Mar 26th 2023 Dev

core/include/services_sdk/interfaces/i_env_details.h

@@ -0,0 +1,32 @@
+// Copyright (C) 2022 Check Point Software Technologies Ltd. All rights reserved.
+
+// Licensed under the Apache License, Version 2.0 (the "License");
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef __I_ENV_DETAILS_H__
+#define __I_ENV_DETAILS_H__
+
+#include <string>
+#include <stdbool.h>
+
+enum class EnvType { LINUX, K8S, COUNT };
+
+class I_EnvDetails
+{
+public:
+    virtual EnvType getEnvType() = 0;
+    virtual std::string getToken() = 0;
+
+protected:
+    virtual ~I_EnvDetails() {}
+};
+
+#endif // __I_ENV_DETAILS_H__

core/include/services_sdk/resources/debug_flags.h

@@ -130,7 +130,7 @@ DEFINE_FLAG(D_COMPONENT, D_ALL)
     DEFINE_FLAG(D_SDWAN, D_COMPONENT)
         DEFINE_FLAG(D_SDWAN_POLICY, D_SDWAN)
         DEFINE_FLAG(D_SDWAN_DATA, D_SDWAN)
-        DEFINE_FLAG(D_SDWAN_LOGGER, D_SDWAN)
+        DEFINE_FLAG(D_LOGGER_SDWAN, D_SDWAN)
     DEFINE_FLAG(D_REVERSE_PROXY, D_COMPONENT)
         DEFINE_FLAG(D_PLATFORM, D_REVERSE_PROXY)
         DEFINE_FLAG(D_NGINX_MESSAGE_READER, D_REVERSE_PROXY)
@@ -148,11 +148,12 @@ DEFINE_FLAG(D_COMPONENT, D_ALL)
             DEFINE_FLAG(D_IOT_ENFORCE_ASSETS, D_IOT_ENFORCE)
         DEFINE_FLAG(D_IOT_DOCTOR, D_IOT_NEXT)
         DEFINE_FLAG(D_IOT_RISK, D_IOT_NEXT)
+            DEFINE_FLAG(D_IOT_INDICATOR_DATA, D_IOT_RISK)
+            DEFINE_FLAG(D_IOT_INDICATORS, D_IOT_RISK)
         DEFINE_FLAG(D_IOT_DISCOVERY, D_IOT_NEXT)
-            DEFINE_FLAG(D_IOT_DISCOVERY_UTILS, D_IOT_DISCOVERY)
-                DEFINE_FLAG(D_IOT_PROBE, D_IOT_DISCOVERY_UTILS)
-                DEFINE_FLAG(D_IOT_ASSETS_DATA, D_IOT_DISCOVERY_UTILS)
-                DEFINE_FLAG(D_IOT_INTEGRATIONS, D_IOT_DISCOVERY_UTILS)
+            DEFINE_FLAG(D_IOT_PROBE, D_IOT_DISCOVERY)
+            DEFINE_FLAG(D_IOT_ASSETS_DATA, D_IOT_DISCOVERY)
+            DEFINE_FLAG(D_IOT_INTEGRATIONS, D_IOT_DISCOVERY)
     DEFINE_FLAG(D_HTTP_EVENT_RECORD, D_COMPONENT)
     DEFINE_FLAG(D_GEO_DB, D_COMPONENT)
     DEFINE_FLAG(D_CPVIEW_METRIC_PROVIDER, D_COMPONENT)

core/include/services_sdk/resources/report/report_enums.h

@@ -57,6 +57,10 @@ enum class Tags {
     FILE_UPLOAD,
     IDENTITY_AWARENESS,
     RATE_LIMIT,
+    WEB_SERVER_NGINX,
+    WEB_SERVER_KONG,
+    DEPLOYMENT_EMBEDDED,
+    DEPLOYMENT_K8S,
 
     COUNT
 };

core/include/services_sdk/resources/tag_and_enum_management.h

@@ -43,7 +43,6 @@ public:
     static Maybe<ReportIS::Tags>        convertStringToTag(const std::string &tag);
 
 private:
-    static EnumArray<ReportIS::Tags, ReportIS::Tags> tags_hierarchy;
     static EnumArray<ReportIS::Tags, std::string> tags_translation_arr;
     static EnumArray<ReportIS::AudienceTeam, std::string>  audience_team_translation;
 };

core/message/http_decoder.cc

@@ -130,10 +130,10 @@ HTTPDecoder::handleBody()
     if (maybe_transfer_encoding.ok()) {
         auto transfer_encoding_type = maybe_transfer_encoding.unpack();
         if (transfer_encoding_type == "chunked") {
-            if (Singleton::exists<I_Environment>()) {
-                I_Environment *env = Singleton::Consume<I_Environment>::by<HTTPDecoder>();
-                auto is_k8s_env = env->get<bool>("k8s_env");
-                if (is_k8s_env.ok() && *is_k8s_env) {
+            if (Singleton::exists<I_EnvDetails>()) {
+                I_EnvDetails *env_details = Singleton::Consume<I_EnvDetails>::by<HTTPDecoder>();
+                EnvType env_type = env_details->getEnvType();
+                if (env_type == EnvType::K8S) {
                     dbgDebug(D_COMMUNICATION) << "Getting Chunked Response in a k8s env";
                     return getChunkedResponseK8s();
                 }

core/message/http_decoder.h

@@ -21,12 +21,12 @@
 #include "messaging/http_core.h"
 #include "i_message_decoder.h"
 #include "i_messaging.h"
-#include "i_environment.h"
+#include "i_env_details.h"
 
 class HTTPDecoder
         :
     public I_MessageDecoder <HTTPResponse>,
-    Singleton::Consume<I_Environment>
+    Singleton::Consume<I_EnvDetails>
 {
 public:
     HTTPDecoder(I_Messaging::Method _method);

core/report/tag_and_enum_management.cc

@@ -99,7 +99,11 @@ TagAndEnumManagement::convertStringToTag(const string &tag)
         {"Http Geo Filter", ReportIS::Tags::HTTP_GEO_FILTER},
         {"File Upload", ReportIS::Tags::FILE_UPLOAD},
         {"Identity Awareness", ReportIS::Tags::IDENTITY_AWARENESS},
-        {"Rate Limit", ReportIS::Tags::RATE_LIMIT}
+        {"Rate Limit", ReportIS::Tags::RATE_LIMIT},
+        {"NGINX Server", ReportIS::Tags::WEB_SERVER_NGINX},
+        {"Kong Server", ReportIS::Tags::WEB_SERVER_KONG},
+        {"Embedded Deployment", ReportIS::Tags::DEPLOYMENT_EMBEDDED},
+        {"Kubernetes Deployment", ReportIS::Tags::DEPLOYMENT_K8S}
     };
 
     auto report_is_tag = strings_to_tags.find(tag);
@@ -266,25 +270,6 @@ TagAndEnumManagement::convertToString(const IssuingEngine &issuing_engine)
 }
 
 
-EnumArray<Tags, Tags> TagAndEnumManagement::tags_hierarchy {
-    Tags::THREAT_PREVENTION,
-    Tags::THREAT_PREVENTION,
-    Tags::THREAT_PREVENTION,
-    Tags::NEW_CONNECTION,
-    Tags::POLICY_INSTALLATION,
-    Tags::ACCESS_CONTROL,
-    Tags::ACCESS_CONTROL,
-    Tags::ACCESS_CONTROL,
-    Tags::FW,
-    Tags::WAF,
-    Tags::IPS,
-    Tags::URLF,
-    Tags::INFORMATIONAL,
-    Tags::ORCHESTRATOR,
-    Tags::COMPLIANCE,
-    Tags::REVERSE_PROXY
-};
-
 EnumArray<Tags, string> TagAndEnumManagement::tags_translation_arr {
     "Threat Prevention",
     "Remote Code Execution",
@@ -311,7 +296,11 @@ EnumArray<Tags, string> TagAndEnumManagement::tags_translation_arr {
     "Http Geo Filter",
     "File Upload",
     "Identity Awareness",
-    "Rate Limit"
+    "Rate Limit",
+    "NGINX Server",
+    "Kong Server",
+    "Embedded Deployment",
+    "Kubernetes Deployment"
 };
 
 EnumArray<AudienceTeam, string> TagAndEnumManagement::audience_team_translation {

core/shm_pkt_queue/shared_string_wrapper.h

@@ -0,0 +1,46 @@
+// Copyright (C) 2022 Check Point Software Technologies Ltd. All rights reserved.
+
+// Licensed under the Apache License, Version 2.0 (the "License");
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef __SHARED_STRING_WRAPPER_H__
+#define __SHARED_STRING_WRAPPER_H__
+
+#include <boost/lockfree/spsc_queue.hpp>
+#include <boost/interprocess/managed_shared_memory.hpp>
+#include <boost/interprocess/allocators/allocator.hpp>
+#include <boost/interprocess/containers/string.hpp>
+
+using char_alloc = boost::interprocess::allocator<u_char, boost::interprocess::managed_shared_memory::segment_manager>;
+using shared_string = boost::interprocess::basic_string<u_char, std::char_traits<u_char>, char_alloc>;
+
+class SharedStringWrapper
+{
+public:
+    static void setAlloc(boost::interprocess::managed_shared_memory::segment_manager *_alloc) { alloc = _alloc; }
+
+    SharedStringWrapper() : str(alloc) {}
+
+    void reserve(size_t size) { str.reserve(size); }
+    void append(const u_char *data, size_t len) { str.append(data, len); }
+    size_t size() const { return str.size(); }
+    shared_string::iterator begin() { return str.begin(); }
+    shared_string::iterator end() { return str.end(); }
+    u_char * data() { return str.data(); }
+
+private:
+    static boost::interprocess::managed_shared_memory::segment_manager *alloc;
+    shared_string str;
+};
+
+using ring_buffer = boost::lockfree::spsc_queue<SharedStringWrapper, boost::lockfree::capacity<200>>;
+
+#endif // __SHARED_STRING_WRAPPER_H__

core/shm_pkt_queue/shm_pkt_queue.cc

@@ -16,42 +16,16 @@
 #include <iostream>
 #include <map>
 #include <sstream>
-#include <boost/lockfree/spsc_queue.hpp>
-#include <boost/interprocess/managed_shared_memory.hpp>
-#include <boost/interprocess/allocators/allocator.hpp>
-#include <boost/interprocess/containers/string.hpp>
 #include <sys/time.h>
 #include "common.h"
 
-static const int queue_size = 200;
+#include "shared_string_wrapper.h"
+
 const int shm_pkt_queue_bad_alloc = -2;
 namespace bip = boost::interprocess;
 
-using char_alloc = bip::allocator<u_char, bip::managed_shared_memory::segment_manager>;
-using shared_string = bip::basic_string<u_char, std::char_traits<u_char>, char_alloc>;
-
-class SharedStringWrapper
-{
-public:
-    static void setAlloc(bip::managed_shared_memory::segment_manager *_alloc) { alloc = _alloc; }
-
-    SharedStringWrapper() : str(alloc) {}
-
-    void reserve(size_t size) { str.reserve(size); }
-    void append(const u_char *data, size_t len) { str.append(data, len); }
-    size_t size() const { return str.size(); }
-    shared_string::iterator begin() { return str.begin(); }
-    shared_string::iterator end() { return str.end(); }
-
-private:
-    static bip::managed_shared_memory::segment_manager *alloc;
-    shared_string str;
-};
-
 bip::managed_shared_memory::segment_manager *SharedStringWrapper::alloc = nullptr;
 
-using ring_buffer = boost::lockfree::spsc_queue<SharedStringWrapper, boost::lockfree::capacity<queue_size>>;
-
 class Impl
 {
 public:

core/shm_pkt_queue/shm_pkt_queue_ut/shm_pkt_queue_ut.cc

@@ -1,22 +1,25 @@
+// Copyright (C) 2022 Check Point Software Technologies Ltd. All rights reserved.
+
+// Licensed under the Apache License, Version 2.0 (the "License");
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 #include "shmpktqueue.h"
 #include <string>
 #include <sstream>
 
-#include <boost/lockfree/spsc_queue.hpp>
-#include <boost/interprocess/managed_shared_memory.hpp>
-#include <boost/interprocess/allocators/allocator.hpp>
-#include <boost/interprocess/containers/string.hpp>
-
 #include "cptest.h"
 #include "maybe_res.h"
+#include "../shared_string_wrapper.h"
 
 namespace bip = boost::interprocess;
-
-static const int queue_size = 200;
-using char_alloc = bip::allocator<u_char, bip::managed_shared_memory::segment_manager>;
-using shared_string = bip::basic_string<u_char, std::char_traits<u_char>, char_alloc>;
-using ring_buffer = boost::lockfree::spsc_queue<shared_string, boost::lockfree::capacity<queue_size>>;
-
 using namespace std;
 
 static const int segment_name_len = 128;
@@ -103,8 +106,7 @@ class ShmPktQueueTest : public ::testing::Test {
         pop_packet_via_boost()
         {
             ring_buffer *queue = segment->find_or_construct<ring_buffer>(queue_name)();
-            char_alloc char_alloc(segment->get_segment_manager());
-            shared_string node_content(char_alloc);
+            SharedStringWrapper node_content;
             PacketInfo packet_pop_by_boost;
 
             if (queue->pop(node_content)) {