Aug_23_2023-Dev

2025-09-29 11:16:30 +03:00 · 2023-08-23 14:15:32 +00:00
parent 702c1184ea
commit b25fd8def5
115 changed files with 8292 additions and 1189 deletions
--- a/components/include/generic_rulebase/triggers_config.h
+++ b/components/include/generic_rulebase/triggers_config.h
@@ -11,52 +11,108 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.

+/// \file triggers_config.h
+/// \brief Declaration of classes WebTriggerConf and LogTriggerConf, and related functions.
+/// \author Check Point Software Technologies Ltd.
+/// \date 2022
+
 #ifndef __TRIGGERS_CONFIG_H__
 #define __TRIGGERS_CONFIG_H__

-#include <vector>
 #include <string>
+#include <vector>

-#include "environment/evaluator_templates.h"
+#include "cereal/archives/json.hpp"
 #include "cereal/types/string.hpp"
 #include "cereal/types/vector.hpp"
-#include "cereal/archives/json.hpp"
+#include "config.h"
+#include "environment/evaluator_templates.h"
+#include "generic_rulebase_utils.h"
 #include "i_environment.h"
 #include "i_logging.h"
-#include "singleton.h"
-#include "maybe_res.h"
-#include "config.h"
 #include "log_generator.h"
-#include "generic_rulebase_utils.h"
+#include "maybe_res.h"
+#include "singleton.h"

+/// \class WebTriggerConf
+/// \brief Represents the configuration for a web trigger.
 class WebTriggerConf
 {
 public:
+    /// \brief Default constructor for WebTriggerConf.
    WebTriggerConf();
+
+    /// \brief Constructor for WebTriggerConf.
+    /// \param title The title of the trigger.
+    /// \param body The body of the trigger.
+    /// \param code The response code for the trigger.
    WebTriggerConf(const std::string &title, const std::string &body, uint code);

+    /// \brief Preload function to register expected configuration.
    static void
    preload()
    {
        registerExpectedConfiguration<WebTriggerConf>("rulebase", "webUserResponse");
    }

+    /// \brief Load function to deserialize configuration from JSONInputArchive.
+    /// \param archive_in The JSON input archive.
    void load(cereal::JSONInputArchive &archive_in);

+    /// \brief Equality operator for WebTriggerConf.
+    /// \param other The WebTriggerConf to compare.
+    /// \return True if the two WebTriggerConf objects are equal, otherwise false.
    bool operator==(const WebTriggerConf &other) const;

-    uint getResponseCode() const { return response_code; }
+    /// \brief Get the response code for the trigger.
+    /// \return The response code.
+    uint
+    getResponseCode() const
+    {
+        return response_code;
+    }

-    const std::string & getResponseTitle() const { return response_title; }
+    /// \brief Get the response title for the trigger.
+    /// \return The response title.
+    const std::string &
+    getResponseTitle() const
+    {
+        return response_title;
+    }

-    const std::string & getResponseBody() const { return response_body; }
+    /// \brief Get the response body for the trigger.
+    /// \return The response body.
+    const std::string &
+    getResponseBody() const
+    {
+        return response_body;
+    }

-    const std::string & getDetailsLevel() const { return details_level; }
+    /// \brief Get the details level for the trigger.
+    /// \return The details level.
+    const std::string &
+    getDetailsLevel() const
+    {
+        return details_level;
+    }

-    const std::string & getRedirectURL() const { return redirect_url; }
+    /// \brief Get the redirect URL for the trigger.
+    /// \return The redirect URL.
+    const std::string &
+    getRedirectURL() const
+    {
+        return redirect_url;
+    }

-    bool getAddEventId() const { return add_event_id_to_header; }
+    /// \brief Check if the trigger should add an event ID to the header.
+    /// \return True if the trigger should add an event ID, otherwise false.
+    bool
+    getAddEventId() const
+    {
+        return add_event_id_to_header;
+    }

+    /// \brief Default trigger configuration for WebTriggerConf.
    static WebTriggerConf default_trigger_conf;

 private:
@@ -64,17 +120,38 @@ private:
    std::string details_level;
    std::string response_body;
    std::string redirect_url;
-    uint        response_code;
-    bool        add_event_id_to_header = false;
+    uint response_code;
+    bool add_event_id_to_header = false;
 };

+/// \class LogTriggerConf
+/// \brief Represents the configuration for a log trigger.
 class LogTriggerConf : Singleton::Consume<I_Logging>
 {
 public:
-    enum class SecurityType { AccessControl, ThreatPrevention, Compliance, COUNT };
-    enum class extendLoggingSeverity { None, High, Critical };
+    /// \enum SecurityType
+    /// \brief Enumerates the security types for LogTriggerConf.
+    enum class SecurityType
+    {
+        AccessControl,
+        ThreatPrevention,
+        Compliance,
+        COUNT
+    };

-    enum class WebLogFields {
+    /// \enum extendLoggingSeverity
+    /// \brief Enumerates the extended logging severity for LogTriggerConf.
+    enum class extendLoggingSeverity
+    {
+        None,
+        High,
+        Critical
+    };
+
+    /// \enum WebLogFields
+    /// \brief Enumerates the web log fields for LogTriggerConf.
+    enum class WebLogFields
+    {
        webBody,
        webHeaders,
        webRequests,
@@ -85,17 +162,31 @@ public:
        COUNT
    };

+    /// \brief Default constructor for LogTriggerConf.
    LogTriggerConf() {}

+    /// \brief Constructor for LogTriggerConf.
+    /// \param trigger_name The name of the trigger.
+    /// \param log_detect Flag indicating whether to log on detect.
+    /// \param log_prevent Flag indicating whether to log on prevent.
    LogTriggerConf(std::string trigger_name, bool log_detect, bool log_prevent);

+    /// \brief Preload function to register expected configuration.
    static void
    preload()
    {
        registerExpectedConfiguration<LogTriggerConf>("rulebase", "log");
    }

-    template <typename ...Tags>
+    /// \brief LogGen operator for LogTriggerConf.
+    /// \param title The title of the log.
+    /// \param security The security type of the log.
+    /// \param severity The severity of the log.
+    /// \param priority The priority of the log.
+    /// \param is_action_drop_or_prevent Flag indicating if the action is drop or prevent.
+    /// \param tags Tags for the log.
+    /// \return The LogGen object.
+    template <typename... Tags>
    LogGen
    operator()(
        const std::string &title,
@@ -103,7 +194,8 @@ public:
        ReportIS::Severity severity,
        ReportIS::Priority priority,
        bool is_action_drop_or_prevent,
-        Tags ...tags) const
+        Tags... tags
+    ) const
    {
        return LogGen(
            title,
@@ -117,11 +209,17 @@ public:
        );
    }

-    template <typename ...Tags>
+    /// \brief LogGen operator for LogTriggerConf.
+    /// \param title The title of the log.
+    /// \param security The security type of the log.
+    /// \param is_action_drop_or_prevent Flag indicating if the action is drop or prevent.
+    /// \param tags Tags for the log.
+    /// \return The LogGen object.
+    template <typename... Tags>
    LogGen
-    operator()(const std::string &title, SecurityType security, bool is_action_drop_or_prevent, Tags ...tags) const
+    operator()(const std::string &title, SecurityType security, bool is_action_drop_or_prevent, Tags... tags) const
    {
-        return (*this)(
+        return operator()(
            title,
            security,
            getSeverity(is_action_drop_or_prevent),
@@ -131,30 +229,98 @@ public:
        );
    }

+    /// \brief Load function to deserialize configuration from JSONInputArchive.
+    /// \param archive_in The JSON input archive.
    void load(cereal::JSONInputArchive &archive_in);

-    bool isWebLogFieldActive(WebLogFields log_field) const { return log_web_fields.isSet(log_field); }
+    /// \brief Check if the web log field is active for the trigger.
+    /// \param log_field The web log field to check.
+    /// \return True if the web log field is active, otherwise false.
+    bool
+    isWebLogFieldActive(WebLogFields log_field) const
+    {
+        return log_web_fields.isSet(log_field);
+    }

-    bool isLogStreamActive(ReportIS::StreamType stream_type) const { return active_streams.isSet(stream_type); }
+    /// \brief Check if the log stream is active for the trigger.
+    /// \param stream_type The log stream type to check.
+    /// \return True if the log stream is active, otherwise false.
+    bool
+    isLogStreamActive(ReportIS::StreamType stream_type) const
+    {
+        return active_streams.isSet(stream_type);
+    }

-    bool isPreventLogActive(SecurityType security_type) const { return should_log_on_prevent.isSet(security_type); }
+    /// \brief Check if the log is active on prevent for the given security type.
+    /// \param security_type The security type to check.
+    /// \return True if the log is active on prevent, otherwise false.
+    bool
+    isPreventLogActive(SecurityType security_type) const
+    {
+        return should_log_on_prevent.isSet(security_type);
+    }

-    bool isDetectLogActive(SecurityType security_type) const { return should_log_on_detect.isSet(security_type); }
+    /// \brief Check if the log is active on detect for the given security type.
+    /// \param security_type The security type to check.
+    /// \return True if the log is active on detect, otherwise false.
+    bool
+    isDetectLogActive(SecurityType security_type) const
+    {
+        return should_log_on_detect.isSet(security_type);
+    }

-    bool isLogGeoLocationActive(SecurityType security_type) const { return log_geo_location.isSet(security_type); }
+    /// \brief Check if the geo-location log is active for the given security type.
+    /// \param security_type The security type to check.
+    /// \return True if the geo-location log is active, otherwise false.
+    bool
+    isLogGeoLocationActive(SecurityType security_type) const
+    {
+        return log_geo_location.isSet(security_type);
+    }

-    extendLoggingSeverity getExtendLoggingSeverity() const { return extend_logging_severity; }
+    /// \brief Get the extended logging severity.
+    /// \return The extended logging severity.
+    extendLoggingSeverity
+    getExtendLoggingSeverity() const
+    {
+        return extend_logging_severity;
+    }

-    const std::string & getVerbosity() const { return verbosity; }
-    const std::string & getName() const { return name; }
+    /// \brief Get the verbosity.
+    /// \return The verbosity.
+    const std::string &
+    getVerbosity() const
+    {
+        return verbosity;
+    }

-    const std::string & getUrlForSyslog() const { return url_for_syslog; }
-    const std::string & getUrlForCef() const { return url_for_cef; }
+    /// \brief Get the name.
+    /// \return The name.
+    const std::string &
+    getName() const
+    {
+        return name;
+    }
+
+    /// \brief Get the URL for syslog.
+    /// \return The URL for syslog.
+    const std::string &
+    getUrlForSyslog() const
+    {
+        return url_for_syslog;
+    }
+
+    /// \brief Get the URL for CEF.
+    /// \return The URL for CEF.
+    const std::string &
+    getUrlForCef() const
+    {
+        return url_for_cef;
+    }

 private:
    ReportIS::Severity getSeverity(bool is_action_drop_or_prevent) const;
    ReportIS::Priority getPriority(bool is_action_drop_or_prevent) const;
-
    Flags<ReportIS::StreamType> getStreams(SecurityType security_type, bool is_action_drop_or_prevent) const;
    Flags<ReportIS::Enreachments> getEnrechments(SecurityType security_type) const;