[CWS] simplify a bit the model accessors (#32579)

Author: safchain

pkg/security/events/token_limiter.go

@@ -36,7 +36,7 @@ func (tkl *TokenLimiter) genGetTokenFnc(fields []eval.Field) error {
 	event := m.NewEvent()
 
 	for _, field := range fields {
-		if _, err := event.GetFieldType(field); err != nil {
+		if _, _, err := event.GetFieldMetadata(field); err != nil {
 			return err
 		}
 	}

pkg/security/probe/discarders_linux.go

@@ -237,7 +237,7 @@ func (id *inodeDiscarders) getParentDiscarderFnc(rs *rules.RuleSet, eventType mo
 		return nil, nil
 	}
 
-	if _, err := id.discarderEvent.GetFieldType(field); err != nil {
+	if _, _, err := id.discarderEvent.GetFieldMetadata(field); err != nil {
 		return nil, err
 	}
 
@@ -246,7 +246,7 @@ func (id *inodeDiscarders) getParentDiscarderFnc(rs *rules.RuleSet, eventType mo
 	}
 
 	basenameField := strings.Replace(field, model.PathSuffix, model.NameSuffix, 1)
-	if _, err := id.discarderEvent.GetFieldType(basenameField); err != nil {
+	if _, _, err := id.discarderEvent.GetFieldMetadata(basenameField); err != nil {
 		return nil, err
 	}
 

pkg/security/rules/filtermodel/os_only_filter.go

@@ -62,24 +62,19 @@ func (e *OSOnlyFilterEvent) GetFieldValue(field eval.Field) (interface{}, error)
 // Init inits the rule filter event
 func (e *OSOnlyFilterEvent) Init() {}
 
-// GetFieldEventType returns the event type for the given field
-func (e *OSOnlyFilterEvent) GetFieldEventType(_ eval.Field) (string, error) {
-	return "*", nil
-}
-
 // SetFieldValue sets the value for the given field
 func (e *OSOnlyFilterEvent) SetFieldValue(field eval.Field, _ interface{}) error {
 	return &eval.ErrFieldNotFound{Field: field}
 }
 
-// GetFieldType get the type of the field
-func (e *OSOnlyFilterEvent) GetFieldType(field eval.Field) (reflect.Kind, error) {
+// GetFieldMetadata get the type of the field
+func (e *OSOnlyFilterEvent) GetFieldMetadata(field eval.Field) (eval.EventType, reflect.Kind, error) {
 	switch field {
 	case "os":
-		return reflect.String, nil
+		return "*", reflect.String, nil
 	}
 
-	return reflect.Invalid, &eval.ErrFieldNotFound{Field: field}
+	return "", reflect.Invalid, &eval.ErrFieldNotFound{Field: field}
 }
 
 // GetType returns the type for this event

pkg/security/rules/filtermodel/rule_filters_model.go

@@ -16,30 +16,25 @@ import (
 // Init inits the rule filter event
 func (e *RuleFilterEvent) Init() {}
 
-// GetFieldEventType returns the event type for the given field
-func (e *RuleFilterEvent) GetFieldEventType(_ eval.Field) (string, error) {
-	return "*", nil
-}
-
 // SetFieldValue sets the value for the given field
 func (e *RuleFilterEvent) SetFieldValue(field eval.Field, _ interface{}) error {
 	return &eval.ErrFieldNotFound{Field: field}
 }
 
-// GetFieldType get the type of the field
-func (e *RuleFilterEvent) GetFieldType(field eval.Field) (reflect.Kind, error) {
+// GetFieldMetadata get the type of the field
+func (e *RuleFilterEvent) GetFieldMetadata(field eval.Field) (eval.Field, reflect.Kind, error) {
 	switch field {
 	case "kernel.version.major", "kernel.version.minor", "kernel.version.patch", "kernel.version.abi":
-		return reflect.Int, nil
+		return "*", reflect.Int, nil
 	case "kernel.version.flavor",
 		"os", "os.id", "os.platform_id", "os.version_id", "envs", "origin", "hostname":
-		return reflect.String, nil
+		return "*", reflect.String, nil
 	case "os.is_amazon_linux", "os.is_cos", "os.is_debian", "os.is_oracle", "os.is_rhel", "os.is_rhel7",
 		"os.is_rhel8", "os.is_sles", "os.is_sles12", "os.is_sles15", "kernel.core.enabled":
-		return reflect.Bool, nil
+		return "*", reflect.Bool, nil
 	}
 
-	return reflect.Invalid, &eval.ErrFieldNotFound{Field: field}
+	return "", reflect.Invalid, &eval.ErrFieldNotFound{Field: field}
 }
 
 // GetType returns the type for this event

pkg/security/secl/compiler/eval/event.go

@@ -19,14 +19,12 @@ type Event interface {
 	Init()
 	// GetType returns the Type of the Event
 	GetType() EventType
-	// GetFieldEventType returns the Event Type for the given Field
-	GetFieldEventType(field Field) (EventType, error)
+	// GetFieldEventType returns the Event Field Metadata for the given Field
+	GetFieldMetadata(field Field) (EventType, reflect.Kind, error)
 	// SetFieldValue sets the value of the given Field
 	SetFieldValue(field Field, value interface{}) error
 	// GetFieldValue returns the value of the given Field
 	GetFieldValue(field Field) (interface{}, error)
-	// GetFieldType returns the Type of the Field
-	GetFieldType(field Field) (reflect.Kind, error)
 	// GetTags returns a list of tags
 	GetTags() []string
 }
@@ -35,7 +33,7 @@ func eventTypeFromFields(model Model, state *State) (EventType, error) {
 	var eventType EventType
 
 	for field := range state.fieldValues {
-		evt, err := model.NewEvent().GetFieldEventType(field)
+		evt, _, err := model.NewEvent().GetFieldMetadata(field)
 		if err != nil {
 			return "", err
 		}

pkg/security/secl/compiler/eval/model_test.go

@@ -650,116 +650,116 @@ func (e *testEvent) GetFieldValue(field Field) (interface{}, error) {
 	return nil, &ErrFieldNotFound{Field: field}
 }
 
-func (e *testEvent) GetFieldEventType(field Field) (string, error) {
+func (e *testEvent) GetFieldMetadata(field Field) (string, reflect.Kind, error) {
 	switch field {
 
 	case "network.ip":
 
-		return "network", nil
+		return "network", reflect.Struct, nil
 
 	case "network.ips":
 
-		return "network", nil
+		return "network", reflect.Array, nil
 
 	case "network.cidr":
 
-		return "network", nil
+		return "network", reflect.Struct, nil
 
 	case "network.cidrs":
 
-		return "network", nil
+		return "network", reflect.Array, nil
 
 	case "process.name":
 
-		return "", nil
+		return "", reflect.String, nil
 
 	case "process.argv0":
 
-		return "", nil
+		return "", reflect.String, nil
 
 	case "process.uid":
 
-		return "", nil
+		return "", reflect.Int, nil
 
 	case "process.gid":
 
-		return "", nil
+		return "", reflect.Int, nil
 
 	case "process.pid":
 
-		return "", nil
+		return "", reflect.Int, nil
 
 	case "process.is_root":
 
-		return "", nil
+		return "", reflect.Bool, nil
 
 	case "process.list.key":
 
-		return "", nil
+		return "", reflect.Int, nil
 
 	case "process.list.value":
 
-		return "", nil
+		return "", reflect.String, nil
 
 	case "process.list.flag":
 
-		return "", nil
+		return "", reflect.Bool, nil
 
 	case "process.array.key":
 
-		return "", nil
+		return "", reflect.Int, nil
 
 	case "process.array.value":
 
-		return "", nil
+		return "", reflect.String, nil
 
 	case "process.array.flag":
 
-		return "", nil
+		return "", reflect.Bool, nil
 
 	case "process.created_at":
 
-		return "", nil
+		return "", reflect.Int, nil
 
 	case "process.or_name":
 
-		return "", nil
+		return "", reflect.String, nil
 
 	case "process.or_array.value":
 
-		return "", nil
+		return "", reflect.String, nil
 
 	case "open.filename":
 
-		return "open", nil
+		return "open", reflect.String, nil
 
 	case "retval":
 
-		return "", nil
+		return "", reflect.Int, nil
 
 	case "open.flags":
 
-		return "open", nil
+		return "open", reflect.Int, nil
 
 	case "open.mode":
 
-		return "open", nil
+		return "open", reflect.Int, nil
 
 	case "open.opened_at":
 
-		return "open", nil
+		return "open", reflect.Int, nil
 
 	case "mkdir.filename":
 
-		return "mkdir", nil
+		return "mkdir", reflect.String, nil
 
 	case "mkdir.mode":
 
-		return "mkdir", nil
+		return "mkdir", reflect.Int, nil
 
 	}
 
-	return "", &ErrFieldNotFound{Field: field}
+	return "", reflect.Invalid, &ErrFieldNotFound{Field: field}
 }
 
 func (e *testEvent) SetFieldValue(field Field, value interface{}) error {
@@ -859,96 +859,6 @@ func (e *testEvent) SetFieldValue(field Field, value interface{}) error {
 	return &ErrFieldNotFound{Field: field}
 }
 
-func (e *testEvent) GetFieldType(field Field) (reflect.Kind, error) {
-	switch field {
-
-	case "network.ip":
-
-		return reflect.Struct, nil
-
-	case "network.ips":
-
-		return reflect.Array, nil
-
-	case "network.cidr":
-
-		return reflect.Struct, nil
-
-	case "network.cidrs":
-
-		return reflect.Array, nil
-
-	case "process.name":
-
-		return reflect.String, nil
-
-	case "process.argv0":
-
-		return reflect.String, nil
-
-	case "process.uid":
-
-		return reflect.Int, nil
-
-	case "process.gid":
-
-		return reflect.Int, nil
-
-	case "process.pid":
-
-		return reflect.Int, nil
-
-	case "process.is_root":
-
-		return reflect.Bool, nil
-
-	case "process.list.key":
-		return reflect.Int, nil
-
-	case "process.list.value":
-		return reflect.Int, nil
-
-	case "process.list.flag":
-		return reflect.Bool, nil
-
-	case "process.array.key":
-		return reflect.Int, nil
-
-	case "process.array.value":
-		return reflect.String, nil
-
-	case "process.array.flag":
-		return reflect.Bool, nil
-
-	case "open.filename":
-
-		return reflect.String, nil
-
-	case "retval":
-
-		return reflect.Int, nil
-
-	case "open.flags":
-
-		return reflect.Int, nil
-
-	case "open.mode":
-
-		return reflect.Int, nil
-
-	case "mkdir.filename":
-
-		return reflect.String, nil
-
-	case "mkdir.mode":
-
-		return reflect.Int, nil
-
-	}
-
-	return reflect.Invalid, &ErrFieldNotFound{Field: field}
-}
-
 var testConstants = map[string]interface{}{
 	// boolean
 	"true":  &BoolEvaluator{Value: true},

pkg/security/secl/compiler/generators/accessors/accessors.go

@@ -990,6 +990,20 @@ func getFieldRestrictions(field *common.StructField) string {
 	return fmt.Sprintf(`[]eval.EventType{"%s"}`, strings.Join(field.RestrictedTo, `", "`))
 }
 
+func getFieldReflectType(field *common.StructField) string {
+	switch field.ReturnType {
+	case "string":
+		return "reflect.String"
+	case "int":
+		return "reflect.Int"
+	case "bool":
+		return "reflect.Bool"
+	case "net.IPNet":
+		return "reflect.Struct"
+	}
+	return ""
+}
+
 var funcMap = map[string]interface{}{
 	"TrimPrefix":               strings.TrimPrefix,
 	"TrimSuffix":               strings.TrimSuffix,
@@ -1005,6 +1019,7 @@ var funcMap = map[string]interface{}{
 	"NeedScrubbed":             needScrubbed,
 	"AddSuffixToFuncPrototype": addSuffixToFuncPrototype,
 	"GetFieldRestrictions":     getFieldRestrictions,
+	"GetFieldReflectType":      getFieldReflectType,
 }
 
 //go:embed accessors.tmpl