oso-oso 0.21.0 → 0.22.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +1 -1
- data/Gemfile.lock +1 -1
- data/ext/oso-oso/lib/libpolar.dylib +0 -0
- data/ext/oso-oso/lib/libpolar.so +0 -0
- data/ext/oso-oso/lib/polar.dll +0 -0
- data/lib/oso/oso.rb +10 -0
- data/lib/oso/polar/data_filtering.rb +31 -6
- data/lib/oso/polar/host.rb +11 -3
- data/lib/oso/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 328999aba2d62f777db79b812e762b2546e49a80
|
4
|
+
data.tar.gz: ad1803fa38712d1272d494300dafbab11d4e322a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2706c6fd40a1fe5e33e2b48fddfb4814031b75f5c62e7bb832b2ecc2707e3111d6b6cfa749863743b4c3424d90daca69dc5662d1fd83577b2fb95656eb3c54a4
|
7
|
+
data.tar.gz: e274ad60e2dcaed817e46f38f55362b87bad70f6d67b3cdaad838762459d0172e9e37cf6aa23e4256536bb6e807c54aefce8b97f817cbbad4b68d1ab097cf5a2
|
data/.gitignore
CHANGED
data/Gemfile.lock
CHANGED
Binary file
|
data/ext/oso-oso/lib/libpolar.so
CHANGED
Binary file
|
data/ext/oso-oso/lib/polar.dll
CHANGED
Binary file
|
data/lib/oso/oso.rb
CHANGED
@@ -218,5 +218,15 @@ module Oso
|
|
218
218
|
|
219
219
|
host.types[get_class_name resource_cls].exec_query[q]
|
220
220
|
end
|
221
|
+
|
222
|
+
# Register default values for data filtering query functions.
|
223
|
+
# These can be overridden by passing specific implementations to
|
224
|
+
# `register_class` or by defining `build_query`, `exec_query` and
|
225
|
+
# `combine_query` methods on the class object.
|
226
|
+
def set_data_filtering_query_defaults(build_query: nil, exec_query: nil, combine_query: nil)
|
227
|
+
host.build_query = build_query if build_query
|
228
|
+
host.exec_query = exec_query if exec_query
|
229
|
+
host.combine_query = combine_query if combine_query
|
230
|
+
end
|
221
231
|
end
|
222
232
|
end
|
@@ -4,6 +4,7 @@ module Oso
|
|
4
4
|
module Polar
|
5
5
|
# Data filtering interface for Ruby
|
6
6
|
module DataFiltering
|
7
|
+
GETATTR = ->(x, attr) { attr.nil? ? x : x.send(attr) }
|
7
8
|
# Represents a set of filter sequences that should allow the host
|
8
9
|
# to obtain the records satisfying a query.
|
9
10
|
class FilterPlan
|
@@ -29,7 +30,7 @@ module Oso
|
|
29
30
|
result_sets.each_with_object([]) do |rs, qb|
|
30
31
|
rs.resolve_order.each_with_object({}) do |i, set_results|
|
31
32
|
req = rs.requests[i]
|
32
|
-
cs = req.
|
33
|
+
cs = req.ground(set_results)
|
33
34
|
typ = @polar.host.types[req.class_tag]
|
34
35
|
q = typ.build_query[cs]
|
35
36
|
if i != rs.result_id
|
@@ -68,6 +69,7 @@ module Oso
|
|
68
69
|
attr_reader :constraints, :class_tag
|
69
70
|
|
70
71
|
def self.parse(polar, parsed_json)
|
72
|
+
@polar = polar
|
71
73
|
constraints = parsed_json['constraints'].map do |con|
|
72
74
|
Filter.parse polar, con
|
73
75
|
end
|
@@ -76,6 +78,24 @@ module Oso
|
|
76
78
|
new(constraints: constraints, class_tag: class_tag)
|
77
79
|
end
|
78
80
|
|
81
|
+
def ground(results) # rubocop:disable Metrics/MethodLength, Metrics/CyclomaticComplexity, Metrics/AbcSize, Metrics/PerceivedComplexity
|
82
|
+
xrefs, rest = constraints.partition do |c|
|
83
|
+
c.value.is_a?(Ref) and !c.value.result_id.nil?
|
84
|
+
end
|
85
|
+
|
86
|
+
yrefs, nrefs = xrefs.partition { |r| %w[In Eq].include? r.kind }
|
87
|
+
[[yrefs, 'In'], [nrefs, 'Nin']].each do |refs, kind|
|
88
|
+
next unless refs.any?
|
89
|
+
|
90
|
+
refs.group_by { |f| f.value.result_id }.each do |rid, fils|
|
91
|
+
value = results[rid].map { |r| fils.map { |f| GETATTR[r, f.value.field] } }
|
92
|
+
field = fils.map(&:field)
|
93
|
+
rest.push(Filter.new(kind: kind, value: value, field: field))
|
94
|
+
end
|
95
|
+
end
|
96
|
+
rest
|
97
|
+
end
|
98
|
+
|
79
99
|
def initialize(constraints:, class_tag:)
|
80
100
|
@constraints = constraints
|
81
101
|
@class_tag = class_tag
|
@@ -127,6 +147,7 @@ module Oso
|
|
127
147
|
'Eq' => ->(a, b) { a == b },
|
128
148
|
'In' => ->(a, b) { b.include? a },
|
129
149
|
'Neq' => ->(a, b) { a != b },
|
150
|
+
'Nin' => ->(a, b) { !b.include?(a) },
|
130
151
|
'Contains' => ->(a, b) { a.include? b }
|
131
152
|
}.freeze
|
132
153
|
|
@@ -138,8 +159,6 @@ module Oso
|
|
138
159
|
@kind = kind
|
139
160
|
@field = field
|
140
161
|
@value = value
|
141
|
-
@check = CHECKS[kind]
|
142
|
-
raise "Unknown constraint kind `#{kind}`" if @check.nil?
|
143
162
|
end
|
144
163
|
|
145
164
|
def ground(results)
|
@@ -150,10 +169,16 @@ module Oso
|
|
150
169
|
@value = value.map { |v| v.send ref.field } unless ref.field.nil?
|
151
170
|
end
|
152
171
|
|
153
|
-
def check(item)
|
172
|
+
def check(item) # rubocop:disable Metrics/AbcSize
|
154
173
|
val = value.is_a?(Field) ? item.send(value.field) : value
|
155
|
-
item = field.nil?
|
156
|
-
|
174
|
+
item = if field.nil?
|
175
|
+
item
|
176
|
+
elsif field.is_a? Array
|
177
|
+
field.map { |f| GETATTR[item, f] }
|
178
|
+
else
|
179
|
+
item.send field
|
180
|
+
end
|
181
|
+
CHECKS[@kind][item, val]
|
157
182
|
end
|
158
183
|
|
159
184
|
def self.parse(polar, constraint) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
|
data/lib/oso/polar/host.rb
CHANGED
@@ -67,12 +67,20 @@ module Oso
|
|
67
67
|
public
|
68
68
|
|
69
69
|
attr_writer :accept_expression
|
70
|
+
attr_accessor :build_query, :combine_query, :exec_query
|
71
|
+
|
72
|
+
DEFAULT_COMBINE_QUERY = proc { raise 'implement combine_query to use data filtering' }
|
73
|
+
DEFAULT_BUILD_QUERY = proc { raise 'implement build_query to use data filtering' }
|
74
|
+
DEFAULT_EXEC_QUERY = proc { raise 'implement exec_query to use data filtering' }
|
70
75
|
|
71
76
|
def initialize(ffi_polar)
|
72
77
|
@ffi_polar = ffi_polar
|
73
78
|
@types = {}
|
74
79
|
@instances = {}
|
75
80
|
@accept_expression = false
|
81
|
+
@combine_query = DEFAULT_COMBINE_QUERY
|
82
|
+
@build_query = DEFAULT_BUILD_QUERY
|
83
|
+
@exec_query = DEFAULT_EXEC_QUERY
|
76
84
|
end
|
77
85
|
|
78
86
|
def initialize_copy(other)
|
@@ -107,9 +115,9 @@ module Oso
|
|
107
115
|
klass: PolarClass.new(cls),
|
108
116
|
id: cache_instance(cls),
|
109
117
|
fields: fields || {},
|
110
|
-
combine_query: combine_query,
|
111
|
-
exec_query: exec_query,
|
112
|
-
build_query: build_query
|
118
|
+
combine_query: combine_query || self.combine_query,
|
119
|
+
exec_query: exec_query || self.exec_query,
|
120
|
+
build_query: build_query || self.build_query
|
113
121
|
)
|
114
122
|
name
|
115
123
|
end
|
data/lib/oso/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: oso-oso
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.22.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Oso Security, Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-10-19 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: ffi
|