From f00926b8afed8d69aae0e2ca1d1dd932adaf506a Mon Sep 17 00:00:00 2001 From: Gianmatteo Palmieri Date: Mon, 26 Feb 2024 14:12:43 +0100 Subject: [PATCH] new(engine): error on invalid macro/list name Signed-off-by: Gianmatteo Palmieri --- userspace/engine/rule_loader_reader.cpp | 16 ++++++++++++++++ userspace/engine/rule_loading_messages.h | 4 ++++ 2 files changed, 20 insertions(+) diff --git a/userspace/engine/rule_loader_reader.cpp b/userspace/engine/rule_loader_reader.cpp index 8cc66505..fff7a037 100644 --- a/userspace/engine/rule_loader_reader.cpp +++ b/userspace/engine/rule_loader_reader.cpp @@ -25,8 +25,16 @@ limitations under the License. #include "rule_loading_messages.h" #include +#include + #define THROW(cond, err, ctx) { if ((cond)) { throw rule_loader::rule_load_exception(falco::load_result::LOAD_ERR_YAML_VALIDATE, (err), (ctx)); } } +#define RGX_IDENTIFIER "([a-zA-Z]+[a-zA-Z0-9_]*)" +#define RGX_BARESTR "([^()\"'[:space:]=,]+)" + +static re2::RE2 s_rgx_identifier(RGX_IDENTIFIER, re2::RE2::POSIX); +static re2::RE2 s_rgx_barestr(RGX_BARESTR, re2::RE2::POSIX); + // Don't call this directly, call decode_val/decode_optional_val instead. template static void decode_val_generic(const YAML::Node& item, const char *key, T& out, const rule_loader::context& ctx, bool optional) @@ -442,6 +450,10 @@ void rule_loader::reader::read_item( decode_val(item, "list", name, tmp); rule_loader::context ctx(item, rule_loader::context::LIST, name, parent); + + bool invalid_name = !re2::RE2::FullMatch(name, s_rgx_barestr); + THROW(invalid_name, ERROR_INVALID_LIST_NAME RGX_BARESTR, ctx); + rule_loader::list_info v(ctx); bool append = false; @@ -482,6 +494,10 @@ void rule_loader::reader::read_item( decode_val(item, "macro", name, tmp); rule_loader::context ctx(item, rule_loader::context::MACRO, name, parent); + + bool invalid_name = !re2::RE2::FullMatch(name, s_rgx_identifier); + THROW(invalid_name, ERROR_INVALID_MACRO_NAME RGX_IDENTIFIER, ctx); + rule_loader::macro_info v(ctx); v.name = name; diff --git a/userspace/engine/rule_loading_messages.h b/userspace/engine/rule_loading_messages.h index 5962fb0a..c5980c41 100644 --- a/userspace/engine/rule_loading_messages.h +++ b/userspace/engine/rule_loading_messages.h @@ -21,3 +21,7 @@ #define ERROR_NO_PREVIOUS_RULE_APPEND "Rule uses 'append' or 'override.: append' but no rule by that name already exists" #define ERROR_NO_PREVIOUS_RULE_REPLACE "An 'override.: replace' to a rule was requested but no rule by that name already exists" + +#define ERROR_INVALID_MACRO_NAME "Macro has an invalid name. Macro names must match the Identifier regular expression: " + +#define ERROR_INVALID_LIST_NAME "List has an invalid name. List names must match the BareStr regular expression: "