err != nil { return err } diff --git a/MAPL_engine/unmarshal_test.go b/MAPL_engine/unmarshal_test.go index c0b91f9..c9aad3d 100644 --- a/MAPL_engine/unmarshal_test.go +++ b/MAPL_engine/unmarshal_test.go @@ -41,7 +41,7 @@ func TestJsonUnmarhshal(t *testing.T) { reporting.QuietMode() Convey("tests", t, func() { - testUnmarshalForOneFile("../files/rules/with_jsonpath_conditions_ALL_ANY/rules_with_jsonpath_conditions_LT_and_LT_spec_containers_ANY3.yaml") + testUnmarshalForOneFile("../files/rules/with_return_value/rules_with_condition_keyword_and_return_value.yaml") testUnmarshalForOneFile("../files/rules/with_jsonpath_conditions_ALL_ANY/rules_with_jsonpath_conditions_LT_and_LT_spec_containers_ANY2.yaml") testUnmarshalForOneFile("../files/rules/with_conditions/rules_with_conditions.yaml") @@ -86,8 +86,7 @@ func TestJsonUnmarhshal(t *testing.T) { //----------------------- var rule Rule - //maplRuleJson := `{"ruleID":"0","sender":{"senderList":[{"Regexp":{},"CIDR":{"IP":"","Mask":null}}]},"receiver":{"receiverList":[{"Regexp":{},"CIDR":{"IP":"","Mask":null}}]},"resource":{"-":{}},"conditions":{"conditionsTree":{"AND":[{"ANY":{"parentJsonpathAttribute":"jsonpath:$.spec.containers[:]","condition":{"condition":{"attribute":"jsonpath:$RELATIVE.securityContext.runAsUser","method":"EQ","value":"0"}}}},{"condition":{"attribute":"jsonpath:$.kind","method":"RE","value":"^Pod$"}}]}},"metadata":{"name":"runAsUser0"},"hash":"3d171b3db8380b7dc96dec48fc8f82fa","o":{},"-":true}` - maplRuleJson := `{"ruleID":"0","conditions":{"conditionsTree":{"AND":[{"ANY":{"parentJsonpathAttribute":"jsonpath:$.spec.containers[:]","condition":{"condition":{"attribute":"jsonpath:$RELATIVE.securityContext.runAsUser","method":"EQ","value":"0"}}}},{"condition":{"attribute":"jsonpath:$.kind","method":"RE","value":"^Pod$"}}]}},"metadata":{"name":"runAsUser0"},"hash":"3d171b3db8380b7dc96dec48fc8f82fa","o":{},"-":true}` + maplRuleJson := `{"ruleID":"0","sender":{"senderList":[{"Regexp":{},"CIDR":{"IP":"","Mask":null}}]},"receiver":{"receiverList":[{"Regexp":{},"CIDR":{"IP":"","Mask":null}}]},"resource":{"-":{}},"conditions":{"conditionsTree":{"AND":[{"ANY":{"parentJsonpathAttribute":"jsonpath:$.spec.containers[:]","condition":{"condition":{"attribute":"jsonpath:$RELATIVE.securityContext.runAsUser","method":"EQ","value":"0"}}}},{"condition":{"attribute":"jsonpath:$.kind","method":"RE","value":"^Pod$"}}]}},"metadata":{"name":"runAsUser0"},"hash":"3d171b3db8380b7dc96dec48fc8f82fa","o":{},"-":true}` x := []byte(maplRuleJson) err = json.Unmarshal(x, &rule) So(err, ShouldEqual, nil) @@ -153,7 +152,6 @@ func TestJsonUnmarhshalWithPredefinedStrings(t *testing.T) { testUnmarshalForOneFileWithPredefinedStrings("../files/rules/predefined_strings/rules_with_condition_translation_list.yaml", f) } - testUnmarshalForOneFileWithPredefinedStrings("../files/rules/predefined_strings/rules_with_condition_translation_foo.yaml", "../files/lists/predefined_list_allowed_labels.yaml") testUnmarshalForOneFileWithPredefinedStrings("../files/rules/predefined_strings/rules_with_condition_translation_foo2.yaml", "../files/lists/predefined_list_allowed_labels.yaml") testUnmarshalForOneFileWithPredefinedStrings("../files/rules/predefined_strings/rules_with_condition_translation_foo_list.yaml", "../files/lists/predefined_list_allowed_labels.yaml") diff --git a/files/messages/main_fields/messages_basic_sender_receiver_names.yaml b/files/messages/main_fields/messages_basic_sender_receiver_names.yaml deleted file mode 100644 index 54ce8af..0000000 --- a/files/messages/main_fields/messages_basic_sender_receiver_names.yaml +++ /dev/null @@ -1,57 +0,0 @@ -messages: - -- message_id: 0 - sender_service: A.my_namespace - sender_name: A-xxads-asdad - sender_namespace: my_namespace - receiver_service: B.my_namespace - receiver_name: B-uasdx-asdgs - receiver_namespace: my_namespace - request_protocol: HTTP - request_path: /book/123 - request_method: GET - request_size: 1024 - request_time: 2018-07-29T14:30:00-07:00 - request_user_agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36 - -- message_id: 1 - sender_service: C.my_namespace - sender_name: C - sender_namespace: my_namespace - receiver_service: B.my_namespace - receiver_name: B-uasdx-asdgs - receiver_namespace: my_namespace - request_protocol: http - request_path: /book/123 - request_method: GET - request_size: 1024 - request_time: 2018-07-29T14:30:00-07:00 - request_user_agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36 - -- message_id: 2 - sender_service: A.my_namespacex - sender_name: A-xxads-asdad - sender_namespace: my_namespacex - receiver_service: B.my_namespace - receiver_name: B-uasdx-asdgs - receiver_namespace: my_namespace - request_protocol: HTTP - request_path: /book/123 - request_method: GET - request_size: 1024 - request_time: 2018-07-29T14:30:00-07:00 - request_user_agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36 - -- message_id: 3 - sender_service: AA.my_namespace - sender_name: AA-oplxv-iioaq - sender_namespace: my_namespace - receiver_service: B.my_namespacex - receiver_name: B-uasdx-asdgs - receiver_namespace: my_namespace - request_protocol: HTTP - request_path: /book/123 - request_method: GET - request_size: 1024 - request_time: 2018-07-29T14:30:00-07:00 - request_user_agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36 \ No newline at end of file diff --git a/files/raw_json_data/basic_jsonpath/json_raw_data1_with_wildcard_in_field0.json b/files/raw_json_data/basic_jsonpath/json_raw_data1_with_wildcard_in_field0.json deleted file mode 100644 index b43b5c0..0000000 --- a/files/raw_json_data/basic_jsonpath/json_raw_data1_with_wildcard_in_field0.json +++ /dev/null @@ -1,109 +0,0 @@ -{ - "kind": "Deployment.*", - "apiVersion": "extensions/v1beta1", - "metadata": { - "name": "cart", - "namespace": "robot", - "uid": "f517e208-ce38-11e9-b19f-368d5550c416", - "resourceVersion": "167849", - "generation": 21, - "creationTimestamp": "2019-09-03T10:52:43Z", - "labels": { - "foo": "bar", - "io.kompose.service": "cart" - }, - "annotations": { - "deployment.kubernetes.io/revision": "19", - "kompose.cmd": "kompose -f ../docker-compose.yaml convert", - "kompose.version": "1.10.0 (8bb0907)", - "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"extensions/v1beta1\",\"kind\":\"Deployment\",\"metadata\":{\"annotations\":{\"kompose.cmd\":\"kompose -f ../docker-compose.yaml convert\",\"kompose.version\":\"1.10.0 (8bb0907)\"},\"creationTimestamp\":null,\"labels\":{\"io.kompose.service\":\"cart\"},\"name\":\"cart\",\"namespace\":\"robot\"},\"spec\":{\"replicas\":2,\"strategy\":{},\"template\":{\"metadata\":{\"creationTimestamp\":null,\"labels\":{\"io.kompose.service\":\"cart\"}},\"spec\":{\"containers\":[{\"env\":[{\"name\":\"INSTANA_AGENT_HOST\",\"valueFrom\":{\"fieldRef\":{\"fieldPath\":\"status.hostIP\"}}}],\"image\":\"robotshop/rs-cart:latest\",\"name\":\"cart\",\"ports\":[{\"containerPort\":8080}],\"resources\":{\"limits\":{\"cpu\":\"2000m\",\"memory\":\"1000Mi\"},\"requests\":{\"cpu\":\"1000m\",\"memory\":\"500Mi\"}}}],\"restartPolicy\":\"Always\"}}},\"status\":{}}\n" - } - }, - "spec": { - "replicas": 2, - "selector": { - "matchLabels": { - "io.kompose.service": "cart" - } - }, - "template": { - "metadata": { - "creationTimestamp": null, - "labels": { - "io.kompose.service": "cart" - } - }, - "spec": { - "containers": [ - { - "name": "cart", - "image": "robotshop/rs-cart:latest", - "ports": [ - { - "containerPort": 8080, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "INSTANA_AGENT_HOST", - "valueFrom": { - "fieldRef": { - "apiVersion": "v1", - "fieldPath": "status.hostIP" - } - } - } - ], - "resources": { - "limits": { - "cpu": "2", - "memory": "1000Mi" - }, - "requests": { - "cpu": "1", - "memory": "500Mi" - } - }, - "terminationMessagePath": "/dev/termination-log", - "terminationMessagePolicy": "File", - "imagePullPolicy": "Always" - } - ], - "restartPolicy": "Always", - "terminationGracePeriodSeconds": 30, - "dnsPolicy": "ClusterFirst", - "securityContext": { - "runAsUser": 0 - }, - "schedulerName": "default-scheduler" - } - }, - "strategy": { - "type": "RollingUpdate", - "rollingUpdate": { - "maxUnavailable": 1, - "maxSurge": 1 - } - }, - "revisionHistoryLimit": 2147483647, - "progressDeadlineSeconds": 2147483647 - }, - "status": { - "observedGeneration": 21, - "replicas": 2, - "updatedReplicas": 2, - "readyReplicas": 2, - "availableReplicas": 2, - "conditions": [ - { - "type": "Available", - "status": "True", - "lastUpdateTime": "2019-09-03T10:52:55Z", - "lastTransitionTime": "2019-09-03T10:52:55Z", - "reason": "MinimumReplicasAvailable", - "message": "Deployment has minimum availability." - } - ] - } -} \ No newline at end of file diff --git a/files/raw_json_data/basic_jsonpath/json_raw_data1_with_wildcard_in_field1.json b/files/raw_json_data/basic_jsonpath/json_raw_data1_with_wildcard_in_field1.json deleted file mode 100644 index 2ad87b5..0000000 --- a/files/raw_json_data/basic_jsonpath/json_raw_data1_with_wildcard_in_field1.json +++ /dev/null @@ -1,109 +0,0 @@ -{ - "kind": "Deployment*", - "apiVersion": "extensions/v1beta1", - "metadata": { - "name": "cart", - "namespace": "robot", - "uid": "f517e208-ce38-11e9-b19f-368d5550c416", - "resourceVersion": "167849", - "generation": 21, - "creationTimestamp": "2019-09-03T10:52:43Z", - "labels": { - "foo": "bar", - "io.kompose.service": "cart" - }, - "annotations": { - "deployment.kubernetes.io/revision": "19", - "kompose.cmd": "kompose -f ../docker-compose.yaml convert", - "kompose.version": "1.10.0 (8bb0907)", - "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"extensions/v1beta1\",\"kind\":\"Deployment\",\"metadata\":{\"annotations\":{\"kompose.cmd\":\"kompose -f ../docker-compose.yaml convert\",\"kompose.version\":\"1.10.0 (8bb0907)\"},\"creationTimestamp\":null,\"labels\":{\"io.kompose.service\":\"cart\"},\"name\":\"cart\",\"namespace\":\"robot\"},\"spec\":{\"replicas\":2,\"strategy\":{},\"template\":{\"metadata\":{\"creationTimestamp\":null,\"labels\":{\"io.kompose.service\":\"cart\"}},\"spec\":{\"containers\":[{\"env\":[{\"name\":\"INSTANA_AGENT_HOST\",\"valueFrom\":{\"fieldRef\":{\"fieldPath\":\"status.hostIP\"}}}],\"image\":\"robotshop/rs-cart:latest\",\"name\":\"cart\",\"ports\":[{\"containerPort\":8080}],\"resources\":{\"limits\":{\"cpu\":\"2000m\",\"memory\":\"1000Mi\"},\"requests\":{\"cpu\":\"1000m\",\"memory\":\"500Mi\"}}}],\"restartPolicy\":\"Always\"}}},\"status\":{}}\n" - } - }, - "spec": { - "replicas": 2, - "selector": { - "matchLabels": { - "io.kompose.service": "cart" - } - }, - "template": { - "metadata": { - "creationTimestamp": null, - "labels": { - "io.kompose.service": "cart" - } - }, - "spec": { - "containers": [ - { - "name": "cart", - "image": "robotshop/rs-cart:latest", - "ports": [ - { - "containerPort": 8080, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "INSTANA_AGENT_HOST", - "valueFrom": { - "fieldRef": { - "apiVersion": "v1", - "fieldPath": "status.hostIP" - } - } - } - ], - "resources": { - "limits": { - "cpu": "2", - "memory": "1000Mi" - }, - "requests": { - "cpu": "1", - "memory": "500Mi" - } - }, - "terminationMessagePath": "/dev/termination-log", - "terminationMessagePolicy": "File", - "imagePullPolicy": "Always" - } - ], - "restartPolicy": "Always", - "terminationGracePeriodSeconds": 30, - "dnsPolicy": "ClusterFirst", - "securityContext": { - "runAsUser": 0 - }, - "schedulerName": "default-scheduler" - } - }, - "strategy": { - "type": "RollingUpdate", - "rollingUpdate": { - "maxUnavailable": 1, - "maxSurge": 1 - } - }, - "revisionHistoryLimit": 2147483647, - "progressDeadlineSeconds": 2147483647 - }, - "status": { - "observedGeneration": 21, - "replicas": 2, - "updatedReplicas": 2, - "readyReplicas": 2, - "availableReplicas": 2, - "conditions": [ - { - "type": "Available", - "status": "True", - "lastUpdateTime": "2019-09-03T10:52:55Z", - "lastTransitionTime": "2019-09-03T10:52:55Z", - "reason": "MinimumReplicasAvailable", - "message": "Deployment has minimum availability." - } - ] - } -} \ No newline at end of file diff --git a/files/raw_json_data/basic_jsonpath/json_raw_data1_with_wildcard_in_field2.json b/files/raw_json_data/basic_jsonpath/json_raw_data1_with_wildcard_in_field2.json deleted file mode 100644 index 26d30d5..0000000 --- a/files/raw_json_data/basic_jsonpath/json_raw_data1_with_wildcard_in_field2.json +++ /dev/null @@ -1,109 +0,0 @@ -{ - "kind": "Deployment1", - "apiVersion": "extensions/v1beta1", - "metadata": { - "name": "cart", - "namespace": "robot", - "uid": "f517e208-ce38-11e9-b19f-368d5550c416", - "resourceVersion": "167849", - "generation": 21, - "creationTimestamp": "2019-09-03T10:52:43Z", - "labels": { - "foo": "bar", - "io.kompose.service": "cart" - }, - "annotations": { - "deployment.kubernetes.io/revision": "19", - "kompose.cmd": "kompose -f ../docker-compose.yaml convert", - "kompose.version": "1.10.0 (8bb0907)", - "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"extensions/v1beta1\",\"kind\":\"Deployment\",\"metadata\":{\"annotations\":{\"kompose.cmd\":\"kompose -f ../docker-compose.yaml convert\",\"kompose.version\":\"1.10.0 (8bb0907)\"},\"creationTimestamp\":null,\"labels\":{\"io.kompose.service\":\"cart\"},\"name\":\"cart\",\"namespace\":\"robot\"},\"spec\":{\"replicas\":2,\"strategy\":{},\"template\":{\"metadata\":{\"creationTimestamp\":null,\"labels\":{\"io.kompose.service\":\"cart\"}},\"spec\":{\"containers\":[{\"env\":[{\"name\":\"INSTANA_AGENT_HOST\",\"valueFrom\":{\"fieldRef\":{\"fieldPath\":\"status.hostIP\"}}}],\"image\":\"robotshop/rs-cart:latest\",\"name\":\"cart\",\"ports\":[{\"containerPort\":8080}],\"resources\":{\"limits\":{\"cpu\":\"2000m\",\"memory\":\"1000Mi\"},\"requests\":{\"cpu\":\"1000m\",\"memory\":\"500Mi\"}}}],\"restartPolicy\":\"Always\"}}},\"status\":{}}\n" - } - }, - "spec": { - "replicas": 2, - "selector": { - "matchLabels": { - "io.kompose.service": "cart" - } - }, - "template": { - "metadata": { - "creationTimestamp": null, - "labels": { - "io.kompose.service": "cart" - } - }, - "spec": { - "containers": [ - { - "name": "cart", - "image": "robotshop/rs-cart:latest", - "ports": [ - { - "containerPort": 8080, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "INSTANA_AGENT_HOST", - "valueFrom": { - "fieldRef": { - "apiVersion": "v1", - "fieldPath": "status.hostIP" - } - } - } - ], - "resources": { - "limits": { - "cpu": "2", - "memory": "1000Mi" - }, - "requests": { - "cpu": "1", - "memory": "500Mi" - } - }, - "terminationMessagePath": "/dev/termination-log", - "terminationMessagePolicy": "File", - "imagePullPolicy": "Always" - } - ], - "restartPolicy": "Always", - "terminationGracePeriodSeconds": 30, - "dnsPolicy": "ClusterFirst", - "securityContext": { - "runAsUser": 0 - }, - "schedulerName": "default-scheduler" - } - }, - "strategy": { - "type": "RollingUpdate", - "rollingUpdate": { - "maxUnavailable": 1, - "maxSurge": 1 - } - }, - "revisionHistoryLimit": 2147483647, - "progressDeadlineSeconds": 2147483647 - }, - "status": { - "observedGeneration": 21, - "replicas": 2, - "updatedReplicas": 2, - "readyReplicas": 2, - "availableReplicas": 2, - "conditions": [ - { - "type": "Available", - "status": "True", - "lastUpdateTime": "2019-09-03T10:52:55Z", - "lastTransitionTime": "2019-09-03T10:52:55Z", - "reason": "MinimumReplicasAvailable", - "message": "Deployment has minimum availability." - } - ] - } -} \ No newline at end of file diff --git a/files/raw_json_data/basic_jsonpath/json_raw_data1_with_wildcard_in_field3.json b/files/raw_json_data/basic_jsonpath/json_raw_data1_with_wildcard_in_field3.json deleted file mode 100644 index bcc6802..0000000 --- a/files/raw_json_data/basic_jsonpath/json_raw_data1_with_wildcard_in_field3.json +++ /dev/null @@ -1,109 +0,0 @@ -{ - "kind": "abc123.txt", - "apiVersion": "extensions/v1beta1", - "metadata": { - "name": "cart", - "namespace": "robot", - "uid": "f517e208-ce38-11e9-b19f-368d5550c416", - "resourceVersion": "167849", - "generation": 21, - "creationTimestamp": "2019-09-03T10:52:43Z", - "labels": { - "foo": "bar", - "io.kompose.service": "cart" - }, - "annotations": { - "deployment.kubernetes.io/revision": "19", - "kompose.cmd": "kompose -f ../docker-compose.yaml convert", - "kompose.version": "1.10.0 (8bb0907)", - "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"extensions/v1beta1\",\"kind\":\"Deployment\",\"metadata\":{\"annotations\":{\"kompose.cmd\":\"kompose -f ../docker-compose.yaml convert\",\"kompose.version\":\"1.10.0 (8bb0907)\"},\"creationTimestamp\":null,\"labels\":{\"io.kompose.service\":\"cart\"},\"name\":\"cart\",\"namespace\":\"robot\"},\"spec\":{\"replicas\":2,\"strategy\":{},\"template\":{\"metadata\":{\"creationTimestamp\":null,\"labels\":{\"io.kompose.service\":\"cart\"}},\"spec\":{\"containers\":[{\"env\":[{\"name\":\"INSTANA_AGENT_HOST\",\"valueFrom\":{\"fieldRef\":{\"fieldPath\":\"status.hostIP\"}}}],\"image\":\"robotshop/rs-cart:latest\",\"name\":\"cart\",\"ports\":[{\"containerPort\":8080}],\"resources\":{\"limits\":{\"cpu\":\"2000m\",\"memory\":\"1000Mi\"},\"requests\":{\"cpu\":\"1000m\",\"memory\":\"500Mi\"}}}],\"restartPolicy\":\"Always\"}}},\"status\":{}}\n" - } - }, - "spec": { - "replicas": 2, - "selector": { - "matchLabels": { - "io.kompose.service": "cart" - } - }, - "template": { - "metadata": { - "creationTimestamp": null, - "labels": { - "io.kompose.service": "cart" - } - }, - "spec": { - "containers": [ - { - "name": "cart", - "image": "robotshop/rs-cart:latest", - "ports": [ - { - "containerPort": 8080, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "INSTANA_AGENT_HOST", - "valueFrom": { - "fieldRef": { - "apiVersion": "v1", - "fieldPath": "status.hostIP" - } - } - } - ], - "resources": { - "limits": { - "cpu": "2", - "memory": "1000Mi" - }, - "requests": { - "cpu": "1", - "memory": "500Mi" - } - }, - "terminationMessagePath": "/dev/termination-log", - "terminationMessagePolicy": "File", - "imagePullPolicy": "Always" - } - ], - "restartPolicy": "Always", - "terminationGracePeriodSeconds": 30, - "dnsPolicy": "ClusterFirst", - "securityContext": { - "runAsUser": 0 - }, - "schedulerName": "default-scheduler" - } - }, - "strategy": { - "type": "RollingUpdate", - "rollingUpdate": { - "maxUnavailable": 1, - "maxSurge": 1 - } - }, - "revisionHistoryLimit": 2147483647, - "progressDeadlineSeconds": 2147483647 - }, - "status": { - "observedGeneration": 21, - "replicas": 2, - "updatedReplicas": 2, - "readyReplicas": 2, - "availableReplicas": 2, - "conditions": [ - { - "type": "Available", - "status": "True", - "lastUpdateTime": "2019-09-03T10:52:55Z", - "lastTransitionTime": "2019-09-03T10:52:55Z", - "reason": "MinimumReplicasAvailable", - "message": "Deployment has minimum availability." - } - ] - } -} \ No newline at end of file diff --git a/files/raw_json_data/debugging/json_raw_data_suspicious_behaviour1.json b/files/raw_json_data/debugging/json_raw_data_suspicious_behaviour1.json deleted file mode 100644 index 2d70ffd..0000000 --- a/files/raw_json_data/debugging/json_raw_data_suspicious_behaviour1.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "kind": "Pod", - "apiVersion": "core/v1", - "metadata": { - - "numUniqueAlertsInLast10Minutes": 75, - "numUniqueProcessAlertsInLast10Minutes": 100, - "numUniqueFileAlertsInLast10Minutes": 50, - "name": "docker-runner", - "namespace": "development", - "selfLink": "/api/v1/namespaces/development/pods/docker-runner", - "uid": "468f5528-8ea9-11ea-a6cb-52748450348a", - "resourceVersion": "12086", - "creationTimestamp": "2020-05-05T08:20:27Z", - "annotations": { - "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"v1\",\"kind\":\"Pod\",\"metadata\":{\"annotations\":{},\"name\":\"docker-runner\",\"namespace\":\"development\"},\"spec\":{\"containers\":[{\"args\":[\"while true; do sleep 86400; done\"],\"command\":[\"/bin/bash\",\"-c\"],\"image\":\"google/cloud-sdk:284.0.0\",\"imagePullPolicy\":\"Always\",\"name\":\"docker-runner\",\"volumeMounts\":[{\"mountPath\":\"/var/run/docker.sock\",\"name\":\"dockersock\"}]}],\"volumes\":[{\"hostPath\":{\"path\":\"/var/run/docker.sock\"},\"name\":\"dockersock\"}]}}\n", - "sidecar.octarinesec.com/status": "{\"version\":\"f31a0796e59b27007c0e0ceb7361a2de7355e13e0d6399ba9f7142734a19c5a8\",\"initContainers\":[\"idclient\",\"iptables-redirect\"],\"containers\":[\"proxy\"],\"volumes\":[\"idclient-files\",\"octarine-sockets\"],\"imagePullSecrets\":[\"docker-registry-secret\"],\"env\":[\"OCTARINE_ACCOUNT=demo\",\"OCTARINE_WORKLOAD_ARTIFACT=development:docker-runner\",\"OCTARINE_WORKLOAD_DOMAIN=demo:cloud\"]}" - } - } -} \ No newline at end of file diff --git a/files/rules/basic_rules/rules_basic_v2.yaml b/files/rules/basic_rules/rules_basic_v2.yaml index a085da9..dfbd207 100644 --- a/files/rules/basic_rules/rules_basic_v2.yaml +++ b/files/rules/basic_rules/rules_basic_v2.yaml @@ -13,4 +13,8 @@ rules: resourceName: "/*" operation: GET decision: allow + conditions: + attribute: jsonpath:$.kind + method: EQ + value: "Deployment" diff --git a/files/rules/basic_rules/rules_basic_v2_wildcards_sender_receiver.yaml b/files/rules/basic_rules/rules_basic_v2_wildcards_sender_receiver.yaml deleted file mode 100644 index 7d82d5e..0000000 --- a/files/rules/basic_rules/rules_basic_v2_wildcards_sender_receiver.yaml +++ /dev/null @@ -1,16 +0,0 @@ -rules: - - - rule_id: 0 - sender: - senderName: "*.my_namespace" - senderType: "workload" - receiver: - receiverName: "B.*" - receiverType: "*" - protocol: http - resource: - resourceType: path - resourceName: "/*" - operation: GET - decision: allow - diff --git a/files/rules/debugging/rule_suspicious_behaviour1.yaml b/files/rules/debugging/rule_suspicious_behaviour1.yaml deleted file mode 100644 index 38e3100..0000000 --- a/files/rules/debugging/rule_suspicious_behaviour1.yaml +++ /dev/null @@ -1,25 +0,0 @@ -rules: - - - rule_id: "suspicious behavior in last 10 minutes" - - metadata: - baseSeverity: 4 - description: "suspicious behavior in last 10 minutes" - conditions: - condition: - AND: - - attribute: jsonpath:$.metadata.numUniqueAlertsInLast10Minutes - method: GE - value: "4" - returnValueJsonpath: - numUniqueAlertsInLast10Minutes: "jsonpath:$.metadata.numUniqueAlertsInLast10Minutes" - - attribute: jsonpath:$.metadata.numUniqueProcessAlertsInLast10Minutes - method: GE - value: "1" - returnValueJsonpath: - numUniqueProcessAlertsInLast10Minutes: "jsonpath:$.metadata.numUniqueProcessAlertsInLast10Minutes" - - attribute: jsonpath:$.metadata.numUniqueFileAlertsInLast10Minutes - method: GE - value: "1" - returnValueJsonpath: - numUniqueFileAlertsInLast10Minutes: "jsonpath:$.metadata.numUniqueFileAlertsInLast10Minutes" diff --git a/files/rules/invalid_rules/with_variables/rules_with_variables_AND_with_error.yaml b/files/rules/invalid_rules/with_variables/rules_with_variables_AND_with_error.yaml deleted file mode 100644 index 99c8993..0000000 --- a/files/rules/invalid_rules/with_variables/rules_with_variables_AND_with_error.yaml +++ /dev/null @@ -1,25 +0,0 @@ -rules: - - - rule_id: 0 - sender: - senderName: "A.my_namespace" - senderType: "workload" - receiver: - receiverName: "B.my_namespace" - receiverType: "workload" - protocol: "*" - resource: - resourceType: path - resourceName: "/*" - operation: "*" - decision: allow - conditions: - AND: - - attribute: jsonpath:$.kind - method: EX - returnValueJsonpath: - returnedKind: jsonpath:$.kind - - attribute: jsonpath:$.kind - method: IN - value: "#variableMissing" - diff --git a/files/rules/with_jsonpath_conditions/rules_with_jsonpath_conditions_EQ_with_wildcard.yaml b/files/rules/with_jsonpath_conditions/rules_with_jsonpath_conditions_EQ_with_wildcard.yaml deleted file mode 100644 index 3a087da..0000000 --- a/files/rules/with_jsonpath_conditions/rules_with_jsonpath_conditions_EQ_with_wildcard.yaml +++ /dev/null @@ -1,20 +0,0 @@ -rules: - - - rule_id: 0 - sender: - senderName: "A.my_namespace" - senderType: "workload" - receiver: - receiverName: "B.my_namespace" - receiverType: "workload" - protocol: "*" - resource: - resourceType: "*" - resourceName: "*" - operation: "*" - conditions: - attribute: jsonpath:$.kind - method: EQ - value: "Deployment.*" - - decision: allow diff --git a/files/rules/with_jsonpath_conditions/rules_with_jsonpath_conditions_RE_with_wildcard.yaml b/files/rules/with_jsonpath_conditions/rules_with_jsonpath_conditions_RE_with_wildcard.yaml deleted file mode 100644 index 95233bf..0000000 --- a/files/rules/with_jsonpath_conditions/rules_with_jsonpath_conditions_RE_with_wildcard.yaml +++ /dev/null @@ -1,20 +0,0 @@ -rules: - - - rule_id: 0 - sender: - senderName: "A.my_namespace" - senderType: "workload" - receiver: - receiverName: "B.my_namespace" - receiverType: "workload" - protocol: "*" - resource: - resourceType: "*" - resourceName: "*" - operation: "*" - conditions: - attribute: jsonpath:$.kind - method: RE - value: "^Deployment.*$" - - decision: allow diff --git a/files/rules/with_jsonpath_conditions/rules_with_jsonpath_conditions_RE_with_wildcard_correct_regex.yaml b/files/rules/with_jsonpath_conditions/rules_with_jsonpath_conditions_RE_with_wildcard_correct_regex.yaml deleted file mode 100644 index bee2c6c..0000000 --- a/files/rules/with_jsonpath_conditions/rules_with_jsonpath_conditions_RE_with_wildcard_correct_regex.yaml +++ /dev/null @@ -1,20 +0,0 @@ -rules: - - - rule_id: 0 - sender: - senderName: "A.my_namespace" - senderType: "workload" - receiver: - receiverName: "B.my_namespace" - receiverType: "workload" - protocol: "*" - resource: - resourceType: "*" - resourceName: "*" - operation: "*" - conditions: - attribute: jsonpath:$.kind - method: RE - value: "abc.*.txt" - - decision: allow diff --git a/files/rules/with_jsonpath_conditions/rules_with_jsonpath_conditions_RE_with_wildcard_wrong_regex.yaml b/files/rules/with_jsonpath_conditions/rules_with_jsonpath_conditions_RE_with_wildcard_wrong_regex.yaml deleted file mode 100644 index b9572c0..0000000 --- a/files/rules/with_jsonpath_conditions/rules_with_jsonpath_conditions_RE_with_wildcard_wrong_regex.yaml +++ /dev/null @@ -1,20 +0,0 @@ -rules: - - - rule_id: 0 - sender: - senderName: "A.my_namespace" - senderType: "workload" - receiver: - receiverName: "B.my_namespace" - receiverType: "workload" - protocol: "*" - resource: - resourceType: "*" - resourceName: "*" - operation: "*" - conditions: - attribute: jsonpath:$.kind - method: RE - value: "abc*.txt" - - decision: allow diff --git a/files/rules/with_return_value/rules_with_jsonpath_EQ_on_array_with_return_value.yaml b/files/rules/with_return_value/rules_with_jsonpath_EQ_on_array_with_return_value.yaml index 024f465..f8a022f 100644 --- a/files/rules/with_return_value/rules_with_jsonpath_EQ_on_array_with_return_value.yaml +++ b/files/rules/with_return_value/rules_with_jsonpath_EQ_on_array_with_return_value.yaml @@ -15,13 +15,11 @@ rules: conditions: ANY: parentJsonpathAttribute: jsonpath:$.spec.containers[:] - returnValueJsonpath: - name1: "jsonpath:$RELATIVE.name" condition: attribute: jsonpath:$RELATIVE.securityContext.runAsUser method: EQ value: 0 returnValueJsonpath: - name2: "jsonpath:$RELATIVE.name" + kind: "jsonpath:$.kind" decision: block diff --git a/files/rules/with_return_value/rules_with_jsonpath_EQ_on_array_with_return_value2.yaml b/files/rules/with_return_value/rules_with_jsonpath_EQ_on_array_with_return_value2.yaml deleted file mode 100644 index a5fbf09..0000000 --- a/files/rules/with_return_value/rules_with_jsonpath_EQ_on_array_with_return_value2.yaml +++ /dev/null @@ -1,27 +0,0 @@ -rules: - - - rule_id: 0 - sender: - senderName: "A.my_namespace" - senderType: "workload" - receiver: - receiverName: "B.my_namespace" - receiverType: "workload" - protocol: "*" - resource: - resourceType: "*" - resourceName: "*" - operation: "*" - conditions: - ANY: - parentJsonpathAttribute: jsonpath:$.spec.containers[:] - returnValueJsonpath: - name: "jsonpath:$RELATIVE.name" - condition: - attribute: jsonpath:$RELATIVE.securityContext.runAsUser - method: EQ - value: 0 - returnValueJsonpath: - name: "jsonpath:$RELATIVE.name" - - decision: block diff --git a/files/rules/with_return_value/rules_with_jsonpath_EQ_on_array_with_return_value_in_sub_node.yaml b/files/rules/with_return_value/rules_with_jsonpath_EQ_on_array_with_return_value_in_sub_node.yaml deleted file mode 100644 index 0ad84ed..0000000 --- a/files/rules/with_return_value/rules_with_jsonpath_EQ_on_array_with_return_value_in_sub_node.yaml +++ /dev/null @@ -1,32 +0,0 @@ -rules: - - - rule_id: 0 - sender: - senderName: "A.my_namespace" - senderType: "workload" - receiver: - receiverName: "B.my_namespace" - receiverType: "workload" - protocol: "*" - resource: - resourceType: "*" - resourceName: "*" - operation: "*" - conditions: - ANY: - parentJsonpathAttribute: jsonpath:$.spec.containers[:] - condition: - AND: - - attribute: jsonpath:$RELATIVE.terminationMessagePolicy - method: EQ - value: "File" - returnValueJsonpath: - name1: "jsonpath:$RELATIVE.name" - - attribute: jsonpath:$RELATIVE.imagePullPolicy - method: EQ - value: "Always" - returnValueJsonpath: - name2: "jsonpath:$RELATIVE.name" - - - decision: block diff --git a/files/rules/with_return_value/rules_with_jsonpath_EQ_on_array_with_return_value_in_sub_node2.yaml b/files/rules/with_return_value/rules_with_jsonpath_EQ_on_array_with_return_value_in_sub_node2.yaml deleted file mode 100644 index 4d91b40..0000000 --- a/files/rules/with_return_value/rules_with_jsonpath_EQ_on_array_with_return_value_in_sub_node2.yaml +++ /dev/null @@ -1,36 +0,0 @@ -rules: - - - rule_id: 0 - sender: - senderName: "A.my_namespace" - senderType: "workload" - receiver: - receiverName: "B.my_namespace" - receiverType: "workload" - protocol: "*" - resource: - resourceType: "*" - resourceName: "*" - operation: "*" - conditions: - OR: - - attribute: jsonpath:$.kind - method: EQ - value: "Deployment" - - ANY: - parentJsonpathAttribute: jsonpath:$.spec.containers[:] - condition: - AND: - - attribute: jsonpath:$RELATIVE.terminationMessagePolicy - method: EQ - value: "File" - returnValueJsonpath: - name1: "jsonpath:$RELATIVE.name" - - attribute: jsonpath:$RELATIVE.imagePullPolicy - method: EQ - value: "Always" - returnValueJsonpath: - name2: "jsonpath:$RELATIVE.name" - - - decision: block diff --git a/tests/test_translate_rules.go_z b/tests/test_translate_rules.go similarity index 95% rename from tests/test_translate_rules.go_z rename to tests/test_translate_rules.go index c6600e2..95b374c 100644 --- a/tests/test_translate_rules.go_z +++ b/tests/test_translate_rules.go @@ -20,7 +20,7 @@ func main() { service_labels["serviceY"]=map[string]string{} rulesFilename := "examples/rules_for_testing_rule_translation.yaml" - rules,_:= MAPL_engine.YamlReadRulesFromFile(rulesFilename) + var rules= MAPL_engine.YamlReadRulesFromFile(rulesFilename) /*messagesFilename := "examples/messages_for_rule_translation.yaml" var messages = MAPL_engine.YamlReadMessagesFromFile(messagesFilename)