diff --git a/attachments/nginx/nginx_attachment_util/nginx_attachment_util_ut/nginx_attachment_util_ut.cc b/attachments/nginx/nginx_attachment_util/nginx_attachment_util_ut/nginx_attachment_util_ut.cc index 7fafff6..6eca8a6 100644 --- a/attachments/nginx/nginx_attachment_util/nginx_attachment_util_ut/nginx_attachment_util_ut.cc +++ b/attachments/nginx/nginx_attachment_util/nginx_attachment_util_ut/nginx_attachment_util_ut.cc @@ -73,27 +73,27 @@ TEST_F(HttpAttachmentUtilTest, GetValidAttachmentConfiguration) valid_configuration_file.close(); EXPECT_EQ(initAttachmentConfig(attachment_configuration_file_name.c_str()), 1); - EXPECT_EQ(getDbgLevel(), 2); + EXPECT_EQ(getDbgLevel(), 2u); EXPECT_EQ(getStaticResourcesPath(), static_resources_path); EXPECT_EQ(isFailOpenMode(), 0); - EXPECT_EQ(getFailOpenTimeout(), 1234); + EXPECT_EQ(getFailOpenTimeout(), 1234u); EXPECT_EQ(isFailOpenHoldMode(), 1); - EXPECT_EQ(getFailOpenHoldTimeout(), 4321); + EXPECT_EQ(getFailOpenHoldTimeout(), 4321u); EXPECT_EQ(isFailOpenOnSessionLimit(), 1); - EXPECT_EQ(getMaxSessionsPerMinute(), 0); - EXPECT_EQ(getNumOfNginxIpcElements(), 200); - EXPECT_EQ(getKeepAliveIntervalMsec(), 10000); - EXPECT_EQ(getResProccessingTimeout(), 420); - EXPECT_EQ(getReqProccessingTimeout(), 42); - EXPECT_EQ(getRegistrationThreadTimeout(), 101); - EXPECT_EQ(getReqHeaderThreadTimeout(), 10); - EXPECT_EQ(getReqBodyThreadTimeout(), 155); - EXPECT_EQ(getResHeaderThreadTimeout(), 1); - EXPECT_EQ(getResBodyThreadTimeout(), 0); - EXPECT_EQ(getMinRetriesForVerdict(), 1); - EXPECT_EQ(getMaxRetriesForVerdict(), 3); - EXPECT_EQ(getReqBodySizeTrigger(), 777); - EXPECT_EQ(getWaitingForVerdictThreadTimeout(), 75); + EXPECT_EQ(getMaxSessionsPerMinute(), 0u); + EXPECT_EQ(getNumOfNginxIpcElements(), 200u); + EXPECT_EQ(getKeepAliveIntervalMsec(), 10000u); + EXPECT_EQ(getResProccessingTimeout(), 420u); + EXPECT_EQ(getReqProccessingTimeout(), 42u); + EXPECT_EQ(getRegistrationThreadTimeout(), 101u); + EXPECT_EQ(getReqHeaderThreadTimeout(), 10u); + EXPECT_EQ(getReqBodyThreadTimeout(), 155u); + EXPECT_EQ(getResHeaderThreadTimeout(), 1u); + EXPECT_EQ(getResBodyThreadTimeout(), 0u); + EXPECT_EQ(getMinRetriesForVerdict(), 1u); + EXPECT_EQ(getMaxRetriesForVerdict(), 3u); + EXPECT_EQ(getReqBodySizeTrigger(), 777u); + EXPECT_EQ(getWaitingForVerdictThreadTimeout(), 75u); EXPECT_EQ(getInspectionMode(), ngx_http_inspection_mode::BLOCKING_THREAD); EXPECT_EQ(isDebugContext("1.2.3.4", "5.6.7.8", 80, "GET", "test", "/abc"), 1); diff --git a/components/security_apps/ips/ips_entry.cc b/components/security_apps/ips/ips_entry.cc index 66345b2..ce6a7fb 100644 --- a/components/security_apps/ips/ips_entry.cc +++ b/components/security_apps/ips/ips_entry.cc @@ -26,6 +26,8 @@ static const map default_conf_mapping = { }; static const IPSConfiguration default_conf(default_conf_mapping); +static const IPSSignatures default_ips_sigs; +static const SnortSignatures default_snort_sigs; IPSEntry::IPSEntry() : TableOpaqueSerialize(this) {} @@ -51,9 +53,9 @@ IPSEntry::respond(const ParsedContext &parsed) ctx.registerValue(name, buf); ctx.activate(); - auto &signatures = getConfigurationWithDefault(IPSSignatures(), "IPS", "IpsProtections"); + auto &signatures = getConfigurationWithDefault(default_ips_sigs, "IPS", "IpsProtections"); bool should_drop = signatures.isMatchedPrevent(parsed.getName(), buf); - auto &snort_signatures = getConfigurationWithDefault(SnortSignatures(), "IPSSnortSigs", "SnortProtections"); + auto &snort_signatures = getConfigurationWithDefault(default_snort_sigs, "IPSSnortSigs", "SnortProtections"); should_drop |= snort_signatures.isMatchedPrevent(parsed.getName(), buf); ctx.deactivate(); diff --git a/components/security_apps/ips/ips_ut/configuration.cc b/components/security_apps/ips/ips_ut/configuration.cc index c831742..8255924 100644 --- a/components/security_apps/ips/ips_ut/configuration.cc +++ b/components/security_apps/ips/ips_ut/configuration.cc @@ -7,7 +7,7 @@ TEST(configuration, basic_context) IPSConfiguration::Context ctx1(IPSConfiguration::ContextType::HISTORY, 254); EXPECT_EQ(ctx1.getType(), IPSConfiguration::ContextType::HISTORY); - EXPECT_EQ(ctx1.getHistorySize(), 254); + EXPECT_EQ(ctx1.getHistorySize(), 254u); IPSConfiguration::Context ctx2(IPSConfiguration::ContextType::NORMAL, 0); EXPECT_EQ(ctx2.getType(), IPSConfiguration::ContextType::NORMAL); @@ -42,7 +42,7 @@ TEST(configuration, read_configuration) auto body = conf.getContext("HTTP_REQUEST_BODY"); EXPECT_EQ(body.getType(), IPSConfiguration::ContextType::HISTORY); - EXPECT_EQ(conf.getHistorySize("HTTP_REQUEST_BODY"), 100); + EXPECT_EQ(conf.getHistorySize("HTTP_REQUEST_BODY"), 100u); auto header = conf.getContext("HTTP_REQUEST_HEADER"); EXPECT_EQ(header.getType(), IPSConfiguration::ContextType::KEEP); diff --git a/components/security_apps/ips/ips_ut/entry_ut.cc b/components/security_apps/ips/ips_ut/entry_ut.cc index b12722c..f25691f 100644 --- a/components/security_apps/ips/ips_ut/entry_ut.cc +++ b/components/security_apps/ips/ips_ut/entry_ut.cc @@ -137,8 +137,8 @@ private: TEST_F(EntryTest, basic_inherited_functions) { EXPECT_EQ(IPSEntry::name(), "IPS"); - EXPECT_EQ(IPSEntry::currVer(), 0); - EXPECT_EQ(IPSEntry::minVer(), 0); + EXPECT_EQ(IPSEntry::currVer(), 0u); + EXPECT_EQ(IPSEntry::minVer(), 0u); EXPECT_NE(IPSEntry::prototype(), nullptr); EXPECT_EQ(entry.getListenerName(), IPSEntry::name()); diff --git a/components/security_apps/ips/ips_ut/resource_ut.cc b/components/security_apps/ips/ips_ut/resource_ut.cc index 967e917..60b380b 100644 --- a/components/security_apps/ips/ips_ut/resource_ut.cc +++ b/components/security_apps/ips/ips_ut/resource_ut.cc @@ -71,7 +71,7 @@ TEST(resources, basic_resource) Singleton::Consume::from(conf)->loadConfiguration(resource); auto loaded_resources = getSettingWithDefault(IPSSignaturesResource(), "IPS", "protections"); - EXPECT_EQ(loaded_resources.getSignatures().size(), 2); + EXPECT_EQ(loaded_resources.getSignatures().size(), 2u); auto version = getSettingWithDefault("", "IPS", "VersionId"); EXPECT_EQ(version, "1234567"); } diff --git a/components/security_apps/layer_7_access_control/layer_7_access_control_ut/layer_7_access_control_ut.cc b/components/security_apps/layer_7_access_control/layer_7_access_control_ut/layer_7_access_control_ut.cc index 4e5ddbb..eee99a0 100644 --- a/components/security_apps/layer_7_access_control/layer_7_access_control_ut/layer_7_access_control_ut.cc +++ b/components/security_apps/layer_7_access_control/layer_7_access_control_ut/layer_7_access_control_ut.cc @@ -247,7 +247,9 @@ Layer7AccessControlTest::verifyReport( string log = reportToStr(report); dbgTrace(D_L7_ACCESS_CONTROL) << "Report: " << log; - if (!source_identifier.empty()) EXPECT_THAT(log, HasSubstr("\"httpSourceId\": \"" + source_identifier + "\"")); + if (!source_identifier.empty()) { + EXPECT_THAT(log, HasSubstr("\"httpSourceId\": \"" + source_identifier + "\"")); + } EXPECT_THAT(log, HasSubstr("\"securityAction\": \"" + security_action + "\"")); EXPECT_THAT(log, HasSubstr("\"eventName\": \"Access Control External Vendor Reputation\"")); EXPECT_THAT(log, HasSubstr("\"httpHostName\": \"juice-shop.checkpoint.com\"")); diff --git a/components/security_apps/local_policy_mgmt_gen/appsec_practice_section.cc b/components/security_apps/local_policy_mgmt_gen/appsec_practice_section.cc index 2a24378..2d7adcd 100755 --- a/components/security_apps/local_policy_mgmt_gen/appsec_practice_section.cc +++ b/components/security_apps/local_policy_mgmt_gen/appsec_practice_section.cc @@ -404,6 +404,7 @@ AppsecPracticeAntiBotSection::save(cereal::JSONOutputArchive &out_ar) const } // LCOV_EXCL_START Reason: no test exist +// Used for V1Beta1 WebAppSection::WebAppSection( const string &_application_urls, const string &_asset_id, @@ -417,7 +418,7 @@ WebAppSection::WebAppSection( const LogTriggerSection &parsed_log_trigger, const string &default_mode, const AppSecTrustedSources &parsed_trusted_sources, - const vector &parsed_exceptions) + const std::map> &exceptions) : application_urls(_application_urls), asset_id(_asset_id), @@ -449,8 +450,11 @@ WebAppSection::WebAppSection( overrides.push_back(AppSecOverride(source_ident)); } - for (const InnerException &exception : parsed_exceptions) { - overrides.push_back(AppSecOverride(exception)); + for (const auto &exception : exceptions) { + + for (const auto &inner_exception : exception.second) { + overrides.push_back(AppSecOverride(inner_exception)); + } } } diff --git a/components/security_apps/local_policy_mgmt_gen/exceptions_section.cc b/components/security_apps/local_policy_mgmt_gen/exceptions_section.cc index d413895..dafe3c3 100755 --- a/components/security_apps/local_policy_mgmt_gen/exceptions_section.cc +++ b/components/security_apps/local_policy_mgmt_gen/exceptions_section.cc @@ -146,7 +146,9 @@ AppsecException::load(cereal::JSONInputArchive &archive_in) { dbgTrace(D_LOCAL_POLICY) << "Loading AppSec exception"; parseAppsecJSONKey("name", name, archive_in); - archive_in(CEREAL_NVP(exception_spec)); + AppsecExceptionSpec single_exception_spec; + single_exception_spec.load(archive_in); + exception_spec.push_back(single_exception_spec); } void @@ -174,7 +176,7 @@ ExceptionMatch::ExceptionMatch(const AppsecExceptionSpec &parsed_exception) { bool single_condition = parsed_exception.isOneCondition(); for (auto &attrib : attributes) { - auto &attrib_name = attrib.first; + auto attrib_name = (attrib.first == "sourceIp" ? "sourceIP" : attrib.first); auto &attrib_getter = attrib.second; auto exceptions_value = attrib_getter(parsed_exception); if (exceptions_value.empty()) continue; diff --git a/components/security_apps/local_policy_mgmt_gen/include/appsec_practice_section.h b/components/security_apps/local_policy_mgmt_gen/include/appsec_practice_section.h index 50e939f..9ab4589 100644 --- a/components/security_apps/local_policy_mgmt_gen/include/appsec_practice_section.h +++ b/components/security_apps/local_policy_mgmt_gen/include/appsec_practice_section.h @@ -275,7 +275,7 @@ public: const LogTriggerSection &parsed_log_trigger, const std::string &default_mode, const AppSecTrustedSources &parsed_trusted_sources, - const std::vector &parsed_exceptions + const std::map> &exceptions ); // used for V1beta2 diff --git a/components/security_apps/local_policy_mgmt_gen/include/exceptions_section.h b/components/security_apps/local_policy_mgmt_gen/include/exceptions_section.h index e03ee27..eb110bf 100644 --- a/components/security_apps/local_policy_mgmt_gen/include/exceptions_section.h +++ b/components/security_apps/local_policy_mgmt_gen/include/exceptions_section.h @@ -44,7 +44,7 @@ public: bool isOneCondition() const; private: - int conditions_number; + int conditions_number = 0; std::string action; std::vector country_code; std::vector country_name; diff --git a/components/security_apps/local_policy_mgmt_gen/k8s_policy_utils.cc b/components/security_apps/local_policy_mgmt_gen/k8s_policy_utils.cc index 57a81a2..8a4db38 100644 --- a/components/security_apps/local_policy_mgmt_gen/k8s_policy_utils.cc +++ b/components/security_apps/local_policy_mgmt_gen/k8s_policy_utils.cc @@ -543,21 +543,25 @@ K8sPolicyUtils::createPolicy( } for (const IngressDefinedRule &rule : item.getSpec().getRules()) { - string url = rule.getHost(); + string host = rule.getHost(); for (const IngressRulePath &uri : rule.getPathsWrapper().getRulePaths()) { - if (!appsec_policy.getAppsecPolicySpec().isAssetHostExist(url + uri.getPath())) { + if (uri.getPath() != "/") { + host = host + uri.getPath(); + } + if (!appsec_policy.getAppsecPolicySpec().isAssetHostExist(host)) { dbgTrace(D_LOCAL_POLICY) << "Inserting Host data to the specific asset set:" << "URL: '" - << url + << rule.getHost() << "' uri: '" << uri.getPath() << "'"; - K ingress_rule = K(url + uri.getPath()); + K ingress_rule = K(host); policies[annotations_values[AnnotationKeys::PolicyKey]].addSpecificRule(ingress_rule); } } } + } std::tuple, map> diff --git a/components/security_apps/local_policy_mgmt_gen/policy_maker_utils.cc b/components/security_apps/local_policy_mgmt_gen/policy_maker_utils.cc index f086905..eb256c7 100755 --- a/components/security_apps/local_policy_mgmt_gen/policy_maker_utils.cc +++ b/components/security_apps/local_policy_mgmt_gen/policy_maker_utils.cc @@ -21,6 +21,7 @@ using namespace std; USE_DEBUG_FLAG(D_NGINX_POLICY); +USE_DEBUG_FLAG(D_LOCAL_POLICY); void SecurityAppsWrapper::save(cereal::JSONOutputArchive &out_ar) const @@ -185,6 +186,33 @@ PolicyMakerUtils::dumpPolicyToFile( return policy_str; } +template +vector +extractExceptionAnnotationNames( + const R &parsed_rule, + const R &default_rule, + const string &policy_name) +{ + vector annotation_names; + + const R &rule = (!parsed_rule.getExceptions().empty() ? parsed_rule : default_rule); + for (const string &exception_name : rule.getExceptions()) { + if (exception_name.empty()) { + continue; + } + + const auto policy_exception = policy_name + "/" + exception_name; + + dbgTrace(D_NGINX_POLICY) << "Adding " << policy_exception << " to exception vector"; + + annotation_names.push_back(policy_exception); + } + + dbgTrace(D_NGINX_POLICY) << "Number of exceptions related to rule: " << annotation_names.size(); + + return annotation_names; +} + template map extractAnnotationsNames( @@ -217,18 +245,6 @@ extractAnnotationsNames( rule_annotation[AnnotationTypes::TRIGGER] = policy_name + "/" + trigger_annotation_name; } - string exception_annotation_name; - // TBD: support multiple exceptions - if (!parsed_rule.getExceptions().empty() && !parsed_rule.getExceptions()[0].empty()) { - exception_annotation_name = parsed_rule.getExceptions()[0]; - } else if (!default_rule.getExceptions().empty() && !default_rule.getExceptions()[0].empty()) { - exception_annotation_name = default_rule.getExceptions()[0]; - } - - if (!exception_annotation_name.empty()) { - rule_annotation[AnnotationTypes::EXCEPTION] = policy_name + "/" + exception_annotation_name; - } - string web_user_res_annotation_name = parsed_rule.getCustomResponse().empty() ? default_rule.getCustomResponse() : @@ -444,6 +460,7 @@ template R getAppsecExceptionSpec(const string &exception_annotation_name, const T &policy) { + dbgFlow(D_NGINX_POLICY) << "anotation name: " << exception_annotation_name; auto exceptions_vec = policy.getAppsecExceptions(); auto exception_it = extractElement(exceptions_vec.begin(), exceptions_vec.end(), exception_annotation_name); @@ -776,6 +793,7 @@ createExceptionSection( const string &exception_annotation_name, const T &policy) { + dbgFlow(D_NGINX_POLICY) << "exception annotation name" << exception_annotation_name; AppsecException exception_spec = getAppsecExceptionSpec(exception_annotation_name, policy); vector res; @@ -784,6 +802,7 @@ createExceptionSection( ExceptionBehavior exception_behavior(exception.getAction()); res.push_back(InnerException(exception_behavior, exception_match)); } + return res; } @@ -896,13 +915,16 @@ createMultiRulesSections( const string &web_user_res_vec_id, const string &web_user_res_vec_type, const string &asset_name, - const string &exception_name, - const vector &exceptions) + const std::map> &exceptions) { PracticeSection practice = PracticeSection(practice_id, practice_type, practice_name); vector exceptions_result; for (auto exception : exceptions) { - exceptions_result.push_back(ParametersSection(exception.getBehaviorId(), exception_name)); + + const auto &exception_name = exception.first; + for (const auto &inner_exception : exception.second) { + exceptions_result.push_back(ParametersSection(inner_exception.getBehaviorId(), exception_name)); + } } vector triggers; @@ -1344,6 +1366,7 @@ PolicyMakerUtils::combineElementsToPolicy(const string &policy_version) convertMapToVector(log_triggers), convertMapToVector(web_user_res_triggers) ) ); + ExceptionsWrapper exceptions_section({ ExceptionsRulebase(convertExceptionsMapToVector(inner_exceptions)) }); @@ -1381,6 +1404,7 @@ PolicyMakerUtils::createPolicyElementsByRule( const string &policy_name) { map rule_annotations = extractAnnotationsNames(rule, default_rule, policy_name); + if ( !rule_annotations[AnnotationTypes::TRIGGER].empty() && !log_triggers.count(rule_annotations[AnnotationTypes::TRIGGER]) @@ -1403,15 +1427,27 @@ PolicyMakerUtils::createPolicyElementsByRule( ); } - if ( - !rule_annotations[AnnotationTypes::EXCEPTION].empty() && - !inner_exceptions.count(rule_annotations[AnnotationTypes::EXCEPTION]) - ) { - inner_exceptions[rule_annotations[AnnotationTypes::EXCEPTION]] = - createExceptionSection( - rule_annotations[AnnotationTypes::EXCEPTION], - policy - ); + const auto exceptions_annotations = extractExceptionAnnotationNames(rule, default_rule, policy_name); + std::map> rule_inner_exceptions; + if (!exceptions_annotations.empty()) { + for (const auto &exception_name :exceptions_annotations) { + dbgWarning(D_LOCAL_POLICY) << "exceptions name: " << exception_name; + + if (rule_inner_exceptions.count(exception_name)) { + dbgWarning(D_LOCAL_POLICY) << "exception name already exists for that rule: " << exception_name; + continue; + } + + if (inner_exceptions.count(exception_name)) { + dbgWarning(D_LOCAL_POLICY) << "exception name already exists in inner exceptions: " << exception_name; + rule_inner_exceptions[exception_name] = inner_exceptions[exception_name]; + continue; + } + + auto exception_section = createExceptionSection(exception_name, policy); + rule_inner_exceptions[exception_name] = exception_section; + inner_exceptions[exception_name] = exception_section; + } } if ( @@ -1470,8 +1506,7 @@ PolicyMakerUtils::createPolicyElementsByRule( web_user_res_triggers[rule_annotations[AnnotationTypes::WEB_USER_RES]].getTriggerId(), "WebUserResponse", full_url, - rule_annotations[AnnotationTypes::EXCEPTION], - inner_exceptions[rule_annotations[AnnotationTypes::EXCEPTION]] + rule_inner_exceptions ); rules_config[rule_config.getAssetName()] = rule_config; @@ -1498,7 +1533,7 @@ PolicyMakerUtils::createPolicyElementsByRule( log_triggers[rule_annotations[AnnotationTypes::TRIGGER]], rule.getMode(), trusted_sources[rule_annotations[AnnotationTypes::TRUSTED_SOURCES]], - inner_exceptions[rule_annotations[AnnotationTypes::EXCEPTION]] + rule_inner_exceptions ); web_apps[rule_config.getAssetName()] = web_app; } diff --git a/components/security_apps/orchestration/downloader/downloader_ut/downloader_ut.cc b/components/security_apps/orchestration/downloader/downloader_ut/downloader_ut.cc index 747a4b4..2ae29d8 100755 --- a/components/security_apps/orchestration/downloader/downloader_ut/downloader_ut.cc +++ b/components/security_apps/orchestration/downloader/downloader_ut/downloader_ut.cc @@ -1,3 +1,7 @@ +#include +class Package; +static std::ostream & operator<<(std::ostream &os, const Package &) { return os; } + #include "cptest.h" #include "config.h" #include "config_component.h" diff --git a/components/security_apps/orchestration/include/updates_process_event.h b/components/security_apps/orchestration/include/updates_process_event.h index 9bf76d0..e743dce 100644 --- a/components/security_apps/orchestration/include/updates_process_event.h +++ b/components/security_apps/orchestration/include/updates_process_event.h @@ -35,6 +35,8 @@ enum class UpdatesFailureReason { INSTALL_PACKAGE, CHECKSUM_UNMATCHED, POLICY_CONFIGURATION, + SERVISE_CONFIGURATION, + SERVISE_CONFIGURATION_TIMEOUT, POLICY_FOG_CONFIGURATION, NONE @@ -57,6 +59,8 @@ convertUpdatesFailureReasonToStr(UpdatesFailureReason reason) case UpdatesFailureReason::INSTALL_PACKAGE : return "INSTALL_PACKAGE"; case UpdatesFailureReason::CHECKSUM_UNMATCHED : return "CHECKSUM_UNMATCHED"; case UpdatesFailureReason::POLICY_CONFIGURATION : return "POLICY_CONFIGURATION"; + case UpdatesFailureReason::SERVISE_CONFIGURATION : return "SERVISE_CONFIGURATION"; + case UpdatesFailureReason::SERVISE_CONFIGURATION_TIMEOUT : return "SERVISE_CONFIGURATION_TIMEOUT"; case UpdatesFailureReason::POLICY_FOG_CONFIGURATION : return "POLICY_FOG_CONFIGURATION"; case UpdatesFailureReason::NONE : return "NONE"; } diff --git a/components/security_apps/orchestration/include/updates_process_reporter.h b/components/security_apps/orchestration/include/updates_process_reporter.h index 7ffad8b..88f0e7c 100644 --- a/components/security_apps/orchestration/include/updates_process_reporter.h +++ b/components/security_apps/orchestration/include/updates_process_reporter.h @@ -21,20 +21,24 @@ #include "config.h" #include "debug.h" #include "i_orchestration_status.h" +#include "i_service_controller.h" #include "health_check_status/health_check_status.h" #include "updates_process_event.h" #include "updates_process_report.h" -class UpdatesProcessReporter : public Listener +class UpdatesProcessReporter + : + public Listener, + Singleton::Consume { public: void upon(const UpdatesProcessEvent &event) override; private: - void sendReoprt(); + void sendReoprt(const std::string &version); static std::vector reports; - uint report_failure_count = 0; + std::map report_failure_count_map; }; #endif // __UPDATES_PROCESS_REPORTER_H__ diff --git a/components/security_apps/orchestration/manifest_controller/manifest_controller_ut/manifest_controller_ut.cc b/components/security_apps/orchestration/manifest_controller/manifest_controller_ut/manifest_controller_ut.cc index 9441867..4a04eb8 100755 --- a/components/security_apps/orchestration/manifest_controller/manifest_controller_ut/manifest_controller_ut.cc +++ b/components/security_apps/orchestration/manifest_controller/manifest_controller_ut/manifest_controller_ut.cc @@ -1,3 +1,7 @@ +#include +class Package; +static std::ostream & operator<<(std::ostream &os, const Package &) { return os; } + #include "manifest_controller.h" #include diff --git a/components/security_apps/orchestration/modules/modules_ut/orchestration_policy_ut.cc b/components/security_apps/orchestration/modules/modules_ut/orchestration_policy_ut.cc index 5b89b5c..fdd1454 100755 --- a/components/security_apps/orchestration/modules/modules_ut/orchestration_policy_ut.cc +++ b/components/security_apps/orchestration/modules/modules_ut/orchestration_policy_ut.cc @@ -43,8 +43,8 @@ TEST_F(PolicyTest, serialization) ASSERT_TRUE(false) << "Cereal threw an exception: " << e.what(); } - EXPECT_EQ(15, orchestration_policy.getErrorSleepInterval()); - EXPECT_EQ(20, orchestration_policy.getSleepInterval()); + EXPECT_EQ(15u, orchestration_policy.getErrorSleepInterval()); + EXPECT_EQ(20u, orchestration_policy.getSleepInterval()); EXPECT_EQ("http://10.0.0.18:81/control/", orchestration_policy.getFogAddress()); } @@ -63,8 +63,8 @@ TEST_F(PolicyTest, noAgentType) ASSERT_TRUE(false) << "Cereal threw an exception: " << e.what(); } - EXPECT_EQ(15, orchestration_policy.getErrorSleepInterval()); - EXPECT_EQ(20, orchestration_policy.getSleepInterval()); + EXPECT_EQ(15u, orchestration_policy.getErrorSleepInterval()); + EXPECT_EQ(20u, orchestration_policy.getSleepInterval()); EXPECT_EQ("http://10.0.0.18:81/control/", orchestration_policy.getFogAddress()); } @@ -83,8 +83,8 @@ TEST_F(PolicyTest, zeroSleepIntervels) ASSERT_TRUE(false) << "Cereal threw an exception: " << e.what(); } - EXPECT_EQ(0, orchestration_policy.getErrorSleepInterval()); - EXPECT_EQ(0, orchestration_policy.getSleepInterval()); + EXPECT_EQ(0u, orchestration_policy.getErrorSleepInterval()); + EXPECT_EQ(0u, orchestration_policy.getSleepInterval()); EXPECT_EQ("http://10.0.0.18:81/control/", orchestration_policy.getFogAddress()); } @@ -152,7 +152,7 @@ TEST_F(PolicyTest, newOptionalFields) ASSERT_TRUE(false) << "Cereal threw an exception: " << e.what(); } - EXPECT_EQ(10, orchestration_policy.getErrorSleepInterval()); - EXPECT_EQ(30, orchestration_policy.getSleepInterval()); + EXPECT_EQ(10u, orchestration_policy.getErrorSleepInterval()); + EXPECT_EQ(30u, orchestration_policy.getSleepInterval()); EXPECT_EQ("https://fog-api-gw-agents.cloud.ngen.checkpoint.com", orchestration_policy.getFogAddress()); } diff --git a/components/security_apps/orchestration/modules/modules_ut/orchestration_status_ut.cc b/components/security_apps/orchestration/modules/modules_ut/orchestration_status_ut.cc index 8d4dec8..e90dd07 100755 --- a/components/security_apps/orchestration/modules/modules_ut/orchestration_status_ut.cc +++ b/components/security_apps/orchestration/modules/modules_ut/orchestration_status_ut.cc @@ -1,3 +1,7 @@ +#include +class Package; +static std::ostream & operator<<(std::ostream &os, const Package &) { return os; } + #include "orchestration_status.h" #include diff --git a/components/security_apps/orchestration/modules/modules_ut/url_parser_ut.cc b/components/security_apps/orchestration/modules/modules_ut/url_parser_ut.cc index 2f8ac97..b266665 100755 --- a/components/security_apps/orchestration/modules/modules_ut/url_parser_ut.cc +++ b/components/security_apps/orchestration/modules/modules_ut/url_parser_ut.cc @@ -1,3 +1,7 @@ +#include +class Package; +static std::ostream & operator<<(std::ostream &os, const Package &) { return os; } + #include "url_parser.h" #include "cptest.h" diff --git a/components/security_apps/orchestration/orchestration_ut/orchestration_multitenant_ut.cc b/components/security_apps/orchestration/orchestration_ut/orchestration_multitenant_ut.cc index f3bdd6a..0ccbdc3 100644 --- a/components/security_apps/orchestration/orchestration_ut/orchestration_multitenant_ut.cc +++ b/components/security_apps/orchestration/orchestration_ut/orchestration_multitenant_ut.cc @@ -1,3 +1,7 @@ +#include +class Package; +std::ostream & operator<<(std::ostream &os, const Package &) { return os; } + #include "orchestration_comp.h" #include "cptest.h" @@ -471,6 +475,9 @@ TEST_F(OrchestrationMultitenancyTest, handle_virtual_resource) ) ).WillOnce(Return(Maybe())); + string version = "1"; + EXPECT_CALL(mock_service_controller, getUpdatePolicyVersion()).WillOnce(ReturnRef(version)); + EXPECT_CALL( mock_service_controller, updateServiceConfiguration( diff --git a/components/security_apps/orchestration/orchestration_ut/orchestration_ut.cc b/components/security_apps/orchestration/orchestration_ut/orchestration_ut.cc index a6d38cc..3cb5ead 100755 --- a/components/security_apps/orchestration/orchestration_ut/orchestration_ut.cc +++ b/components/security_apps/orchestration/orchestration_ut/orchestration_ut.cc @@ -1,3 +1,7 @@ +#include +class Package; +std::ostream & operator<<(std::ostream &os, const Package &) { return os; } + #include "orchestration_comp.h" #include "cptest.h" @@ -380,6 +384,10 @@ TEST_F(OrchestrationTest, hybridModeRegisterLocalAgentRoutine) EXPECT_CALL(mock_status, setLastUpdateAttempt()); EXPECT_CALL(mock_status, setIsConfigurationUpdated(_)); + string version = "1"; + EXPECT_CALL(mock_service_controller, getUpdatePolicyVersion()).WillOnce(ReturnRef(version)); + + EXPECT_CALL(mock_ml, yield(A())) .WillOnce(Return()) .WillOnce(Invoke([] (chrono::microseconds) { throw invalid_argument("stop while loop"); })); @@ -587,6 +595,9 @@ TEST_F(OrchestrationTest, check_sending_registration_data) EXPECT_CALL(mock_status, setLastUpdateAttempt()); EXPECT_CALL(mock_status, setIsConfigurationUpdated(_)); + string version = "1"; + EXPECT_CALL(mock_service_controller, getUpdatePolicyVersion()).WillOnce(ReturnRef(version)); + EXPECT_CALL(mock_ml, yield(A())) .WillOnce(Return()) .WillOnce(Invoke([] (chrono::microseconds) { throw invalid_argument("stop while loop"); })); @@ -718,6 +729,9 @@ TEST_F(OrchestrationTest, orchestrationPolicyUpdatRollback) EXPECT_CALL(mock_status, setPolicyVersion(third_val)); EXPECT_CALL(mock_status, setPolicyVersion(second_val)); + string version = "1"; + EXPECT_CALL(mock_service_controller, getUpdatePolicyVersion()).WillOnce(ReturnRef(version)); + string policy_versions; EXPECT_CALL(mock_service_controller, getPolicyVersions()).WillRepeatedly(ReturnRef(policy_versions)); EXPECT_CALL(mock_update_communication, sendPolicyVersion("13", _)).Times(1).WillOnce(Return(Maybe())); @@ -895,6 +909,9 @@ TEST_F(OrchestrationTest, orchestrationPolicyUpdate) ); EXPECT_CALL(mock_status, setPolicyVersion(third_val)); + string version = "1"; + EXPECT_CALL(mock_service_controller, getUpdatePolicyVersion()).WillOnce(ReturnRef(version)); + string policy_versions; EXPECT_CALL(mock_service_controller, getPolicyVersions()).WillRepeatedly(ReturnRef(policy_versions)); EXPECT_CALL(mock_update_communication, sendPolicyVersion("13", _)).Times(1).WillOnce(Return(Maybe())); @@ -1112,6 +1129,9 @@ TEST_F(OrchestrationTest, manifestUpdate) ) ); + string version = "1"; + EXPECT_CALL(mock_service_controller, getUpdatePolicyVersion()).WillOnce(ReturnRef(version)); + GetResourceFile manifest_file(GetResourceFile::ResourceFileType::MANIFEST); EXPECT_CALL(mock_downloader, downloadFile( @@ -1150,6 +1170,8 @@ TEST_F(OrchestrationTest, manifestUpdate) TEST_F(OrchestrationTest, getBadPolicyUpdate) { + Debug::setUnitTestFlag(D_UPDATES_PROCESS_REPORTER, Debug::DebugLevel::NOISE); + EXPECT_CALL( rest, mockRestCall(RestAction::ADD, "proxy", _) @@ -1196,6 +1218,13 @@ TEST_F(OrchestrationTest, getBadPolicyUpdate) EXPECT_CALL(mock_orchestration_tools, calculateChecksum(Package::ChecksumTypes::SHA256, data_file_path)) .WillOnce(Return(data_checksum)); + string manifest = ""; + string policy = "111111"; + string setting = ""; + + string second_val = "12"; + string third_val = "13"; + EXPECT_CALL(mock_service_controller, getUpdatePolicyVersion()).WillRepeatedly(ReturnRef(third_val)); Maybe new_policy_checksum(string("111111")); GetResourceFile policy_file(GetResourceFile::ResourceFileType::POLICY); @@ -1207,12 +1236,6 @@ TEST_F(OrchestrationTest, getBadPolicyUpdate) policy_file ) ).WillOnce(Return(Maybe(string(new_policy_path)))); - string manifest = ""; - string policy = "111111"; - string setting = ""; - - string second_val = "12"; - string third_val = "13"; EXPECT_CALL(mock_service_controller, getPolicyVersion()) .Times(4) .WillOnce(ReturnRef(first_policy_version)) @@ -1246,8 +1269,6 @@ TEST_F(OrchestrationTest, getBadPolicyUpdate) ) ); - EXPECT_CALL(mock_service_controller, getUpdatePolicyVersion()).WillRepeatedly(ReturnRef(third_val)); - EXPECT_CALL( mock_service_controller, updateServiceConfiguration(string("policy path"), "", expected_data_types, "", "", _) @@ -1341,6 +1362,9 @@ TEST_F(OrchestrationTest, failedDownloadSettings) EXPECT_CALL(mock_status, setLastUpdateAttempt()); + string version = "1"; + EXPECT_CALL(mock_service_controller, getUpdatePolicyVersion()).WillOnce(ReturnRef(version)); + string manifest_err = "Critical Error: Agent/Gateway was not fully deployed on host 'hostname' " "and is not enforcing a security policy. Retry installation or contact Check Point support."; @@ -1456,6 +1480,10 @@ TEST_P(OrchestrationTest, orchestrationFirstRun) } ) ); + + string version = "1"; + EXPECT_CALL(mock_service_controller, getUpdatePolicyVersion()).WillOnce(ReturnRef(version)); + EXPECT_CALL(mock_service_controller, getPolicyVersion()).WillRepeatedly(ReturnRef(first_policy_version)); EXPECT_CALL(mock_update_communication, getUpdate(_)).WillOnce( Invoke( @@ -1654,6 +1682,10 @@ TEST_F(OrchestrationTest, dataUpdate) .WillOnce(Return(data_instance_checksum)); EXPECT_CALL(mock_service_controller, getPolicyVersion()).WillRepeatedly(ReturnRef(first_policy_version)); + + string version = "1"; + EXPECT_CALL(mock_service_controller, getUpdatePolicyVersion()).WillOnce(ReturnRef(version)); + EXPECT_CALL(mock_update_communication, getUpdate(_)).WillOnce( Invoke( [&](CheckUpdateRequest &req) diff --git a/components/security_apps/orchestration/package_handler/package_handler_ut/package_handler_ut.cc b/components/security_apps/orchestration/package_handler/package_handler_ut/package_handler_ut.cc index 8a6f864..c8e6d96 100755 --- a/components/security_apps/orchestration/package_handler/package_handler_ut/package_handler_ut.cc +++ b/components/security_apps/orchestration/package_handler/package_handler_ut/package_handler_ut.cc @@ -1,3 +1,7 @@ +#include +class Package; +static std::ostream & operator<<(std::ostream &os, const Package &) { return os; } + #include "package_handler.h" #include "cptest.h" diff --git a/components/security_apps/orchestration/service_controller/service_controller.cc b/components/security_apps/orchestration/service_controller/service_controller.cc index 7a25d41..440c116 100755 --- a/components/security_apps/orchestration/service_controller/service_controller.cc +++ b/components/security_apps/orchestration/service_controller/service_controller.cc @@ -29,6 +29,7 @@ #include "i_orchestration_tools.h" #include "customized_cereal_map.h" #include "declarative_policy_utils.h" +#include "updates_process_event.h" using namespace std; using namespace ReportIS; @@ -65,6 +66,13 @@ public: } if (error.get()) { service_controller->updateReconfStatus(id.get(), service_name.get(), ReconfStatus::FAILED); + UpdatesProcessEvent( + UpdatesProcessResult::FAILED, + UpdatesConfigType::GENERAL, + UpdatesFailureReason::SERVISE_CONFIGURATION, + string(service_name.get() + ", ID: " + to_string(id.get())), + (error_message.isActive() ? " Error: " + error_message.get() : "") + ).notify(); dbgError(D_SERVICE_CONTROLLER) << "Request for service reconfiguration failed to complete. ID: " << id.get() @@ -1028,6 +1036,12 @@ ServiceController::Impl::sendSignalForServices( } dbgDebug(D_SERVICE_CONTROLLER) << "The reconfiguration has reached a timeout"; + UpdatesProcessEvent( + UpdatesProcessResult::FAILED, + UpdatesConfigType::GENERAL, + UpdatesFailureReason::SERVISE_CONFIGURATION_TIMEOUT, + "The reconfiguration has reached a timeout" + ).notify(); services_reconf_status.clear(); services_reconf_names.clear(); return genError("The reconfiguration has reached a timeout"); diff --git a/components/security_apps/orchestration/service_controller/service_controller_ut/service_controller_ut.cc b/components/security_apps/orchestration/service_controller/service_controller_ut/service_controller_ut.cc index d576834..cb1e4f0 100755 --- a/components/security_apps/orchestration/service_controller/service_controller_ut/service_controller_ut.cc +++ b/components/security_apps/orchestration/service_controller/service_controller_ut/service_controller_ut.cc @@ -1,3 +1,7 @@ +#include +class Package; +static std::ostream & operator<<(std::ostream &os, const Package &) { return os; } + #include "cptest.h" #include #include "orchestration_tools.h" diff --git a/components/security_apps/orchestration/update_communication/hybrid_communication.cc b/components/security_apps/orchestration/update_communication/hybrid_communication.cc index 1eac575..6fdc96e 100755 --- a/components/security_apps/orchestration/update_communication/hybrid_communication.cc +++ b/components/security_apps/orchestration/update_communication/hybrid_communication.cc @@ -120,10 +120,9 @@ HybridCommunication::downloadAttributeFile(const GetResourceFile &resourse_file, } Maybe -HybridCommunication::sendPolicyVersion(const string &policy_version, const string &) const +HybridCommunication::sendPolicyVersion(const string &, const string &) const { dbgFlow(D_ORCHESTRATOR); - policy_version.empty(); return Maybe(); } diff --git a/components/security_apps/orchestration/updates_process_reporter/updates_process_event.cc b/components/security_apps/orchestration/updates_process_reporter/updates_process_event.cc index d9757a8..320b454 100644 --- a/components/security_apps/orchestration/updates_process_reporter/updates_process_event.cc +++ b/components/security_apps/orchestration/updates_process_reporter/updates_process_event.cc @@ -111,6 +111,18 @@ UpdatesProcessEvent::parseDescription() const err << "Failed to configure the fog address: " << detail << ". Error: " << description; break; } + case UpdatesFailureReason::SERVISE_CONFIGURATION : { + err + << "Request for service reconfiguration failed to complete. Service name: " + << detail + << ". Error: " + << description; + break; + } + case UpdatesFailureReason::SERVISE_CONFIGURATION_TIMEOUT : { + err << detail; + break; + } case UpdatesFailureReason::ORCHESTRATION_SELF_UPDATE : { err << description; break; @@ -170,6 +182,14 @@ UpdatesProcessEvent::getDescriptionWithoutErrors() const err << "Failed to configure the fog address: " << detail; break; } + case UpdatesFailureReason::SERVISE_CONFIGURATION : { + err << "Request for service reconfiguration failed to complete. Service name: " << detail; + break; + } + case UpdatesFailureReason::SERVISE_CONFIGURATION_TIMEOUT : { + err << detail; + break; + } case UpdatesFailureReason::ORCHESTRATION_SELF_UPDATE : { err << description; break; diff --git a/components/security_apps/orchestration/updates_process_reporter/updates_process_reporter.cc b/components/security_apps/orchestration/updates_process_reporter/updates_process_reporter.cc index 6a61049..1a1be31 100644 --- a/components/security_apps/orchestration/updates_process_reporter/updates_process_reporter.cc +++ b/components/security_apps/orchestration/updates_process_reporter/updates_process_reporter.cc @@ -29,14 +29,21 @@ void UpdatesProcessReporter::upon(const UpdatesProcessEvent &event) { if (event.getReason() == UpdatesFailureReason::CHECK_UPDATE) { + auto i_controller = Singleton::Consume::by(); + string version = i_controller->getUpdatePolicyVersion(); if (event.getResult() == UpdatesProcessResult::SUCCESS && reports.empty()) { dbgTrace(D_UPDATES_PROCESS_REPORTER) << "Update proccess finished successfully"; - report_failure_count = 0; + report_failure_count_map.erase(version); return; } - dbgTrace(D_UPDATES_PROCESS_REPORTER) << "Update proccess finished with errors"; - report_failure_count++; - if (report_failure_count <= 1) { + if (report_failure_count_map.find(version) == report_failure_count_map.end()) { + report_failure_count_map[version] = 0; + } + report_failure_count_map[version]++; + dbgTrace(D_UPDATES_PROCESS_REPORTER) + << "Update proccess finished with errors. Count: " + << report_failure_count_map[version]; + if (report_failure_count_map[version] <= 1) { reports.clear(); return; } @@ -48,7 +55,7 @@ UpdatesProcessReporter::upon(const UpdatesProcessEvent &event) event.parseDescription() ) ); - sendReoprt(); + sendReoprt(version); return; } if (event.getResult() == UpdatesProcessResult::SUCCESS || event.getResult() == UpdatesProcessResult::UNSET) return; @@ -58,12 +65,13 @@ UpdatesProcessReporter::upon(const UpdatesProcessEvent &event) } void -UpdatesProcessReporter::sendReoprt() +UpdatesProcessReporter::sendReoprt(const string &version) { stringstream full_reports; UpdatesFailureReason failure_reason = UpdatesFailureReason::NONE; full_reports << "Updates process reports:" << endl; - full_reports << "report failure count:" << report_failure_count << endl; + full_reports << "Policy version: " << version << endl; + full_reports << "report failure count:" << report_failure_count_map[version] << endl; for (const auto &report : reports) { if (report.getReason() != UpdatesFailureReason::CHECK_UPDATE) { failure_reason = report.getReason(); diff --git a/components/utils/generic_rulebase/evaluators/trigger_eval.cc b/components/utils/generic_rulebase/evaluators/trigger_eval.cc index cd26ac4..7e15b47 100644 --- a/components/utils/generic_rulebase/evaluators/trigger_eval.cc +++ b/components/utils/generic_rulebase/evaluators/trigger_eval.cc @@ -50,7 +50,7 @@ TriggerMatcher::evalVariable() const << "Trying to match trigger. ID: " << trigger_id << ", Current set IDs: " << makeSeparatedStr(bc_trigger_id_ctx.ok() ? *bc_trigger_id_ctx : set(), ", "); - if (bc_trigger_id_ctx.ok() && bc_trigger_id_ctx.unpack().count(trigger_id) > 0 ) return true; + if (bc_trigger_id_ctx.ok()) return bc_trigger_id_ctx.unpack().count(trigger_id) > 0; auto rule = getConfiguration("rulebase", "rulesConfig"); return rule.ok() && rule.unpack().isTriggerActive(trigger_id); diff --git a/core/attachments/http_configuration/http_configuration_ut/http_configuration_ut.cc b/core/attachments/http_configuration/http_configuration_ut/http_configuration_ut.cc index 7a24b7e..00ec2df 100644 --- a/core/attachments/http_configuration/http_configuration_ut/http_configuration_ut.cc +++ b/core/attachments/http_configuration/http_configuration_ut/http_configuration_ut.cc @@ -71,24 +71,24 @@ TEST_F(HttpAttachmentUtilTest, GetValidAttachmentConfiguration) HttpAttachmentConfiguration conf_data_out; EXPECT_EQ(conf_data_out.init(attachment_configuration_file_name), 1); - EXPECT_EQ(conf_data_out.getNumericalValue("is_fail_open_mode_enabled"), 0); - EXPECT_EQ(conf_data_out.getNumericalValue("fail_open_timeout"), 1234); - EXPECT_EQ(conf_data_out.getNumericalValue("is_fail_open_mode_hold_enabled"), 0); - EXPECT_EQ(conf_data_out.getNumericalValue("fail_open_hold_timeout"), 4321); + EXPECT_EQ(conf_data_out.getNumericalValue("is_fail_open_mode_enabled"), 0u); + EXPECT_EQ(conf_data_out.getNumericalValue("fail_open_timeout"), 1234u); + EXPECT_EQ(conf_data_out.getNumericalValue("is_fail_open_mode_hold_enabled"), 0u); + EXPECT_EQ(conf_data_out.getNumericalValue("fail_open_hold_timeout"), 4321u); EXPECT_EQ(conf_data_out.getStringValue("sessions_per_minute_limit_verdict"), "Accept"); - EXPECT_EQ(conf_data_out.getNumericalValue("max_sessions_per_minute"), 0); - EXPECT_EQ(conf_data_out.getNumericalValue("num_of_nginx_ipc_elements"), 200); - EXPECT_EQ(conf_data_out.getNumericalValue("keep_alive_interval_msec"), 10000); + EXPECT_EQ(conf_data_out.getNumericalValue("max_sessions_per_minute"), 0u); + EXPECT_EQ(conf_data_out.getNumericalValue("num_of_nginx_ipc_elements"), 200u); + EXPECT_EQ(conf_data_out.getNumericalValue("keep_alive_interval_msec"), 10000u); EXPECT_EQ(conf_data_out.getNumericalValue("dbg_level"), 2u); - EXPECT_EQ(conf_data_out.getNumericalValue("res_proccessing_timeout_msec"), 420); - EXPECT_EQ(conf_data_out.getNumericalValue("req_proccessing_timeout_msec"), 42); - EXPECT_EQ(conf_data_out.getNumericalValue("registration_thread_timeout_msec"), 101); - EXPECT_EQ(conf_data_out.getNumericalValue("req_header_thread_timeout_msec"), 10); - EXPECT_EQ(conf_data_out.getNumericalValue("req_body_thread_timeout_msec"), 155); - EXPECT_EQ(conf_data_out.getNumericalValue("res_header_thread_timeout_msec"), 1); - EXPECT_EQ(conf_data_out.getNumericalValue("res_body_thread_timeout_msec"), 80); - EXPECT_EQ(conf_data_out.getNumericalValue("waiting_for_verdict_thread_timeout_msec"), 60); - EXPECT_EQ(conf_data_out.getNumericalValue("nginx_inspection_mode"), 1); + EXPECT_EQ(conf_data_out.getNumericalValue("res_proccessing_timeout_msec"), 420u); + EXPECT_EQ(conf_data_out.getNumericalValue("req_proccessing_timeout_msec"), 42u); + EXPECT_EQ(conf_data_out.getNumericalValue("registration_thread_timeout_msec"), 101u); + EXPECT_EQ(conf_data_out.getNumericalValue("req_header_thread_timeout_msec"), 10u); + EXPECT_EQ(conf_data_out.getNumericalValue("req_body_thread_timeout_msec"), 155u); + EXPECT_EQ(conf_data_out.getNumericalValue("res_header_thread_timeout_msec"), 1u); + EXPECT_EQ(conf_data_out.getNumericalValue("res_body_thread_timeout_msec"), 80u); + EXPECT_EQ(conf_data_out.getNumericalValue("waiting_for_verdict_thread_timeout_msec"), 60u); + EXPECT_EQ(conf_data_out.getNumericalValue("nginx_inspection_mode"), 1u); } TEST_F(HttpAttachmentUtilTest, GetMalformedAttachmentConfiguration) diff --git a/core/config/config.cc b/core/config/config.cc index 821fc7e..e30842d 100644 --- a/core/config/config.cc +++ b/core/config/config.cc @@ -306,6 +306,7 @@ private: string log_files_prefix = "/var/log"; string default_config_directory_path = "/conf/"; string config_directory_path = ""; + string error_to_report = ""; TypeWrapper empty; }; @@ -802,6 +803,7 @@ bool ConfigComponent::Impl::commitFailure(const string &error) { dbgError(D_CONFIG) << error; + error_to_report = error; new_resource_nodes.clear(); new_configuration_nodes.clear(); new_settings_nodes.clear(); @@ -937,7 +939,7 @@ ConfigComponent::Impl::reloadConfigurationContinuesWrapper(const string &version mainloop->stop(routine_id); LoadNewConfigurationStatus finished(id, service_name, !res, true); - if (!res) finished.setError("Failed to reload configuration"); + if (!res) finished.setError(error_to_report); I_TimeGet *time = Singleton::Consume::by(); auto send_status_time_out = time->getMonotonicTime() + chrono::seconds(180); while (time->getMonotonicTime() < send_status_time_out) { diff --git a/core/core_ut/cache_ut.cc b/core/core_ut/cache_ut.cc index 9170c60..6f1c858 100644 --- a/core/core_ut/cache_ut.cc +++ b/core/core_ut/cache_ut.cc @@ -151,10 +151,10 @@ TEST(TempCaching, capacity) cache.createEntry(3); cache.createEntry(4); - EXPECT_EQ(cache.size(), 5); - EXPECT_EQ(cache.capacity(), 0); + EXPECT_EQ(cache.size(), 5u); + EXPECT_EQ(cache.capacity(), 0u); cache.capacity(3); - EXPECT_EQ(cache.size(), 3); + EXPECT_EQ(cache.size(), 3u); EXPECT_FALSE(cache.doesKeyExists(0)); EXPECT_FALSE(cache.doesKeyExists(1)); EXPECT_TRUE(cache.doesKeyExists(2)); @@ -162,7 +162,7 @@ TEST(TempCaching, capacity) EXPECT_TRUE(cache.doesKeyExists(4)); cache.createEntry(5); - EXPECT_EQ(cache.size(), 3); + EXPECT_EQ(cache.size(), 3u); EXPECT_FALSE(cache.doesKeyExists(2)); EXPECT_TRUE(cache.doesKeyExists(3)); EXPECT_TRUE(cache.doesKeyExists(4)); @@ -170,7 +170,7 @@ TEST(TempCaching, capacity) cache.capacity(0); cache.createEntry(6); - EXPECT_EQ(cache.size(), 4); + EXPECT_EQ(cache.size(), 4u); EXPECT_TRUE(cache.doesKeyExists(3)); EXPECT_TRUE(cache.doesKeyExists(4)); EXPECT_TRUE(cache.doesKeyExists(5)); @@ -178,7 +178,7 @@ TEST(TempCaching, capacity) cache.deleteEntry(5); cache.capacity(2); - EXPECT_EQ(cache.size(), 2); + EXPECT_EQ(cache.size(), 2u); EXPECT_TRUE(cache.doesKeyExists(4)); EXPECT_TRUE(cache.doesKeyExists(6)); } diff --git a/core/core_ut/maybe_res_ut.cc b/core/core_ut/maybe_res_ut.cc index 20e9629..eea0d65 100644 --- a/core/core_ut/maybe_res_ut.cc +++ b/core/core_ut/maybe_res_ut.cc @@ -161,6 +161,7 @@ public: public: MyValue(int _x) : x(_x) { addObj(this); } MyValue(const MyValue &other) : x(other.x) { addObj(this); } + MyValue & operator=(const MyValue &other) = default; ~MyValue() { delObj(this); } bool operator==(const MyValue &other) const { return x==other.x; } bool operator!=(const MyValue &other) const { return x!=other.x; } @@ -208,9 +209,9 @@ TEST_F(MaybeAssignments, ValValRval) Maybe m(MyValue(1)); // Change the value - EXPECT_EQ(1, m->x); + EXPECT_EQ(m->x, 1); m = 2; - EXPECT_EQ(2, m->x); + EXPECT_EQ(m->x, 2); } TEST_F(MaybeAssignments, ValValLval) diff --git a/core/include/general/common.h b/core/include/general/common.h index 984bf56..7029922 100644 --- a/core/include/general/common.h +++ b/core/include/general/common.h @@ -28,6 +28,7 @@ #include #include #include +#include #include #include #include @@ -145,6 +146,30 @@ operator<<(ostream &os, const vector &obj) return os; } +// LCOV_EXCL_START Reason: Currently not used in 4.8 coverage but is used in alpine. +template +ostream & +operator<<(ostream &os, const pair &) +{ + // Uncomment when g++ 4.8 is no longer supported + // return os << obj.first << ':' << obj.second; + return os; +} +// LCOL_EXCL_STOP + +template +ostream & +operator<<(ostream &os, const map &) +{ + // Uncomment when g++ 4.8 is no longer supported + // bool first = true; + // for (const auto &pair : obj) { + // os << (first ? "" : ", ") << pair; + // first = false; + // } + return os; +} + } // namespace std #endif // __COMMON_H__ diff --git a/core/include/services_sdk/utilities/time_print.h b/core/include/general/time_print.h similarity index 100% rename from core/include/services_sdk/utilities/time_print.h rename to core/include/general/time_print.h diff --git a/core/intelligence_is_v2/intelligence_is_v2_ut/intelligence_comp_v2_ut.cc b/core/intelligence_is_v2/intelligence_is_v2_ut/intelligence_comp_v2_ut.cc index 18578ea..df12734 100644 --- a/core/intelligence_is_v2/intelligence_is_v2_ut/intelligence_comp_v2_ut.cc +++ b/core/intelligence_is_v2/intelligence_is_v2_ut/intelligence_comp_v2_ut.cc @@ -1,3 +1,7 @@ +#include +namespace Intelligence { class Response; } +std::ostream & operator<<(std::ostream &os, const Intelligence::Response &); + #include "intelligence_comp_v2.h" #include "config.h" @@ -642,7 +646,7 @@ TEST_F(IntelligenceComponentTestV2, multiAssetsIntelligenceTest) auto maybe_ans = intell->queryIntelligence(request); EXPECT_TRUE(maybe_ans.ok()); auto vec = maybe_ans.unpack(); - EXPECT_EQ(vec.size(), 3); + EXPECT_EQ(vec.size(), 3u); auto iter = vec.begin(); @@ -962,11 +966,11 @@ TEST_F(IntelligenceComponentTestV2, pagingQueryTest) ).WillOnce(Return(HTTPResponse(HTTPStatusCode::HTTP_OK, paging_in_progress_response_str1))); request.setAssetsLimit(2); - EXPECT_EQ(request.getAssetsLimit(), 2); + EXPECT_EQ(request.getAssetsLimit(), 2u); auto maybe_ans1 = intell->queryIntelligence(request); EXPECT_TRUE(maybe_ans1.ok()); auto vec1 = maybe_ans1.unpack(); - EXPECT_EQ(vec1.size(), 1); + EXPECT_EQ(vec1.size(), 1u); EXPECT_EQ(request.isPagingFinished(), false); EXPECT_CALL(messaging_mock, sendSyncMessage(HTTPMethod::POST, _, _, MessageCategory::INTELLIGENCE, _) @@ -975,7 +979,7 @@ TEST_F(IntelligenceComponentTestV2, pagingQueryTest) auto maybe_ans2 = intell->queryIntelligence(request); EXPECT_TRUE(maybe_ans2.ok()); auto vec2 = maybe_ans2.unpack(); - EXPECT_EQ(vec2.size(), 2); + EXPECT_EQ(vec2.size(), 2u); EXPECT_EQ(request.isPagingFinished(), false); EXPECT_CALL(messaging_mock, sendSyncMessage(HTTPMethod::POST, _, _, MessageCategory::INTELLIGENCE, _) @@ -985,7 +989,7 @@ TEST_F(IntelligenceComponentTestV2, pagingQueryTest) if (!maybe_ans3.ok()) cout << maybe_ans3.getErr() + "\n"; EXPECT_TRUE(maybe_ans3.ok()); auto vec3 = maybe_ans3.unpack(); - EXPECT_EQ(vec3.size(), 1); + EXPECT_EQ(vec3.size(), 1u); EXPECT_EQ(request.isPagingFinished(), true); vector>::iterator assets_iter = vec3.begin(); @@ -1316,7 +1320,6 @@ TEST_F(IntelligenceComponentTestV2, ignoreInProgressQueryTest_2) QueryRequest request(Condition::EQUALS, "category", "cloud", true, AttributeKeyType::NONE); request.activatePaging(); request.setAssetsLimit(10); - vector> objects_reply; vector objects_ids; do { auto object_result = intell->queryIntelligence(request, true); @@ -1325,10 +1328,9 @@ TEST_F(IntelligenceComponentTestV2, ignoreInProgressQueryTest_2) break; } - objects_reply = object_result.unpack(); - if (objects_reply.empty()) break; + if ((*object_result).empty()) break; - for (const AssetReply ¤t_object : objects_reply) { + for (const AssetReply ¤t_object : *object_result) { if (current_object.getMainAttributes().empty()) { continue; } @@ -1337,5 +1339,5 @@ TEST_F(IntelligenceComponentTestV2, ignoreInProgressQueryTest_2) } } while (!request.isPagingFinished()); - EXPECT_EQ(objects_ids.size(), 2); + EXPECT_EQ(objects_ids.size(), 2u); } diff --git a/core/intelligence_is_v2/intelligence_is_v2_ut/invalidation_ut.cc b/core/intelligence_is_v2/intelligence_is_v2_ut/invalidation_ut.cc index 11112b8..87bc63b 100644 --- a/core/intelligence_is_v2/intelligence_is_v2_ut/invalidation_ut.cc +++ b/core/intelligence_is_v2/intelligence_is_v2_ut/invalidation_ut.cc @@ -609,7 +609,7 @@ TEST_F(IntelligenceInvalidation, invalidation_callback) json << invalidation2.genObject(); mock_invalidation->performRestCall(json); - EXPECT_EQ(recieved_invalidations.size(), 1); + EXPECT_EQ(recieved_invalidations.size(), 1u); EXPECT_EQ(recieved_invalidations[0].getMainAttributes().begin()->getStringSetAttr("attr2").unpack(), vals); } @@ -653,7 +653,7 @@ TEST_F(IntelligenceInvalidation, delete_invalidation_callback) json << invalidation2.genObject(); mock_invalidation->performRestCall(json); - EXPECT_EQ(recieved_invalidations.size(), 0); + EXPECT_EQ(recieved_invalidations.size(), 0u); } TEST_F(IntelligenceInvalidation, invalidation_short_handling) @@ -697,7 +697,7 @@ TEST_F(IntelligenceInvalidation, invalidation_short_handling) json << invalidation2.genObject(); mock_invalidation->performRestCall(json); - EXPECT_EQ(recieved_invalidations.size(), 0); + EXPECT_EQ(recieved_invalidations.size(), 0u); } TEST_F(IntelligenceInvalidation, routine_registration) @@ -792,7 +792,7 @@ TEST_F(IntelligenceInvalidation, invalidation_flow_with_multiple_assets) json1 << not_matching_invalidation.genObject(); mock_invalidation->performRestCall(json1); - EXPECT_EQ(recieved_invalidations.size(), 0); + EXPECT_EQ(recieved_invalidations.size(), 0u); auto matching_second_main_attribute = StrAttributes() .addStringAttr("attr3", "3"); @@ -808,7 +808,7 @@ TEST_F(IntelligenceInvalidation, invalidation_flow_with_multiple_assets) json2 << matching_invalidation.genObject(); mock_invalidation->performRestCall(json2); - EXPECT_EQ(recieved_invalidations.size(), 1); + EXPECT_EQ(recieved_invalidations.size(), 1u); } TEST_F(IntelligenceInvalidation, invalidation_cb_match_2_registred_assets) @@ -868,7 +868,7 @@ TEST_F(IntelligenceInvalidation, invalidation_cb_match_2_registred_assets) json << matching_invalidation.genObject(); mock_invalidation->performRestCall(json); - EXPECT_EQ(recieved_invalidations.size(), 2); + EXPECT_EQ(recieved_invalidations.size(), 2u); } TEST_F(IntelligenceInvalidation, invalidation_cb_match_by_registration_id) @@ -931,5 +931,5 @@ TEST_F(IntelligenceInvalidation, invalidation_cb_match_by_registration_id) cout << json.str() << endl; mock_invalidation->performRestCall(json); - EXPECT_EQ(recieved_invalidations.size(), 1); + EXPECT_EQ(recieved_invalidations.size(), 1u); } diff --git a/core/intelligence_is_v2/intelligence_is_v2_ut/json_stream_ut.cc b/core/intelligence_is_v2/intelligence_is_v2_ut/json_stream_ut.cc index d9652c8..769dcc2 100644 --- a/core/intelligence_is_v2/intelligence_is_v2_ut/json_stream_ut.cc +++ b/core/intelligence_is_v2/intelligence_is_v2_ut/json_stream_ut.cc @@ -42,7 +42,7 @@ addSlashesToSpecialChars(const string &input) case '\"': case '\\': output += '\\'; - //no break + // fallthrough default: output += c; break; diff --git a/core/intelligence_is_v2/intelligence_is_v2_ut/query_request_v2_ut.cc b/core/intelligence_is_v2/intelligence_is_v2_ut/query_request_v2_ut.cc index 8b781f4..25ef4a3 100644 --- a/core/intelligence_is_v2/intelligence_is_v2_ut/query_request_v2_ut.cc +++ b/core/intelligence_is_v2/intelligence_is_v2_ut/query_request_v2_ut.cc @@ -136,12 +136,12 @@ TEST(QueryRequestTestV2, AttributesTest) request.setRequestedAttr("countryName"); SerializableAttributesMap request_attributes_map2 = request.getRequestedAttributes(); - EXPECT_EQ(request_attributes_map2.getAttributeByKey("attributes.countryName"), 500); + EXPECT_EQ(request_attributes_map2.getAttributeByKey("attributes.countryName"), 500u); request.setRequestedAttr("reputationSeverity", 30); SerializableAttributesMap request_attributes_map3 = request.getRequestedAttributes(); - EXPECT_EQ(request_attributes_map3.getAttributeByKey("attributes.reputationSeverity"), 30); + EXPECT_EQ(request_attributes_map3.getAttributeByKey("attributes.reputationSeverity"), 30u); string output_json = "{\n" diff --git a/core/intelligence_is_v2/intelligence_is_v2_ut/query_response_v2_ut.cc b/core/intelligence_is_v2/intelligence_is_v2_ut/query_response_v2_ut.cc index 21af565..9fe71c4 100644 --- a/core/intelligence_is_v2/intelligence_is_v2_ut/query_response_v2_ut.cc +++ b/core/intelligence_is_v2/intelligence_is_v2_ut/query_response_v2_ut.cc @@ -155,13 +155,13 @@ TEST(QueryResponseTestV2, QueryResponseTestV2) obj2.loadFromJson(ss.str()); } - EXPECT_EQ(obj.getAmountOfAssets(), 2); - EXPECT_EQ(obj2.getAmountOfAssets(), 2); + EXPECT_EQ(obj.getAmountOfAssets(), 2u); + EXPECT_EQ(obj2.getAmountOfAssets(), 2u); EXPECT_EQ(obj.getResponseStatus(), ResponseStatus::DONE); EXPECT_EQ(obj2.getResponseStatus(), ResponseStatus::DONE); - EXPECT_EQ(obj.getData().begin()->getAssetSchemaVersion(), 1); + EXPECT_EQ(obj.getData().begin()->getAssetSchemaVersion(), 1u); EXPECT_EQ(obj.getData().begin()->getAssetType(), "workload-cloud-ip"); - EXPECT_EQ(obj.getData().begin()->getAssetTypeSchemaVersion(), 1); + EXPECT_EQ(obj.getData().begin()->getAssetTypeSchemaVersion(), 1u); EXPECT_EQ(obj.getData().begin()->getAssetPermissionGroupId(), "some-group-id"); EXPECT_EQ(obj.getData().begin()->getAssetName(), "[1.1.1.1]"); EXPECT_EQ(obj.getData().begin()->getAssetClass(), "workload"); @@ -188,7 +188,7 @@ TEST(QueryResponseTestV2, QueryResponseTestV2) EXPECT_EQ(soucres_it->getAssetId(), "50255c3172b4fb7fda93025f0bfaa7abefd1"); EXPECT_EQ(soucres_it->getTTL(), chrono::seconds(120)); EXPECT_EQ(soucres_it->getExpirationTime(), "2020-07-29T11:21:12.253Z"); - EXPECT_EQ(soucres_it->getConfidence(), 500); + EXPECT_EQ(soucres_it->getConfidence(), 500u); EXPECT_EQ(soucres_it->getAttributes().begin()->getData().toString(), "red"); EXPECT_EQ(soucres_it->getAttributes().begin()->getData1().toString(), "Omry"); @@ -198,15 +198,15 @@ TEST(QueryResponseTestV2, QueryResponseTestV2) EXPECT_EQ(soucres_it->getAssetId(), "cb068860528cb6bfb000cc35e79f11aeefed2"); EXPECT_EQ(soucres_it->getTTL(), chrono::seconds(120)); EXPECT_EQ(soucres_it->getExpirationTime(), "2020-07-29T11:21:12.253Z"); - EXPECT_EQ(soucres_it->getConfidence(), 600); + EXPECT_EQ(soucres_it->getConfidence(), 600u); EXPECT_EQ(soucres_it->getAttributes().begin()->getData().toString(), "white"); EXPECT_EQ(soucres_it->getAttributes().begin()->getData1().toString(), "Max"); vector> asset_collections = obj.getData(); - EXPECT_EQ(asset_collections.size(), 1); + EXPECT_EQ(asset_collections.size(), 1u); vector>::const_iterator asset_collections_it = asset_collections.begin(); vector asset_sources = asset_collections_it->getData(); - EXPECT_EQ(asset_sources.size(), 2); + EXPECT_EQ(asset_sources.size(), 2u); vector::iterator asset_sources_it = asset_sources.begin(); EXPECT_EQ(asset_sources_it->getData().toString(), "red"); diff --git a/core/logging/logging_ut/logging_ut.cc b/core/logging/logging_ut/logging_ut.cc index 75b75cf..b712f45 100644 --- a/core/logging/logging_ut/logging_ut.cc +++ b/core/logging/logging_ut/logging_ut.cc @@ -101,7 +101,7 @@ public: } }; -class LogTest : public testing::TestWithParam +class LogTest : public testing::Test { public: LogTest() @@ -909,7 +909,7 @@ TEST_F(LogTest, OfflineK8sSvcBulkLogs) EXPECT_EQ(local_body, str1); } -TEST_P(LogTest, metrics_check) +TEST_F(LogTest, metrics_check) { loadFakeConfiguration(true, false, "", 3); Tags tag1 = Tags::POLICY_INSTALLATION; @@ -935,16 +935,10 @@ TEST_P(LogTest, metrics_check) " \"sentLogsBulksSum\": 3\n" "}"; - bool is_named_query = GetParam(); - if (is_named_query) { - EXPECT_THAT(AllMetricEvent().performNamedQuery(), ElementsAre(Pair("Logging data", logging_metric_str))); - } else { - EXPECT_THAT(AllMetricEvent().query(), ElementsAre(logging_metric_str)); - } + EXPECT_THAT(AllMetricEvent().performNamedQuery(), ElementsAre(Pair("Logging data", logging_metric_str))); + EXPECT_THAT(AllMetricEvent().query(), ElementsAre(logging_metric_str)); } -INSTANTIATE_TEST_CASE_P(metrics_check, LogTest, ::testing::Values(false, true)); - TEST_F(LogTest, DeleteStreamTest) { loadFakeConfiguration(false); @@ -1564,7 +1558,7 @@ TEST_F(LogTest, ObfuscationTest) EXPECT_EQ(getBodyFogMessage(), expected_obfuscated_log); ASSERT_NE(sysog_routine, nullptr); sysog_routine(); - EXPECT_EQ(capture_syslog_cef_data.size(), 2); + EXPECT_EQ(capture_syslog_cef_data.size(), 2u); for (const string &str : capture_syslog_cef_data) { EXPECT_THAT(str, AnyOf(HasSubstr("String='Another string'"), HasSubstr("String=\"Another string\""))); } diff --git a/core/mainloop/mainloop_ut/mainloop_ut.cc b/core/mainloop/mainloop_ut/mainloop_ut.cc index 393393f..f6f67be 100644 --- a/core/mainloop/mainloop_ut/mainloop_ut.cc +++ b/core/mainloop/mainloop_ut/mainloop_ut.cc @@ -504,7 +504,7 @@ TEST_F(MainloopTest, get_routine_id) { cptestPrepareToDie(); auto cb = [this] () { - EXPECT_EQ(mainloop->getCurrentRoutineId().unpack(), 1); + EXPECT_EQ(mainloop->getCurrentRoutineId().unpack(), 1u); EXPECT_DEATH(mainloop->run(), "MainloopComponent::Impl::run was called while it was already running"); }; mainloop->addOneTimeRoutine( diff --git a/core/messaging/include/dummy_socket.h b/core/messaging/include/dummy_socket.h index 101797f..92cf4d2 100644 --- a/core/messaging/include/dummy_socket.h +++ b/core/messaging/include/dummy_socket.h @@ -76,7 +76,7 @@ public: writeToSocket(const std::string &msg) { acceptSocket(); - EXPECT_EQ(write(connection_fd, msg.data(), msg.size()), msg.size()); + EXPECT_EQ(write(connection_fd, msg.data(), msg.size()), static_cast(msg.size())); } private: diff --git a/core/report/report.cc b/core/report/report.cc index c41e654..1a4f1b9 100644 --- a/core/report/report.cc +++ b/core/report/report.cc @@ -176,6 +176,8 @@ Report::getSyslog() const if (!origin_syslog.empty()) { report.push(origin_syslog); } + auto severity_str = "eventSeverity=\"" + TagAndEnumManagement::convertToString(severity) + '"'; + report.push(severity_str); if (!event_data_syslog.empty()) { report.push(event_data_syslog); } @@ -218,6 +220,8 @@ Report::getCef() const if (!origin_cef.empty()) { report.pushExtension(origin_cef); } + auto severity_str = "eventSeverity=\"" + TagAndEnumManagement::convertToString(severity) + '"'; + report.pushExtension(severity_str); if (!event_data_cef.empty()) { report.pushExtension(event_data_cef); } diff --git a/core/report/report_ut/report_ut.cc b/core/report/report_ut/report_ut.cc index 683aab0..dc500b8 100644 --- a/core/report/report_ut/report_ut.cc +++ b/core/report/report_ut/report_ut.cc @@ -87,7 +87,7 @@ TEST(TagTest, TagStringTest) set tags_string; for (Tags tag : makeRange()) { tags_string = TagAndEnumManagement::convertToString({tag}); - ASSERT_EQ(tags_string.size(), 1); + ASSERT_EQ(tags_string.size(), 1u); Maybe tag_from_string = TagAndEnumManagement::convertStringToTag(*tags_string.begin()); ASSERT_TRUE(tag_from_string.ok()); EXPECT_EQ(tag_from_string.unpack(), tag); @@ -571,7 +571,8 @@ TEST_F(ReportTest, testSyslogWithoutServiceName) report.getSyslog(), "<133>1 0:0:0.123Z cpnano-agent-001 UnnamedNanoService - 0 - " "title='Log Test' agent=\"Secret\" eventTraceId=\"\" eventSpanId=\"\" " - "issuingEngineVersion=\"\" serviceName=\"Unnamed Nano Service\" serviceId=\"\" serviceFamilyId=\"\"" + "issuingEngineVersion=\"\" serviceName=\"Unnamed Nano Service\" serviceId=\"\" serviceFamilyId=\"\" " + "eventSeverity=\"Info\"" ); } @@ -612,6 +613,7 @@ TEST_F(ReportTest, testSyslog) "title='Log Test' agent=\"Secret\"") + " eventTraceId=\"\" eventSpanId=\"\" issuingEngineVersion=\"\"" + " serviceName=\"Access Control App\" serviceId=\"\" serviceFamilyId=\"\"" + + " eventSeverity=\"Info\"" + string(" ArrayOfArraies=\"[ [ a, b \\], [ 1, 2 \\] \\]\"") + string(" DataWithNewLine=\"new\\r\\nline\"") + string(" DataWithQuote=\"data\\'bla\""); @@ -654,7 +656,9 @@ TEST_F(ReportTest, testCef) "CEF:0|Check Point|AccessControlApp||Event Driven|Log Test|Low|" "eventTime=0:0:0.123 agent=\"Secret\" eventTraceId=\"\" eventSpanId=\"\" issuingEngineVersion=\"\"" " serviceName=\"Access Control App\" serviceId=\"\"" - " serviceFamilyId=\"\" Bond=\"1\" DataWithQuote=\"data\\'bla\"" + " serviceFamilyId=\"\" Bond=\"1\"" + " eventSeverity=\"Info\"" + " DataWithQuote=\"data\\'bla\"" ); } diff --git a/core/rest/rest_ut/rest_config_ut.cc b/core/rest/rest_ut/rest_config_ut.cc index 346196e..a130cb0 100644 --- a/core/rest/rest_ut/rest_config_ut.cc +++ b/core/rest/rest_ut/rest_config_ut.cc @@ -162,7 +162,7 @@ TEST_F(RestConfigTest, basic_flow) I_MainLoop::Routine stop_routine = [&] () { EXPECT_EQ(connect(file_descriptor, (struct sockaddr*)&sa, sizeof(struct sockaddr)), 0); string msg = "POST /add-test HTTP/1.1\r\nContent-Length: 10\r\n\r\n{\"num\": 5}"; - EXPECT_EQ(write(file_descriptor, msg.data(), msg.size()), msg.size()); + EXPECT_EQ(write(file_descriptor, msg.data(), msg.size()), static_cast(msg.size())); while(!TestServer::g_num) { mainloop->yield(true); diff --git a/core/shmem_ipc/shmem_ipc_ut/shmem_ipc_ut.cc b/core/shmem_ipc/shmem_ipc_ut/shmem_ipc_ut.cc index c76ab44..1ea5c17 100644 --- a/core/shmem_ipc/shmem_ipc_ut/shmem_ipc_ut.cc +++ b/core/shmem_ipc/shmem_ipc_ut/shmem_ipc_ut.cc @@ -264,8 +264,8 @@ TEST_F(SharedIPCTest, ensure_right_permissions) stat(queue_name, &info); EXPECT_EQ(info.st_uid, uid); EXPECT_EQ(info.st_gid, gid); - EXPECT_EQ(info.st_mode & S_IRUSR, S_IRUSR); - EXPECT_EQ(info.st_mode & S_IWUSR, S_IWUSR); - EXPECT_NE(info.st_mode & S_IXUSR, S_IXUSR); + EXPECT_EQ(info.st_mode & S_IRUSR, static_cast(S_IRUSR)); + EXPECT_EQ(info.st_mode & S_IWUSR, static_cast(S_IWUSR)); + EXPECT_NE(info.st_mode & S_IXUSR, static_cast(S_IXUSR)); } } diff --git a/nodes/orchestration/package/local-default-policy.yaml b/nodes/orchestration/package/local-default-policy.yaml index efc0223..c73ceeb 100644 --- a/nodes/orchestration/package/local-default-policy.yaml +++ b/nodes/orchestration/package/local-default-policy.yaml @@ -1,15 +1,16 @@ policies: default: - triggers: - - appsec-default-log-trigger mode: detect-learn - practices: - - webapp-default-practice - custom-response: appsec-default-web-user-response + practices: [appsec-best-practice] + triggers: [appsec-log-trigger] + custom-response: 403-forbidden + source-identifiers: "" + trusted-sources: "" + exceptions: [] specific-rules: [] practices: - - name: webapp-default-practice + - name: appsec-best-practice openapi-schema-validation: configmap: [] override-mode: detect-learn @@ -34,7 +35,7 @@ practices: override-mode: detect-learn log-triggers: - - name: appsec-default-log-trigger + - name: appsec-log-trigger access-control-logging: allow-events: false drop-events: true @@ -57,7 +58,7 @@ log-triggers: format: json custom-responses: - - name: appsec-default-web-user-response + - name: 403-forbidden mode: response-code-only http-response-code: 403 diff --git a/nodes/orchestration/package/open-appsec-ctl.sh b/nodes/orchestration/package/open-appsec-ctl.sh index 0572f05..f27cca3 100644 --- a/nodes/orchestration/package/open-appsec-ctl.sh +++ b/nodes/orchestration/package/open-appsec-ctl.sh @@ -1710,7 +1710,7 @@ is_apply_policy_needed() return 0 fi local_policy_modification_time=$(stat -c %Y ${var_policy_file}) - if [ "${local_policy_modification_time}" -eq "${last_local_policy_modification_time}" ] || [ -z ${last_local_policy_modification_time} ]; then + if [ "${local_policy_modification_time}" == "${last_local_policy_modification_time}" ]; then return 1 fi return 0