diff --git a/redaction-service-v1/redaction-service-server-v1/src/main/java/com/iqser/red/service/redaction/v1/server/service/drools/DroolsValidationService.java b/redaction-service-v1/redaction-service-server-v1/src/main/java/com/iqser/red/service/redaction/v1/server/service/drools/DroolsValidationService.java index b3509cfe..051c6943 100644 --- a/redaction-service-v1/redaction-service-server-v1/src/main/java/com/iqser/red/service/redaction/v1/server/service/drools/DroolsValidationService.java +++ b/redaction-service-v1/redaction-service-server-v1/src/main/java/com/iqser/red/service/redaction/v1/server/service/drools/DroolsValidationService.java @@ -251,22 +251,23 @@ public class DroolsValidationService { if (!blacklistedKeywords.isEmpty()) { SearchImplementation blacklistedKeywordSearchImplementation = new SearchImplementation(blacklistedKeywords, false); + // check also the imports + DroolsBlacklistErrorMessage blacklistErrorMessage = checkAndGetBlackListedMessages(blacklistedKeywordSearchImplementation, + ruleFileBluePrint.getImports(), + ruleFileBluePrint.getImportLine()); + if (blacklistErrorMessage != null) { + blacklistErrorMessages.add(blacklistErrorMessage); + } + + // check the rules for (RuleClass ruleClass : ruleFileBluePrint.getRuleClasses()) { for (RuleUnit ruleUnit : ruleClass.ruleUnits()) { for (BasicRule basicRule : ruleUnit.rules()) { - String sanitizedRuleText = StringUtils.deleteWhitespace(basicRule.getCode()); - List matches = blacklistedKeywordSearchImplementation.getMatches(sanitizedRuleText); - - if (!matches.isEmpty()) { - List foundBlacklistedKeywords = matches.stream() - .map(m -> sanitizedRuleText.substring(m.startIndex(), m.endIndex())) - .distinct() - .toList(); - blacklistErrorMessages.add(DroolsBlacklistErrorMessage.builder() - .line(basicRule.getLine()) - .column(0) - .blacklistedKeywords(foundBlacklistedKeywords) - .build()); + DroolsBlacklistErrorMessage ruleBlacklistErrorMessage = checkAndGetBlackListedMessages(blacklistedKeywordSearchImplementation, + basicRule.getCode(), + basicRule.getLine()); + if (ruleBlacklistErrorMessage != null) { + blacklistErrorMessages.add(ruleBlacklistErrorMessage); } } } @@ -280,6 +281,22 @@ public class DroolsValidationService { } + private DroolsBlacklistErrorMessage checkAndGetBlackListedMessages(SearchImplementation blacklistedKeywordSearchImplementation, String stringToCheck, int lineIndexStart) { + + String sanitizedRuleText = StringUtils.deleteWhitespace(stringToCheck); + List matches = blacklistedKeywordSearchImplementation.getMatches(sanitizedRuleText); + + if (!matches.isEmpty()) { + List foundBlacklistedKeywords = matches.stream() + .map(m -> sanitizedRuleText.substring(m.startIndex(), m.endIndex())) + .distinct() + .toList(); + return DroolsBlacklistErrorMessage.builder().line(lineIndexStart).column(0).blacklistedKeywords(foundBlacklistedKeywords).build(); + } + return null; + } + + private List parseBlacklistFile(String blacklistFileString) { return Stream.of(blacklistFileString.split(LINEBREAK_MATCHER)) diff --git a/redaction-service-v1/redaction-service-server-v1/src/main/resources/drools/blacklist.txt b/redaction-service-v1/redaction-service-server-v1/src/main/resources/drools/blacklist.txt index f74a3bec..78bf27c7 100644 --- a/redaction-service-v1/redaction-service-server-v1/src/main/resources/drools/blacklist.txt +++ b/redaction-service-v1/redaction-service-server-v1/src/main/resources/drools/blacklist.txt @@ -14,6 +14,4 @@ java.io.Object java.net -java.lang - java.util.zip diff --git a/redaction-service-v1/redaction-service-server-v1/src/test/java/com/iqser/red/service/redaction/v1/server/drools/files/management/services/DroolsValidationServiceTest.java b/redaction-service-v1/redaction-service-server-v1/src/test/java/com/iqser/red/service/redaction/v1/server/drools/files/management/services/DroolsValidationServiceTest.java index 1ccdf4af..d3e9d8f6 100644 --- a/redaction-service-v1/redaction-service-server-v1/src/test/java/com/iqser/red/service/redaction/v1/server/drools/files/management/services/DroolsValidationServiceTest.java +++ b/redaction-service-v1/redaction-service-server-v1/src/test/java/com/iqser/red/service/redaction/v1/server/drools/files/management/services/DroolsValidationServiceTest.java @@ -376,10 +376,10 @@ class DroolsValidationServiceTest { String globalStart = "\nglobal Document document"; String importTenantContext = "import com.knecon.fforesight.tenantcommons.TenantContext;\n"; int indexGlobalStart = rulesString.indexOf(globalStart); - rulesString = rulesString.substring(0, indexGlobalStart) + importTenantContext + rulesString.substring(indexGlobalStart); + String rulesString1 = rulesString.substring(0, indexGlobalStart) + importTenantContext + rulesString.substring(indexGlobalStart); - String evilRule = """ - + String evilRulePart1 = """ + //------------------------------------ All the evil rules ------------------------------------ // Rule unit: EV.1 @@ -388,21 +388,55 @@ class DroolsValidationServiceTest { when $fileAttribute: FileAttribute($label: label, $value: value) $duplicate: FileAttribute(this != $fileAttribute, label == $label, value == $value) - $tenantId: TenantContext.getTenantId(); + """; + String evilRulePart2 = """ then retract($duplicate); System.exit(0); end """; - rulesString = rulesString + evilRule; + String usingTenantContext = """ + $tenantId: TenantContext.getTenantId() + """; + String usingStaticTenantContext = """ + $tenantId: getTenantId() + """; + rulesString1 = rulesString1 + evilRulePart1 + usingTenantContext + evilRulePart2; - DroolsValidation droolsValidation = droolsValidationService.testRules(new RuleValidationModel(RuleFileType.ENTITY.name(), rulesString)); + DroolsValidation droolsValidation = droolsValidationService.testRules(new RuleValidationModel(RuleFileType.ENTITY.name(), rulesString1)); droolsValidation.getBlacklistErrorMessages() .forEach(System.out::println); assertFalse(droolsValidation.isCompiled()); - assertEquals(droolsValidation.getBlacklistErrorMessages().size(), 1); - assertEquals(droolsValidation.getBlacklistErrorMessages().get(0).getBlacklistedKeywords().size(), 2); - assertTrue(droolsValidation.getBlacklistErrorMessages().get(0).getBlacklistedKeywords().contains("TenantContext")); + assertEquals(2, droolsValidation.getBlacklistErrorMessages().size()); + assertEquals(1, droolsValidation.getBlacklistErrorMessages() + .get(0).getBlacklistedKeywords().size()); + assertTrue(droolsValidation.getBlacklistErrorMessages() + .get(0).getBlacklistedKeywords().contains("TenantContext")); + assertEquals(2, droolsValidation.getBlacklistErrorMessages() + .get(1).getBlacklistedKeywords().size()); + assertTrue(droolsValidation.getBlacklistErrorMessages() + .get(1).getBlacklistedKeywords().contains("TenantContext")); + + String importStaticTenantContext = "\nimport static com.knecon.fforesight.tenantcommons.TenantContext.getTenantId;"; + String importStaticStart = "\nimport static java.lang.String.format;"; + int indexStaticImportStart = rulesString.indexOf(importStaticStart); + String rulesStringWithStaticImport = rulesString.substring(0, indexStaticImportStart) + importStaticTenantContext + rulesString.substring(indexStaticImportStart); + + rulesStringWithStaticImport = rulesStringWithStaticImport + evilRulePart1 + usingStaticTenantContext + evilRulePart2; + + DroolsValidation droolsValidation2 = droolsValidationService.testRules(new RuleValidationModel(RuleFileType.ENTITY.name(), rulesStringWithStaticImport)); + droolsValidation2.getBlacklistErrorMessages() + .forEach(System.out::println); + assertFalse(droolsValidation2.isCompiled()); + assertEquals(2, droolsValidation2.getBlacklistErrorMessages().size()); + assertEquals(1, droolsValidation2.getBlacklistErrorMessages() + .get(0).getBlacklistedKeywords().size()); + assertTrue(droolsValidation2.getBlacklistErrorMessages() + .get(0).getBlacklistedKeywords().contains("TenantContext")); + assertEquals(1, droolsValidation2.getBlacklistErrorMessages() + .get(1).getBlacklistedKeywords().size()); + assertTrue(droolsValidation2.getBlacklistErrorMessages() + .get(1).getBlacklistedKeywords().contains("System.")); } } \ No newline at end of file