github.com/DataDog/datadog-agent/pkg/security/secl@v0.55.0-devel.0.20240517055856-10c4965fea94/rules/errors.go

github.com/DataDog/datadog-agent/pkg/security/secl@v0.55.0-devel.0.20240517055856-10c4965fea94/rules/errors.go (about)

     1  // Unless explicitly stated otherwise all files in this repository are licensed
     2  // under the Apache License Version 2.0.
     3  // This product includes software developed at Datadog (https://www.datadoghq.com/).
     4  // Copyright 2016-present Datadog, Inc.
     5  
     6  // Package rules holds rules related files
     7  package rules
     8  
     9  import (
    10  	"errors"
    11  	"fmt"
    12  	"strings"
    13  )
    14  
    15  var (
    16  	// ErrRuleWithoutID is returned when there is no ID
    17  	ErrRuleWithoutID = errors.New("no rule ID")
    18  
    19  	// ErrRuleWithoutExpression is returned when there is no expression
    20  	ErrRuleWithoutExpression = errors.New("no rule expression")
    21  
    22  	// ErrRuleIDPattern is returned when there is no expression
    23  	ErrRuleIDPattern = errors.New("rule ID pattern error")
    24  
    25  	// ErrRuleWithoutEvent is returned when no event type was inferred from the rule
    26  	ErrRuleWithoutEvent = errors.New("no event in the rule definition")
    27  
    28  	// ErrRuleWithMultipleEvents is returned when multiple event type were inferred from the rule
    29  	ErrRuleWithMultipleEvents = errors.New("rule with multiple events is not supported")
    30  
    31  	// ErrDefinitionIDConflict is returned when multiple rules use the same ID
    32  	ErrDefinitionIDConflict = errors.New("multiple definition with the same ID")
    33  
    34  	// ErrInternalIDConflict is returned when a user defined rule use an internal ID
    35  	ErrInternalIDConflict = errors.New("internal rule ID conflict")
    36  
    37  	// ErrEventTypeNotEnabled is returned when an event is not enabled
    38  	ErrEventTypeNotEnabled = errors.New("event type not enabled")
    39  
    40  	// ErrCannotMergeExpression is returned when trying to merge SECL expression
    41  	ErrCannotMergeExpression = errors.New("cannot merge expression")
    42  
    43  	// ErrRuleAgentVersion is returned when there is an agent version error
    44  	ErrRuleAgentVersion = errors.New("agent version incompatible")
    45  
    46  	// ErrRuleAgentFilter is returned when an agent rule was filtered
    47  	ErrRuleAgentFilter = errors.New("agent rule filtered")
    48  
    49  	// ErrNoRuleSetsInEvaluationSet is returned when no rule sets were provided to instantiate an evaluation set
    50  	ErrNoRuleSetsInEvaluationSet = errors.New("no rule sets provided to instantiate an evaluation set")
    51  
    52  	// ErrCannotChangeTagAfterLoading is returned when an attempt was made to change the tag on a ruleset that already has rules loaded
    53  	ErrCannotChangeTagAfterLoading = errors.New("cannot change tag on a rule set that already has rules loaded")
    54  )
    55  
    56  // ErrFieldTypeUnknown is returned when a field has an unknown type
    57  type ErrFieldTypeUnknown struct {
    58  	Field string
    59  }
    60  
    61  func (e *ErrFieldTypeUnknown) Error() string {
    62  	return fmt.Sprintf("field type unknown for `%s`", e.Field)
    63  }
    64  
    65  // ErrValueTypeUnknown is returned when the value of a field has an unknown type
    66  type ErrValueTypeUnknown struct {
    67  	Field string
    68  }
    69  
    70  func (e *ErrValueTypeUnknown) Error() string {
    71  	return fmt.Sprintf("value type unknown for `%s`", e.Field)
    72  }
    73  
    74  // ErrNoApprover is returned when no approver was found for a set of rules
    75  type ErrNoApprover struct {
    76  	Fields []string
    77  }
    78  
    79  func (e ErrNoApprover) Error() string {
    80  	return fmt.Sprintf("no approver for fields `%s`", strings.Join(e.Fields, ", "))
    81  }
    82  
    83  // ErrNoEventTypeBucket is returned when no bucket could be found for an event type
    84  type ErrNoEventTypeBucket struct {
    85  	EventType string
    86  }
    87  
    88  func (e ErrNoEventTypeBucket) Error() string {
    89  	return fmt.Sprintf("no bucket for event type `%s`", e.EventType)
    90  }
    91  
    92  // ErrPoliciesLoad is returned on policies dir error
    93  type ErrPoliciesLoad struct {
    94  	Name string
    95  	Err  error
    96  }
    97  
    98  func (e ErrPoliciesLoad) Error() string {
    99  	return fmt.Sprintf("policies dir read error `%s`: %s", e.Name, e.Err)
   100  }
   101  
   102  // ErrPolicyLoad is returned on policy file error
   103  type ErrPolicyLoad struct {
   104  	Name string
   105  	Err  error
   106  }
   107  
   108  func (e ErrPolicyLoad) Error() string {
   109  	return fmt.Sprintf("policy file error `%s`: %s", e.Name, e.Err)
   110  }
   111  
   112  // ErrMacroLoad is on macro definition error
   113  type ErrMacroLoad struct {
   114  	Definition *MacroDefinition
   115  	Err        error
   116  }
   117  
   118  func (e ErrMacroLoad) Error() string {
   119  	return fmt.Sprintf("macro `%s` definition error: %s", e.Definition.ID, e.Err)
   120  }
   121  
   122  // ErrRuleLoad is on rule definition error
   123  type ErrRuleLoad struct {
   124  	Definition *RuleDefinition
   125  	Err        error
   126  }
   127  
   128  func (e ErrRuleLoad) Error() string {
   129  	return fmt.Sprintf("rule `%s` error: %s", e.Definition.ID, e.Err)
   130  }
   131  
   132  // RuleLoadErrType defines an rule error type
   133  type RuleLoadErrType string
   134  
   135  const (
   136  	// AgentVersionErrType agent version incompatible
   137  	AgentVersionErrType RuleLoadErrType = "agent_version_error"
   138  	// AgentFilterErrType agent filter do not match
   139  	AgentFilterErrType RuleLoadErrType = "agent_filter_error"
   140  	// EventTypeNotEnabledErrType event type not enabled
   141  	EventTypeNotEnabledErrType RuleLoadErrType = "event_type_disabled"
   142  	// SyntaxErrType syntax error
   143  	SyntaxErrType RuleLoadErrType = "syntax_error"
   144  	// UnknownErrType undefined error
   145  	UnknownErrType RuleLoadErrType = "error"
   146  )
   147  
   148  // Type return the type of the error
   149  func (e ErrRuleLoad) Type() RuleLoadErrType {
   150  	switch e.Err {
   151  	case ErrRuleAgentVersion:
   152  		return AgentVersionErrType
   153  	case ErrRuleAgentFilter:
   154  		return AgentVersionErrType
   155  	case ErrEventTypeNotEnabled:
   156  		return EventTypeNotEnabledErrType
   157  	}
   158  
   159  	switch e.Err.(type) {
   160  	case *ErrFieldTypeUnknown, *ErrValueTypeUnknown, *ErrRuleSyntax:
   161  		return SyntaxErrType
   162  	}
   163  
   164  	return UnknownErrType
   165  }
   166  
   167  // ErrRuleSyntax is returned when there is a syntax error
   168  type ErrRuleSyntax struct {
   169  	Err error
   170  }
   171  
   172  func (e *ErrRuleSyntax) Error() string {
   173  	return fmt.Sprintf("syntax error `%v`", e.Err)
   174  }
   175  
   176  // ErrActionFilter is on filter definition error
   177  type ErrActionFilter struct {
   178  	Expression string
   179  	Err        error
   180  }
   181  
   182  func (e ErrActionFilter) Error() string {
   183  	return fmt.Sprintf("filter `%s` error: %s", e.Expression, e.Err)
   184  }