oso-oso 0.21.0 → 0.22.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +1 -1
- data/Gemfile.lock +1 -1
- data/ext/oso-oso/lib/libpolar.dylib +0 -0
- data/ext/oso-oso/lib/libpolar.so +0 -0
- data/ext/oso-oso/lib/polar.dll +0 -0
- data/lib/oso/oso.rb +10 -0
- data/lib/oso/polar/data_filtering.rb +31 -6
- data/lib/oso/polar/host.rb +11 -3
- data/lib/oso/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 328999aba2d62f777db79b812e762b2546e49a80
|
|
4
|
+
data.tar.gz: ad1803fa38712d1272d494300dafbab11d4e322a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2706c6fd40a1fe5e33e2b48fddfb4814031b75f5c62e7bb832b2ecc2707e3111d6b6cfa749863743b4c3424d90daca69dc5662d1fd83577b2fb95656eb3c54a4
|
|
7
|
+
data.tar.gz: e274ad60e2dcaed817e46f38f55362b87bad70f6d67b3cdaad838762459d0172e9e37cf6aa23e4256536bb6e807c54aefce8b97f817cbbad4b68d1ab097cf5a2
|
data/.gitignore
CHANGED
data/Gemfile.lock
CHANGED
|
Binary file
|
data/ext/oso-oso/lib/libpolar.so
CHANGED
|
Binary file
|
data/ext/oso-oso/lib/polar.dll
CHANGED
|
Binary file
|
data/lib/oso/oso.rb
CHANGED
|
@@ -218,5 +218,15 @@ module Oso
|
|
|
218
218
|
|
|
219
219
|
host.types[get_class_name resource_cls].exec_query[q]
|
|
220
220
|
end
|
|
221
|
+
|
|
222
|
+
# Register default values for data filtering query functions.
|
|
223
|
+
# These can be overridden by passing specific implementations to
|
|
224
|
+
# `register_class` or by defining `build_query`, `exec_query` and
|
|
225
|
+
# `combine_query` methods on the class object.
|
|
226
|
+
def set_data_filtering_query_defaults(build_query: nil, exec_query: nil, combine_query: nil)
|
|
227
|
+
host.build_query = build_query if build_query
|
|
228
|
+
host.exec_query = exec_query if exec_query
|
|
229
|
+
host.combine_query = combine_query if combine_query
|
|
230
|
+
end
|
|
221
231
|
end
|
|
222
232
|
end
|
|
@@ -4,6 +4,7 @@ module Oso
|
|
|
4
4
|
module Polar
|
|
5
5
|
# Data filtering interface for Ruby
|
|
6
6
|
module DataFiltering
|
|
7
|
+
GETATTR = ->(x, attr) { attr.nil? ? x : x.send(attr) }
|
|
7
8
|
# Represents a set of filter sequences that should allow the host
|
|
8
9
|
# to obtain the records satisfying a query.
|
|
9
10
|
class FilterPlan
|
|
@@ -29,7 +30,7 @@ module Oso
|
|
|
29
30
|
result_sets.each_with_object([]) do |rs, qb|
|
|
30
31
|
rs.resolve_order.each_with_object({}) do |i, set_results|
|
|
31
32
|
req = rs.requests[i]
|
|
32
|
-
cs = req.
|
|
33
|
+
cs = req.ground(set_results)
|
|
33
34
|
typ = @polar.host.types[req.class_tag]
|
|
34
35
|
q = typ.build_query[cs]
|
|
35
36
|
if i != rs.result_id
|
|
@@ -68,6 +69,7 @@ module Oso
|
|
|
68
69
|
attr_reader :constraints, :class_tag
|
|
69
70
|
|
|
70
71
|
def self.parse(polar, parsed_json)
|
|
72
|
+
@polar = polar
|
|
71
73
|
constraints = parsed_json['constraints'].map do |con|
|
|
72
74
|
Filter.parse polar, con
|
|
73
75
|
end
|
|
@@ -76,6 +78,24 @@ module Oso
|
|
|
76
78
|
new(constraints: constraints, class_tag: class_tag)
|
|
77
79
|
end
|
|
78
80
|
|
|
81
|
+
def ground(results) # rubocop:disable Metrics/MethodLength, Metrics/CyclomaticComplexity, Metrics/AbcSize, Metrics/PerceivedComplexity
|
|
82
|
+
xrefs, rest = constraints.partition do |c|
|
|
83
|
+
c.value.is_a?(Ref) and !c.value.result_id.nil?
|
|
84
|
+
end
|
|
85
|
+
|
|
86
|
+
yrefs, nrefs = xrefs.partition { |r| %w[In Eq].include? r.kind }
|
|
87
|
+
[[yrefs, 'In'], [nrefs, 'Nin']].each do |refs, kind|
|
|
88
|
+
next unless refs.any?
|
|
89
|
+
|
|
90
|
+
refs.group_by { |f| f.value.result_id }.each do |rid, fils|
|
|
91
|
+
value = results[rid].map { |r| fils.map { |f| GETATTR[r, f.value.field] } }
|
|
92
|
+
field = fils.map(&:field)
|
|
93
|
+
rest.push(Filter.new(kind: kind, value: value, field: field))
|
|
94
|
+
end
|
|
95
|
+
end
|
|
96
|
+
rest
|
|
97
|
+
end
|
|
98
|
+
|
|
79
99
|
def initialize(constraints:, class_tag:)
|
|
80
100
|
@constraints = constraints
|
|
81
101
|
@class_tag = class_tag
|
|
@@ -127,6 +147,7 @@ module Oso
|
|
|
127
147
|
'Eq' => ->(a, b) { a == b },
|
|
128
148
|
'In' => ->(a, b) { b.include? a },
|
|
129
149
|
'Neq' => ->(a, b) { a != b },
|
|
150
|
+
'Nin' => ->(a, b) { !b.include?(a) },
|
|
130
151
|
'Contains' => ->(a, b) { a.include? b }
|
|
131
152
|
}.freeze
|
|
132
153
|
|
|
@@ -138,8 +159,6 @@ module Oso
|
|
|
138
159
|
@kind = kind
|
|
139
160
|
@field = field
|
|
140
161
|
@value = value
|
|
141
|
-
@check = CHECKS[kind]
|
|
142
|
-
raise "Unknown constraint kind `#{kind}`" if @check.nil?
|
|
143
162
|
end
|
|
144
163
|
|
|
145
164
|
def ground(results)
|
|
@@ -150,10 +169,16 @@ module Oso
|
|
|
150
169
|
@value = value.map { |v| v.send ref.field } unless ref.field.nil?
|
|
151
170
|
end
|
|
152
171
|
|
|
153
|
-
def check(item)
|
|
172
|
+
def check(item) # rubocop:disable Metrics/AbcSize
|
|
154
173
|
val = value.is_a?(Field) ? item.send(value.field) : value
|
|
155
|
-
item = field.nil?
|
|
156
|
-
|
|
174
|
+
item = if field.nil?
|
|
175
|
+
item
|
|
176
|
+
elsif field.is_a? Array
|
|
177
|
+
field.map { |f| GETATTR[item, f] }
|
|
178
|
+
else
|
|
179
|
+
item.send field
|
|
180
|
+
end
|
|
181
|
+
CHECKS[@kind][item, val]
|
|
157
182
|
end
|
|
158
183
|
|
|
159
184
|
def self.parse(polar, constraint) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
|
data/lib/oso/polar/host.rb
CHANGED
|
@@ -67,12 +67,20 @@ module Oso
|
|
|
67
67
|
public
|
|
68
68
|
|
|
69
69
|
attr_writer :accept_expression
|
|
70
|
+
attr_accessor :build_query, :combine_query, :exec_query
|
|
71
|
+
|
|
72
|
+
DEFAULT_COMBINE_QUERY = proc { raise 'implement combine_query to use data filtering' }
|
|
73
|
+
DEFAULT_BUILD_QUERY = proc { raise 'implement build_query to use data filtering' }
|
|
74
|
+
DEFAULT_EXEC_QUERY = proc { raise 'implement exec_query to use data filtering' }
|
|
70
75
|
|
|
71
76
|
def initialize(ffi_polar)
|
|
72
77
|
@ffi_polar = ffi_polar
|
|
73
78
|
@types = {}
|
|
74
79
|
@instances = {}
|
|
75
80
|
@accept_expression = false
|
|
81
|
+
@combine_query = DEFAULT_COMBINE_QUERY
|
|
82
|
+
@build_query = DEFAULT_BUILD_QUERY
|
|
83
|
+
@exec_query = DEFAULT_EXEC_QUERY
|
|
76
84
|
end
|
|
77
85
|
|
|
78
86
|
def initialize_copy(other)
|
|
@@ -107,9 +115,9 @@ module Oso
|
|
|
107
115
|
klass: PolarClass.new(cls),
|
|
108
116
|
id: cache_instance(cls),
|
|
109
117
|
fields: fields || {},
|
|
110
|
-
combine_query: combine_query,
|
|
111
|
-
exec_query: exec_query,
|
|
112
|
-
build_query: build_query
|
|
118
|
+
combine_query: combine_query || self.combine_query,
|
|
119
|
+
exec_query: exec_query || self.exec_query,
|
|
120
|
+
build_query: build_query || self.build_query
|
|
113
121
|
)
|
|
114
122
|
name
|
|
115
123
|
end
|
data/lib/oso/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: oso-oso
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.22.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Oso Security, Inc.
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-10-19 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: ffi
|