github.com/DataDog/datadog-agent/pkg/security/secl@v0.55.0-devel.0.20240517055856-10c4965fea94/rules/bucket.go

github.com/DataDog/datadog-agent/pkg/security/secl@v0.55.0-devel.0.20240517055856-10c4965fea94/rules/bucket.go (about)

     1  // Unless explicitly stated otherwise all files in this repository are licensed
     2  // under the Apache License Version 2.0.
     3  // This product includes software developed at Datadog (https://www.datadoghq.com/).
     4  // Copyright 2016-present Datadog, Inc.
     5  
     6  // Package rules holds rules related files
     7  package rules
     8  
     9  import (
    10  	"sort"
    11  
    12  	"github.com/DataDog/datadog-agent/pkg/security/secl/compiler/eval"
    13  )
    14  
    15  // RuleBucket groups rules with the same event type
    16  type RuleBucket struct {
    17  	rules  []*Rule
    18  	fields []eval.Field
    19  }
    20  
    21  // AddRule adds a rule to the bucket
    22  func (rb *RuleBucket) AddRule(rule *Rule) error {
    23  	for _, r := range rb.rules {
    24  		if r.ID == rule.ID {
    25  			return &ErrRuleLoad{Definition: rule.Definition, Err: ErrDefinitionIDConflict}
    26  		}
    27  	}
    28  
    29  	for _, field := range rule.GetEvaluator().GetFields() {
    30  		index := sort.SearchStrings(rb.fields, field)
    31  		if index < len(rb.fields) && rb.fields[index] == field {
    32  			continue
    33  		}
    34  		rb.fields = append(rb.fields, "")
    35  		copy(rb.fields[index+1:], rb.fields[index:])
    36  		rb.fields[index] = field
    37  	}
    38  
    39  	rb.rules = append(rb.rules, rule)
    40  	return nil
    41  }
    42  
    43  // GetRules returns the bucket rules
    44  func (rb *RuleBucket) GetRules() []*Rule {
    45  	return rb.rules
    46  }