github.com/DataDog/datadog-agent/pkg/security/secl@v0.55.0-devel.0.20240517055856-10c4965fea94/validators/rule_structure.go

github.com/DataDog/datadog-agent/pkg/security/secl@v0.55.0-devel.0.20240517055856-10c4965fea94/validators/rule_structure.go (about)

     1  // Unless explicitly stated otherwise all files in this repository are licensed
     2  // under the Apache License Version 2.0.
     3  // This product includes software developed at Datadog (https://www.datadoghq.com/).
     4  // Copyright 2016-present Datadog, Inc.
     5  
     6  // Package validators holds validators related files
     7  package validators
     8  
     9  import (
    10  	"github.com/DataDog/datadog-agent/pkg/security/secl/compiler/ast"
    11  	"github.com/DataDog/datadog-agent/pkg/security/secl/compiler/eval"
    12  	"github.com/DataDog/datadog-agent/pkg/security/secl/model"
    13  )
    14  
    15  // HasBareWildcardInField checks whether a rule has a bare wildcard
    16  func HasBareWildcardInField(rule *eval.Rule) (bool, error) {
    17  	parsingContext := ast.NewParsingContext()
    18  	localModel := &model.Model{}
    19  	if err := rule.GenEvaluator(localModel, parsingContext); err != nil {
    20  		return false, err
    21  	}
    22  
    23  	for _, fieldKey := range rule.GetFields() {
    24  		for _, fieldValue := range rule.GetFieldValues(fieldKey) {
    25  			if fieldValue.Type == eval.GlobValueType && fieldValue.Value == "/**" {
    26  				return true, nil
    27  			} else if fieldValue.Type == eval.RegexpValueType && fieldValue.Value == ".*" {
    28  				// Example: dns.question.name =~ r".*"
    29  				// matches any character (except for line terminators) >= 0 times
    30  				return true, nil
    31  			} else if fieldValue.Type == eval.ScalarValueType && fieldValue.Value == "*" {
    32  				return true, nil
    33  			}
    34  		}
    35  	}
    36  
    37  	return false, nil
    38  }