refactor(core): updagrade to antrl 4.9.2; refactored grammar to parse actions as lists

Signed-off-by: Frederico Araujo <[email protected]>

Author: araujof

core/policyengine/engine/actionhandler.go

@@ -94,6 +94,19 @@ func NewActionHandler(conf Config) *ActionHandler {
 	return ah
 }
 
+// CheckActions checks whether actions rules definitions have known implementations.
+func (ah *ActionHandler) CheckActions(rules []Rule) {
+	for _, r := range rules {
+		for _, a := range r.Actions {
+			if _, ok := ah.BuiltInActions[a]; !ok {
+				if _, ok = ah.UserDefinedActions[a]; !ok {
+					logger.Warn.Printf("Unknown action identifier '%s' found in rule '%s'", a, r.Name)
+				}
+			}
+		}
+	}
+}
+
 // HandleAction handles actions defined in rule.
 func (ah *ActionHandler) HandleActions(rule Rule, r *Record) {
 	for _, a := range rule.Actions {
@@ -102,10 +115,8 @@ func (ah *ActionHandler) HandleActions(rule Rule, r *Record) {
 			action, ok = ah.UserDefinedActions[a]
 		}
 		if !ok {
-			logger.Error.Println("Unknown action: '" + a + "'")
 			continue
 		}
-
 		if err := action(r); err != nil {
 			logger.Error.Println("Error in action: " + err.Error())
 		}

core/policyengine/engine/interpreter.go

@@ -158,6 +158,7 @@ func (pi *PolicyInterpreter) Compile(paths ...string) error {
 			return err
 		}
 	}
+	pi.ah.CheckActions(pi.rules)
 	return nil
 }
 
@@ -347,18 +348,19 @@ func (pi *PolicyInterpreter) getPriority(ctx *parser.PruleContext) Priority {
 
 func (pi *PolicyInterpreter) getActions(ctx *parser.PruleContext) []string {
 	var actions []string
-	if ctx.ACTION(0) != nil || ctx.OUTPUT(0) != nil {
-		astr := ctx.Text(2).GetText()
-		l := pi.extractList(astr)
-		for _, v := range l {
-			actions = append(actions, strings.ToLower(v))
-		}
+	ictx := ctx.Actions(0)
+	if ictx != nil {
+		return append(actions, pi.extractActions(ictx)...)
 	}
 	return actions
 }
 
 func (pi *PolicyInterpreter) extractList(str string) []string {
-	return strings.Split(itemsre.ReplaceAllString(str, "$2"), LISTSEP)
+	var items []string
+	for _, i := range strings.Split(itemsre.ReplaceAllString(str, "$2"), LISTSEP) {
+		items = append(items, trimBoundingQuotes(i))
+	}
+	return items
 }
 
 func (pi *PolicyInterpreter) extractListFromItems(ctx parser.IItemsContext) []string {
@@ -375,6 +377,13 @@ func (pi *PolicyInterpreter) extractTags(ctx parser.ITagsContext) []string {
 	return []string{}
 }
 
+func (pi *PolicyInterpreter) extractActions(ctx parser.IActionsContext) []string {
+	if ctx != nil {
+		return pi.extractList(ctx.GetText())
+	}
+	return []string{}
+}
+
 func (pi *PolicyInterpreter) extractListFromAtoms(ctxs []parser.IAtomContext) []string {
 	s := []string{}
 	for _, v := range ctxs {

core/policyengine/lang/Sfpl.g4

@@ -28,12 +28,12 @@ defs
 	: (srule | sfilter | pmacro | plist | preq)* EOF
 	;
 
-prule
-	: DECL RULE DEF text DESC DEF text COND DEF expression ((ACTION|OUTPUT) DEF text | PRIORITY DEF severity | TAGS DEF tags | PREFILTER DEF prefilter | ENABLED DEF enabled | WARNEVTTYPE DEF warnevttype | SKIPUNKNOWN DEF skipunknown)*
+prule			
+	: DECL RULE DEF text DESC DEF text COND DEF expression (OUTPUT DEF text | ACTION DEF actions | PRIORITY DEF severity | TAGS DEF tags | PREFILTER DEF prefilter | ENABLED DEF enabled | WARNEVTTYPE DEF warnevttype | SKIPUNKNOWN DEF skipunknown)*
 	;
 
 srule
-	: DECL RULE DEF text DESC DEF text COND DEF expression ((ACTION|OUTPUT) DEF text | PRIORITY DEF severity | TAGS DEF tags | PREFILTER DEF prefilter | ENABLED DEF enabled | WARNEVTTYPE DEF warnevttype | SKIPUNKNOWN DEF skipunknown)*
+	: DECL RULE DEF text DESC DEF text COND DEF expression (OUTPUT DEF text | ACTION DEF actions | PRIORITY DEF severity | TAGS DEF tags | PREFILTER DEF prefilter | ENABLED DEF enabled | WARNEVTTYPE DEF warnevttype | SKIPUNKNOWN DEF skipunknown)*
 	;
 
 pfilter
@@ -85,6 +85,10 @@ items
 	: LBRACK (atom (LISTSEP atom)*)? (LISTSEP)? RBRACK
 	;
 
+actions
+	: LBRACK (atom (LISTSEP atom)*)? (LISTSEP)? RBRACK
+	;
+
 tags
 	: LBRACK (atom (LISTSEP atom)*)? (LISTSEP)? RBRACK
 	;
@@ -138,9 +142,9 @@ text
 		  p.GetCurrentToken().GetText() == "enabled" ||
 		  p.GetCurrentToken().GetText() == "warn_evttypes" ||
 		  p.GetCurrentToken().GetText() == "skip-if-unknown-filter" ||
-		  p.GetCurrentToken().GetText() == "append")}? .)+
+		  p.GetCurrentToken().GetText() == "append" )}? .)+
 	;
-	
+
 binary_operator 
 	: LT 
 	| LE 

core/policyengine/lang/generate.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-antlr4='java -Xmx500M -cp ".:/usr/local/lib/antlr-4.8-complete.jar:$CLASSPATH" org.antlr.v4.Tool'
-grun='java -Xmx500M -cp ".:/usr/local/lib/antlr-4.8-complete.jar:$CLASSPATH" org.antlr.v4.gui.TestRig'
+antlr4='java -Xmx500M -cp ".:/usr/local/lib/antlr-4.9.2-complete.jar:$CLASSPATH" org.antlr.v4.Tool'
+grun='java -Xmx500M -cp ".:/usr/local/lib/antlr-4.9.2-complete.jar:$CLASSPATH" org.antlr.v4.gui.TestRig'
 
 $antlr4 -Dlanguage=Go -o parser -package parser -visitor Sfpl.g4