Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Negated scalar condition for matchers #335

Merged
merged 29 commits into from
Oct 3, 2024
Merged

Negated scalar condition for matchers #335

merged 29 commits into from
Oct 3, 2024

Conversation

Anilm3
Copy link
Collaborator

@Anilm3 Anilm3 commented Aug 16, 2024
edited
Loading

This PR introduces the ability to negate certain operators, using the ! as a prefix. The set of operators supported are the following: !match_regex, !phrase_match, !exact_match, !ip_match and !equals. Negated operators work through the use of the scalar_negated_condition, which operates in a similar manner to the scalar_condition, however only producing a match if the exhaustive evaluation of the given address + key_path results in no match.

Negated operators have the following restrictions:

  • Matches can only be performed on available addresses, as the WAF has no information regarding whether an address will be provided later on, in a subsequent run.
  • Due to the above, only a single address can be specified as an input.
  • Some operators have been intentionally left without support, such as lower_than and greater_than, as their negated version can be an operator in and of itself, e.g. greater_equal and lower_equal.

Remaining work:

  • Fuzzer support: this will be done in a separate PR as the whole ruleset generation needs to be revamped in the fuzzer.

@codecov-commenter
Copy link

codecov-commenter commented Aug 16, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 89.54545% with 23 lines in your changes missing coverage. Please review.

Project coverage is 84.75%. Comparing base (749b4fd) to head (5db918a).

Files with missing lines Patch % Lines
src/parser/matcher_parser.cpp 89.13% 5 Missing and 5 partials ⚠️
src/condition/scalar_condition.hpp 64.28% 0 Missing and 5 partials ⚠️
src/condition/scalar_condition.cpp 91.11% 2 Missing and 2 partials ⚠️
src/parser/expression_parser.cpp 84.21% 1 Missing and 2 partials ⚠️
src/parser/matcher_parser.hpp 85.71% 0 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master     #335      +/-   ##
==========================================
+ Coverage   84.61%   84.75%   +0.14%     
==========================================
  Files         148      149       +1     
  Lines        7080     7152      +72     
  Branches     3271     3301      +30     
==========================================
+ Hits         5991     6062      +71     
+ Misses        411      409       -2     
- Partials      678      681       +3
Flag Coverage Δ
waf_test 84.75% <89.54%> (+0.14%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@pr-commenter
Copy link

pr-commenter bot commented Aug 16, 2024
edited
Loading

Benchmarks

Benchmark execution time: 2024-10-02 19:46:12

Comparing candidate commit 1416eae in PR branch anilm3/negated_scalar_condition with baseline commit 749b4fd in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 1 metrics, 0 unstable metrics.

@Anilm3 Anilm3 force-pushed the anilm3/negated_scalar_condition branch from 888d062 to 1fe02c2 Compare August 18, 2024 13:09
@Anilm3 Anilm3 force-pushed the anilm3/negated_scalar_condition branch from 6ee2834 to d37459d Compare August 21, 2024 16:16
@Anilm3 Anilm3 force-pushed the anilm3/negated_scalar_condition branch from 574fc85 to 2944e23 Compare September 13, 2024 15:59
@Anilm3 Anilm3 force-pushed the anilm3/negated_scalar_condition branch from 2944e23 to 42fc3fb Compare September 18, 2024 15:26
Base automatically changed from anilm3/negated_exists to master September 18, 2024 16:06
@Anilm3 Anilm3 marked this pull request as ready for review September 26, 2024 12:23
@Anilm3 Anilm3 requested a review from a team as a code owner September 26, 2024 12:23
cataphract
cataphract reviewed Sep 26, 2024
View reviewed changes
src/condition/scalar_condition.cpp Show resolved Hide resolved
src/matcher/equals.hpp Show resolved Hide resolved
src/parser/expression_parser.cpp Outdated Show resolved Hide resolved
@Anilm3 Anilm3 merged commit 851a05d into master Oct 3, 2024
50 checks passed
@Anilm3 Anilm3 deleted the anilm3/negated_scalar_condition branch October 3, 2024 11:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cataphract cataphract cataphract approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Anilm3 @codecov-commenter @cataphract