From 3863d0b2f9e328910270872a655e5b642a9fddd5 Mon Sep 17 00:00:00 2001
From: Anil Mahtani <929854+Anilm3@users.noreply.github.com>
Date: Wed, 11 Sep 2024 23:03:26 +0100
Subject: [PATCH] Reduce set of negated matchers

---
 src/parser/expression_parser.cpp | 29 ++++++++++++++++++++---------
 src/parser/matcher_parser.hpp    |  2 +-
 src/parser/scanner_parser.cpp    |  2 +-
 3 files changed, 22 insertions(+), 11 deletions(-)

diff --git a/src/parser/expression_parser.cpp b/src/parser/expression_parser.cpp
index b09e4d36..3bc4315b 100644
--- a/src/parser/expression_parser.cpp
+++ b/src/parser/expression_parser.cpp
@@ -20,6 +20,11 @@
 #include "exception.hpp"
 #include "expression.hpp"
 #include "log.hpp"
+#include "matcher/equals.hpp"
+#include "matcher/exact_match.hpp"
+#include "matcher/ip_match.hpp"
+#include "matcher/phrase_match.hpp"
+#include "matcher/regex_match.hpp"
 #include "parameter.hpp"
 #include "parser/common.hpp"
 #include "parser/matcher_parser.hpp"
@@ -144,22 +149,28 @@ std::shared_ptr<expression> parse_expression(const parameter::vector &conditions
         } else {
             auto raw_operator_name = operator_name;
             auto negated = operator_name.starts_with('!');
-            if (negated) {
-                operator_name = operator_name.substr(1);
-            }
-
-            auto [data_id, matcher] = parse_all_matchers(operator_name, params);
+            if (!negated) {
+                auto [data_id, matcher] = parse_any_matcher(operator_name, params);
 
-            if (!matcher && !data_id.empty()) {
-                data_ids_to_type.emplace(data_id, operator_name);
-            }
+                if (!matcher && !data_id.empty()) {
+                    data_ids_to_type.emplace(data_id, operator_name);
+                }
 
-            if (!negated) {
                 auto arguments = parse_arguments<scalar_condition>(
                     params, source, transformers, addresses, limits);
                 conditions.emplace_back(std::make_unique<scalar_condition>(
                     std::move(matcher), data_id, std::move(arguments), limits));
+
             } else {
+                operator_name = operator_name.substr(1);
+                auto [data_id, matcher] =
+                    parse_matcher<matcher::ip_match, matcher::exact_match, matcher::regex_match,
+                        matcher::phrase_match, matcher::equals<>>(operator_name, params);
+
+                if (!matcher && !data_id.empty()) {
+                    data_ids_to_type.emplace(data_id, operator_name);
+                }
+
                 auto arguments = parse_arguments<scalar_negated_condition>(
                     params, source, transformers, addresses, limits);
                 conditions.emplace_back(
diff --git a/src/parser/matcher_parser.hpp b/src/parser/matcher_parser.hpp
index 278ef03d..478bdde8 100644
--- a/src/parser/matcher_parser.hpp
+++ b/src/parser/matcher_parser.hpp
@@ -42,7 +42,7 @@ std::pair<std::string, std::unique_ptr<matcher::base>> parse_matcher(
     }
 }
 
-inline std::pair<std::string, std::unique_ptr<matcher::base>> parse_all_matchers(
+inline std::pair<std::string, std::unique_ptr<matcher::base>> parse_any_matcher(
     std::string_view name, const parameter::map &params)
 {
     return parse_matcher<
diff --git a/src/parser/scanner_parser.cpp b/src/parser/scanner_parser.cpp
index 22b2c4b0..6255b816 100644
--- a/src/parser/scanner_parser.cpp
+++ b/src/parser/scanner_parser.cpp
@@ -30,7 +30,7 @@ std::unique_ptr<matcher::base> parse_scanner_matcher(const parameter::map &root)
     auto matcher_name = at<std::string_view>(root, "operator");
     auto matcher_params = at<parameter::map>(root, "parameters");
 
-    auto [rule_data_id, matcher] = parse_all_matchers(matcher_name, matcher_params);
+    auto [rule_data_id, matcher] = parse_any_matcher(matcher_name, matcher_params);
     if (!rule_data_id.empty()) {
         throw ddwaf::parsing_error("dynamic data on scanner condition");
     }