New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
remove wrong loop in matchData #785
Conversation
Codecov ReportPatch coverage has no change and project coverage change:
Additional details and impacted files@@ Coverage Diff @@
## v3/dev #785 +/- ##
==========================================
+ Coverage 81.78% 81.82% +0.03%
==========================================
Files 153 153
Lines 8204 8255 +51
==========================================
+ Hits 6710 6755 +45
- Misses 1274 1280 +6
Partials 220 220
Flags with carried forward coverage won't be shown. Click here to find out more.
☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Basically, the input was not used and matchData
iteration was performed again inside matchData()
🧐. Looks good to me, thank you!
I don't know the feasibility but would be great to add some tests with some "expected output" for audit logs
internal/corazarules/rule_match.go
Outdated
value = value[:200] | ||
} | ||
if mr.Rule_.Operator() != "" { | ||
log.WriteString(fmt.Sprintf("Matched \"Operator %s matched %s at %s.", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder if we need the first interpolation here @jptosso
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like a bug, let's fix it by interpolating the operator
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
BTW I'm wondering whether \"
is needed here and below, it seems to be an unterminated quote
internal/corazarules/rule_match.go
Outdated
@@ -130,21 +130,19 @@ func (mr MatchedRule) details(matchData types.MatchData) string { | |||
|
|||
func (mr MatchedRule) matchData(matchData types.MatchData) string { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I know it's a bit unrelated, but while we're here, can we have this function accept log *strings.Builder
and pass it in from the caller instead of creating a new one?
internal/corazarules/rule_match.go
Outdated
value = value[:200] | ||
} | ||
if mr.Rule_.Operator() != "" { | ||
log.WriteString(fmt.Sprintf("Matched \"Operator %s matched %s at %s.", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like a bug, let's fix it by interpolating the operator
internal/corazarules/rule_match.go
Outdated
@@ -130,21 +130,19 @@ func (mr MatchedRule) details(matchData types.MatchData) string { | |||
|
|||
func (mr MatchedRule) matchData(matchData types.MatchData) string { | |||
log := &strings.Builder{} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's restructure this function to something like
op := mr.Rule_.Operator()
if op == "" {
log.WriteString("Matched.")
return
}
// Rest of logic
internal/corazarules/rule_match.go
Outdated
} | ||
v := matchData.Variable().Name() | ||
if matchData.Key() != "" { | ||
v += fmt.Sprintf(":%s", matchData.Key()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It would be nice to remove the intermediate strings, while it's more lines I guess it's still not so bad. We're basically expanding printf into code, which should be worth it for this very hot path function
log.WriteString("Matched Operator ")
log.WriteString(op)
log.WriteString(" matched ")
log.WriteString(value)
log.WriteString(" at ")
log.WriteString(matchData.Variable().Name())
if matchData.Key() != "" {
log.WriteString(":")
log.WriteString(matchData.Key())
}
log.WriteString(".")
internal/corazarules/rule_match.go
Outdated
value = value[:200] | ||
} | ||
if mr.Rule_.Operator() != "" { | ||
log.WriteString(fmt.Sprintf("Matched \"Operator %s matched %s at %s.", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
BTW I'm wondering whether \"
is needed here and below, it seems to be an unterminated quote
BTW if the improvements are too much we can merge the fix first and do them in a separate PR |
Thanks @Violet-E ! |
the matchData is called from loop in AuditLog