Skip to content

Commit

Permalink
[CWS] always use HumanReadableDuration through a pointer so that unma…
Browse files Browse the repository at this point in the history
…rshalling works (DataDog#31760)
  • Loading branch information
paulcacheux authored Dec 4, 2024
1 parent 8c229a7 commit 1cb4d27
Show file tree
Hide file tree
Showing 6 changed files with 37 additions and 34 deletions.
2 changes: 1 addition & 1 deletion pkg/security/probe/selftests/ebpfless.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ func (o *EBPFLessSelfTest) GetRuleDefinition() *rules.RuleDefinition {
return &rules.RuleDefinition{
ID: o.ruleID,
Expression: `exec.file.path != "" && process.parent.pid == 0 && process.ppid == 0`,
Every: rules.HumanReadableDuration{
Every: &rules.HumanReadableDuration{
Duration: time.Duration(math.MaxInt64),
},
Silent: true,
Expand Down
50 changes: 25 additions & 25 deletions pkg/security/secl/rules/model.go
Original file line number Diff line number Diff line change
Expand Up @@ -63,21 +63,21 @@ type RuleID = string

// RuleDefinition holds the definition of a rule
type RuleDefinition struct {
ID RuleID `yaml:"id,omitempty" json:"id"`
Version string `yaml:"version,omitempty" json:"version,omitempty"`
Expression string `yaml:"expression" json:"expression,omitempty"`
Description string `yaml:"description,omitempty" json:"description,omitempty"`
Tags map[string]string `yaml:"tags,omitempty" json:"tags,omitempty"`
AgentVersionConstraint string `yaml:"agent_version,omitempty" json:"agent_version,omitempty"`
Filters []string `yaml:"filters,omitempty" json:"filters,omitempty"`
Disabled bool `yaml:"disabled,omitempty" json:"disabled,omitempty"`
Combine CombinePolicy `yaml:"combine,omitempty" json:"combine,omitempty" jsonschema:"enum=override"`
OverrideOptions OverrideOptions `yaml:"override_options,omitempty" json:"override_options,omitempty"`
Actions []*ActionDefinition `yaml:"actions,omitempty" json:"actions,omitempty"`
Every HumanReadableDuration `yaml:"every,omitempty" json:"every,omitempty"`
RateLimiterToken []string `yaml:"limiter_token,omitempty" json:"limiter_token,omitempty"`
Silent bool `yaml:"silent,omitempty" json:"silent,omitempty"`
GroupID string `yaml:"group_id,omitempty" json:"group_id,omitempty"`
ID RuleID `yaml:"id,omitempty" json:"id"`
Version string `yaml:"version,omitempty" json:"version,omitempty"`
Expression string `yaml:"expression" json:"expression,omitempty"`
Description string `yaml:"description,omitempty" json:"description,omitempty"`
Tags map[string]string `yaml:"tags,omitempty" json:"tags,omitempty"`
AgentVersionConstraint string `yaml:"agent_version,omitempty" json:"agent_version,omitempty"`
Filters []string `yaml:"filters,omitempty" json:"filters,omitempty"`
Disabled bool `yaml:"disabled,omitempty" json:"disabled,omitempty"`
Combine CombinePolicy `yaml:"combine,omitempty" json:"combine,omitempty" jsonschema:"enum=override"`
OverrideOptions OverrideOptions `yaml:"override_options,omitempty" json:"override_options,omitempty"`
Actions []*ActionDefinition `yaml:"actions,omitempty" json:"actions,omitempty"`
Every *HumanReadableDuration `yaml:"every,omitempty" json:"every,omitempty"`
RateLimiterToken []string `yaml:"limiter_token,omitempty" json:"limiter_token,omitempty"`
Silent bool `yaml:"silent,omitempty" json:"silent,omitempty"`
GroupID string `yaml:"group_id,omitempty" json:"group_id,omitempty"`
}

// GetTag returns the tag value associated with a tag key
Expand Down Expand Up @@ -133,19 +133,19 @@ type Scope string

// SetDefinition describes the 'set' section of a rule action
type SetDefinition struct {
Name string `yaml:"name" json:"name"`
Value interface{} `yaml:"value" json:"value,omitempty" jsonschema:"oneof_required=SetWithValue,oneof_type=string;integer;boolean;array"`
Field string `yaml:"field" json:"field,omitempty" jsonschema:"oneof_required=SetWithField"`
Append bool `yaml:"append" json:"append,omitempty"`
Scope Scope `yaml:"scope" json:"scope,omitempty" jsonschema:"enum=process,enum=container"`
Size int `yaml:"size" json:"size,omitempty"`
TTL HumanReadableDuration `yaml:"ttl" json:"ttl,omitempty"`
Name string `yaml:"name" json:"name"`
Value interface{} `yaml:"value" json:"value,omitempty" jsonschema:"oneof_required=SetWithValue,oneof_type=string;integer;boolean;array"`
Field string `yaml:"field" json:"field,omitempty" jsonschema:"oneof_required=SetWithField"`
Append bool `yaml:"append" json:"append,omitempty"`
Scope Scope `yaml:"scope" json:"scope,omitempty" jsonschema:"enum=process,enum=container"`
Size int `yaml:"size" json:"size,omitempty"`
TTL *HumanReadableDuration `yaml:"ttl" json:"ttl,omitempty"`
}

// KillDisarmerParamsDefinition describes the parameters of a kill action disarmer
type KillDisarmerParamsDefinition struct {
MaxAllowed int `yaml:"max_allowed" json:"max_allowed,omitempty" jsonschema:"description=The maximum number of allowed kill actions within the period,example=5"`
Period HumanReadableDuration `yaml:"period" json:"period,omitempty" jsonschema:"description=The period of time during which the maximum number of allowed kill actions is calculated,example=1m"`
MaxAllowed int `yaml:"max_allowed" json:"max_allowed,omitempty" jsonschema:"description=The maximum number of allowed kill actions within the period,example=5"`
Period *HumanReadableDuration `yaml:"period" json:"period,omitempty" jsonschema:"description=The period of time during which the maximum number of allowed kill actions is calculated,example=1m"`
}

// KillDisarmerDefinition describes the 'disarmer' section of a kill action
Expand Down Expand Up @@ -200,7 +200,7 @@ type HumanReadableDuration struct {
}

// MarshalYAML marshals a duration to a human readable format
func (d HumanReadableDuration) MarshalYAML() (interface{}, error) {
func (d *HumanReadableDuration) MarshalYAML() (interface{}, error) {
return d.String(), nil
}

Expand Down
2 changes: 1 addition & 1 deletion pkg/security/secl/rules/policy_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -340,7 +340,7 @@ func TestActionSetVariableTTL(t *testing.T) {
Name: "var1",
Append: true,
Value: []string{"foo"},
TTL: HumanReadableDuration{
TTL: &HumanReadableDuration{
Duration: 1 * time.Second,
},
},
Expand Down
5 changes: 4 additions & 1 deletion pkg/security/secl/rules/ruleset.go
Original file line number Diff line number Diff line change
Expand Up @@ -241,7 +241,10 @@ func (rs *RuleSet) PopulateFieldsWithRuleActionsData(policyRules []*PolicyRule,
variableProvider = &rs.globalVariables
}

opts := eval.VariableOpts{TTL: actionDef.Set.TTL.Duration, Size: actionDef.Set.Size}
opts := eval.VariableOpts{Size: actionDef.Set.Size}
if actionDef.Set.TTL != nil {
opts.TTL = actionDef.Set.TTL.Duration
}

variable, err := variableProvider.GetVariable(actionDef.Set.Name, variableValue, opts)
if err != nil {
Expand Down
8 changes: 4 additions & 4 deletions pkg/security/tests/action_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -619,13 +619,13 @@ func TestActionKillDisarmFromRule(t *testing.T) {
Disarmer: &rules.KillDisarmerDefinition{
Executable: &rules.KillDisarmerParamsDefinition{
MaxAllowed: 1,
Period: rules.HumanReadableDuration{
Period: &rules.HumanReadableDuration{
Duration: enforcementDisarmerExecutablePeriod,
},
},
Container: &rules.KillDisarmerParamsDefinition{
MaxAllowed: 1,
Period: rules.HumanReadableDuration{
Period: &rules.HumanReadableDuration{
Duration: enforcementDisarmerContainerPeriod,
},
},
Expand All @@ -644,13 +644,13 @@ func TestActionKillDisarmFromRule(t *testing.T) {
Disarmer: &rules.KillDisarmerDefinition{
Executable: &rules.KillDisarmerParamsDefinition{
MaxAllowed: 1,
Period: rules.HumanReadableDuration{
Period: &rules.HumanReadableDuration{
Duration: enforcementDisarmerExecutablePeriod,
},
},
Container: &rules.KillDisarmerParamsDefinition{
MaxAllowed: 1,
Period: rules.HumanReadableDuration{
Period: &rules.HumanReadableDuration{
Duration: enforcementDisarmerContainerPeriod,
},
},
Expand Down
4 changes: 2 additions & 2 deletions pkg/security/tests/event_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -106,15 +106,15 @@ func TestEventRaleLimiters(t *testing.T) {
{
ID: "test_unique_id",
Expression: `open.file.path == "{{.Root}}/test-unique-id"`,
Every: rules.HumanReadableDuration{
Every: &rules.HumanReadableDuration{
Duration: 5 * time.Second,
},
RateLimiterToken: []string{"process.file.name"},
},
{
ID: "test_std",
Expression: `open.file.path == "{{.Root}}/test-std"`,
Every: rules.HumanReadableDuration{
Every: &rules.HumanReadableDuration{
Duration: 5 * time.Second,
},
},
Expand Down

0 comments on commit 1cb4d27

Please sign in to comment.