Add support for parsing "intersects" operator

Related to the changes in https://github.com/draios/sysdig/pull/1501,
add support for an "intersects" operator that verifies if any of the
values in the rhs of an expression are found in the set of extracted
values.

For example:

  (a,b,c) in (a,b) is false, but (a,b,c) intersects (a,b) is true.

The code that implements CO_INTERSECTS is in a different commit.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>

userspace/engine/lua/parser.lua

@@ -192,8 +192,7 @@ local G = {
 
   RelationalExpression =
      rel(terminal "FieldName", V"RelOp", V"Value") +
-     rel(terminal "FieldName", V"InOp", V"InList") +
+     rel(terminal "FieldName", V"SetOp", V"InList") +
-     rel(terminal "FieldName", V"PmatchOp", V"InList") +
      V"PrimaryExp";
 
   PrimaryExp = symb("(") * V"Filter" * symb(")");
@@ -214,8 +213,9 @@ local G = {
   Identifier = V"idStart" * V"idRest"^0;
   Macro = V"idStart" * V"idRest"^0 * -P".";
   Int = digit^1;
-  PathString = (alnum + S'.-_/*?')^1;
+  PathString = (alnum + S',.-_/*?')^1;
-  Index = V"Int" + V"PathString";
+  PortRangeString = (V"Int" + S":,")^1;
+  Index = V"PortRangeString" + V"Int" + V"PathString";
   FieldName = V"Identifier" * (P"." + V"Identifier")^1 * (P"[" * V"Index" * P"]")^-1;
   Name = C(V"Identifier") * -V"idRest";
   Hex = (P("0x") + P("0X")) * xdigit^1;
@@ -243,8 +243,9 @@ local G = {
           symb("glob") / "glob" +
           symb("startswith") / "startswith" +
           symb("endswith") / "endswith";
-  InOp = kw("in") / "in";
+  SetOp = kw("in") / "in" +
-  PmatchOp = kw("pmatch") / "pmatch";
+          kw("intersects") / "intersects" +
+          kw("pmatch") / "pmatch";
   UnaryBoolOp = kw("not") / "not";
   ExistsOp = kw("exists") / "exists";
 

userspace/engine/lua/rule_loader.lua

@@ -96,7 +96,9 @@ local function install_filter(node, filter_api_lib, lua_parser, parent_bool_op)
       filter_api_lib.unnest(lua_parser) -- io.write(")")
 
    elseif t == "BinaryRelOp" then
-      if (node.operator == "in" or node.operator == "pmatch") then
+      if (node.operator == "in" or
+          node.operator == "intersects" or
+	  node.operator == "pmatch") then
 	 elements = map(function (el) return el.value end, node.right.elements)
 	 filter_api_lib.rel_expr(lua_parser, node.left.value, node.operator, elements, node.index)
       else

userspace/engine/lua/sinsp_rule_utils.lua

@@ -36,7 +36,9 @@ function sinsp_rule_utils.check_for_ignored_syscalls_events(ast, filter_type, so
 	 (node.left.value == "evt.type" or
 	  node.left.value == "syscall.type") then
 
-	    if node.operator == "in" or node.operator == "pmatch" then
+	    if (node.operator == "in" or
+		node.operator == "intersects" or
+	        node.operator == "pmatch") then
 	       for i, v in ipairs(node.right.elements) do
 		  if v.type == "BareString" then
 		     if node.left.value == "evt.type" then
@@ -94,7 +96,9 @@ function sinsp_rule_utils.get_evttypes_syscalls(name, ast, source, warn_evttypes
 	    if found_not then
 	       found_event_after_not = true
 	    end
-	    if node.operator == "in" or node.operator == "pmatch" then
+	    if (node.operator == "in" or
+                node.operator == "intersects" or
+                node.operator == "pmatch") then
 	       for i, v in ipairs(node.right.elements) do
 		  if v.type == "BareString" then