oso-oso 0.21.0 → 0.22.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +1 -1
  3. data/Gemfile.lock +1 -1
  4. data/ext/oso-oso/lib/libpolar.dylib +0 -0
  5. data/ext/oso-oso/lib/libpolar.so +0 -0
  6. data/ext/oso-oso/lib/polar.dll +0 -0
  7. data/lib/oso/oso.rb +10 -0
  8. data/lib/oso/polar/data_filtering.rb +31 -6
  9. data/lib/oso/polar/host.rb +11 -3
  10. data/lib/oso/version.rb +1 -1
  11. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: a9fbbff1209cf44803895d162562cb6d9c8a4c37
4
- data.tar.gz: 8196f85296430d4c85a283bfec132c05a86e1433
3
+ metadata.gz: 328999aba2d62f777db79b812e762b2546e49a80
4
+ data.tar.gz: ad1803fa38712d1272d494300dafbab11d4e322a
5
5
  SHA512:
6
- metadata.gz: 2d49aec9759922b92b874f981709a57b6c04afc1b30762302c6020a37bde144d0b56b0343482f7f18ed96f3c3d298a0e493967fbbf8939fb91cc7dc493417e54
7
- data.tar.gz: 867123b379ef0ff554f9c433d317826e6b6e3b84a26008fe97e56f83d588737064ba71b61f4c5848969b7c6f6a0fd2cef9e8a488f238a86a152dcef7b452844e
6
+ metadata.gz: 2706c6fd40a1fe5e33e2b48fddfb4814031b75f5c62e7bb832b2ecc2707e3111d6b6cfa749863743b4c3424d90daca69dc5662d1fd83577b2fb95656eb3c54a4
7
+ data.tar.gz: e274ad60e2dcaed817e46f38f55362b87bad70f6d67b3cdaad838762459d0172e9e37cf6aa23e4256536bb6e807c54aefce8b97f817cbbad4b68d1ab097cf5a2
data/.gitignore CHANGED
@@ -7,7 +7,7 @@
7
7
  /spec/reports/
8
8
  /tmp/
9
9
  vendor
10
- active_record_test.db
10
+ *test.db
11
11
 
12
12
  # rspec failure tracking
13
13
  .rspec_status
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- oso-oso (0.21.0)
4
+ oso-oso (0.22.0)
5
5
  ffi (~> 1.0)
6
6
 
7
7
  GEM
data/ext/oso-oso/lib/libpolar.dylib CHANGED
Binary file
data/ext/oso-oso/lib/libpolar.so CHANGED
Binary file
data/ext/oso-oso/lib/polar.dll CHANGED
Binary file
data/lib/oso/oso.rb CHANGED
@@ -218,5 +218,15 @@ module Oso
218
218
 
219
219
  host.types[get_class_name resource_cls].exec_query[q]
220
220
  end
221
+
222
+ # Register default values for data filtering query functions.
223
+ # These can be overridden by passing specific implementations to
224
+ # `register_class` or by defining `build_query`, `exec_query` and
225
+ # `combine_query` methods on the class object.
226
+ def set_data_filtering_query_defaults(build_query: nil, exec_query: nil, combine_query: nil)
227
+ host.build_query = build_query if build_query
228
+ host.exec_query = exec_query if exec_query
229
+ host.combine_query = combine_query if combine_query
230
+ end
221
231
  end
222
232
  end
data/lib/oso/polar/data_filtering.rb CHANGED
@@ -4,6 +4,7 @@ module Oso
4
4
  module Polar
5
5
  # Data filtering interface for Ruby
6
6
  module DataFiltering
7
+ GETATTR = ->(x, attr) { attr.nil? ? x : x.send(attr) }
7
8
  # Represents a set of filter sequences that should allow the host
8
9
  # to obtain the records satisfying a query.
9
10
  class FilterPlan
@@ -29,7 +30,7 @@ module Oso
29
30
  result_sets.each_with_object([]) do |rs, qb|
30
31
  rs.resolve_order.each_with_object({}) do |i, set_results|
31
32
  req = rs.requests[i]
32
- cs = req.constraints.each { |c| c.ground set_results }
33
+ cs = req.ground(set_results)
33
34
  typ = @polar.host.types[req.class_tag]
34
35
  q = typ.build_query[cs]
35
36
  if i != rs.result_id
@@ -68,6 +69,7 @@ module Oso
68
69
  attr_reader :constraints, :class_tag
69
70
 
70
71
  def self.parse(polar, parsed_json)
72
+ @polar = polar
71
73
  constraints = parsed_json['constraints'].map do |con|
72
74
  Filter.parse polar, con
73
75
  end
@@ -76,6 +78,24 @@ module Oso
76
78
  new(constraints: constraints, class_tag: class_tag)
77
79
  end
78
80
 
81
+ def ground(results) # rubocop:disable Metrics/MethodLength, Metrics/CyclomaticComplexity, Metrics/AbcSize, Metrics/PerceivedComplexity
82
+ xrefs, rest = constraints.partition do |c|
83
+ c.value.is_a?(Ref) and !c.value.result_id.nil?
84
+ end
85
+
86
+ yrefs, nrefs = xrefs.partition { |r| %w[In Eq].include? r.kind }
87
+ [[yrefs, 'In'], [nrefs, 'Nin']].each do |refs, kind|
88
+ next unless refs.any?
89
+
90
+ refs.group_by { |f| f.value.result_id }.each do |rid, fils|
91
+ value = results[rid].map { |r| fils.map { |f| GETATTR[r, f.value.field] } }
92
+ field = fils.map(&:field)
93
+ rest.push(Filter.new(kind: kind, value: value, field: field))
94
+ end
95
+ end
96
+ rest
97
+ end
98
+
79
99
  def initialize(constraints:, class_tag:)
80
100
  @constraints = constraints
81
101
  @class_tag = class_tag
@@ -127,6 +147,7 @@ module Oso
127
147
  'Eq' => ->(a, b) { a == b },
128
148
  'In' => ->(a, b) { b.include? a },
129
149
  'Neq' => ->(a, b) { a != b },
150
+ 'Nin' => ->(a, b) { !b.include?(a) },
130
151
  'Contains' => ->(a, b) { a.include? b }
131
152
  }.freeze
132
153
 
@@ -138,8 +159,6 @@ module Oso
138
159
  @kind = kind
139
160
  @field = field
140
161
  @value = value
141
- @check = CHECKS[kind]
142
- raise "Unknown constraint kind `#{kind}`" if @check.nil?
143
162
  end
144
163
 
145
164
  def ground(results)
@@ -150,10 +169,16 @@ module Oso
150
169
  @value = value.map { |v| v.send ref.field } unless ref.field.nil?
151
170
  end
152
171
 
153
- def check(item)
172
+ def check(item) # rubocop:disable Metrics/AbcSize
154
173
  val = value.is_a?(Field) ? item.send(value.field) : value
155
- item = field.nil? ? item : item.send(field)
156
- @check[item, val]
174
+ item = if field.nil?
175
+ item
176
+ elsif field.is_a? Array
177
+ field.map { |f| GETATTR[item, f] }
178
+ else
179
+ item.send field
180
+ end
181
+ CHECKS[@kind][item, val]
157
182
  end
158
183
 
159
184
  def self.parse(polar, constraint) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
data/lib/oso/polar/host.rb CHANGED
@@ -67,12 +67,20 @@ module Oso
67
67
  public
68
68
 
69
69
  attr_writer :accept_expression
70
+ attr_accessor :build_query, :combine_query, :exec_query
71
+
72
+ DEFAULT_COMBINE_QUERY = proc { raise 'implement combine_query to use data filtering' }
73
+ DEFAULT_BUILD_QUERY = proc { raise 'implement build_query to use data filtering' }
74
+ DEFAULT_EXEC_QUERY = proc { raise 'implement exec_query to use data filtering' }
70
75
 
71
76
  def initialize(ffi_polar)
72
77
  @ffi_polar = ffi_polar
73
78
  @types = {}
74
79
  @instances = {}
75
80
  @accept_expression = false
81
+ @combine_query = DEFAULT_COMBINE_QUERY
82
+ @build_query = DEFAULT_BUILD_QUERY
83
+ @exec_query = DEFAULT_EXEC_QUERY
76
84
  end
77
85
 
78
86
  def initialize_copy(other)
@@ -107,9 +115,9 @@ module Oso
107
115
  klass: PolarClass.new(cls),
108
116
  id: cache_instance(cls),
109
117
  fields: fields || {},
110
- combine_query: combine_query,
111
- exec_query: exec_query,
112
- build_query: build_query
118
+ combine_query: combine_query || self.combine_query,
119
+ exec_query: exec_query || self.exec_query,
120
+ build_query: build_query || self.build_query
113
121
  )
114
122
  name
115
123
  end
data/lib/oso/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Oso
4
- VERSION = '0.21.0'
4
+ VERSION = '0.22.0'
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: oso-oso
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.21.0
4
+ version: 0.22.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Oso Security, Inc.
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-09-28 00:00:00.000000000 Z
11
+ date: 2021-10-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: ffi