Add Limit (#119)

* Add Limit

* Add Limit

* fix e2e test

* fix e2e test

* fix e2e test

* fix crd

* e2e crd

* e2e crd

* e2e crd

* merge

* merge

Author: davidhadas

pkg/apis/guard/v1alpha1/envelop.go

@@ -26,8 +26,8 @@ import (
 
 // Exposes ValueProfile interface
 type EnvelopProfile struct {
-	ResponseTime   CountProfile `json:"responsetime"`
-	CompletionTime CountProfile `json:"completiontime"`
+	ResponseTime   LimitProfile `json:"responsetime"`
+	CompletionTime LimitProfile `json:"completiontime"`
 }
 
 func (profile *EnvelopProfile) profileI(args ...interface{}) {
@@ -37,26 +37,18 @@ func (profile *EnvelopProfile) profileI(args ...interface{}) {
 func (profile *EnvelopProfile) Profile(reqTime time.Time, respTime time.Time, endTime time.Time) {
 
 	completionTime := endTime.Sub(reqTime).Seconds()
-	if completionTime > 255 {
-		profile.CompletionTime = 255
-	} else {
-		profile.CompletionTime = CountProfile(completionTime)
-	}
+	profile.CompletionTime.Profile(uint(completionTime))
 
 	responseTime := respTime.Sub(reqTime).Seconds()
-	if responseTime > 255 {
-		profile.ResponseTime = 255
-	} else {
-		profile.ResponseTime = CountProfile(responseTime)
-	}
+	profile.ResponseTime.Profile(uint(responseTime))
 }
 
 //////////////////// EnvelopPile ////////////////
 
 // Exposes ValuePile interface
 type EnvelopPile struct {
-	ResponseTime   CountPile `json:"responsetime"`
-	CompletionTime CountPile `json:"completiontime"`
+	ResponseTime   LimitPile `json:"responsetime"`
+	CompletionTime LimitPile `json:"completiontime"`
 }
 
 func (pile *EnvelopPile) addI(valProfile ValueProfile) {
@@ -86,8 +78,8 @@ func (pile *EnvelopPile) Merge(otherPile *EnvelopPile) {
 
 // Exposes ValueConfig interface
 type EnvelopConfig struct {
-	ResponseTime   CountConfig `json:"responsetime"`
-	CompletionTime CountConfig `json:"completiontime"`
+	ResponseTime   LimitConfig `json:"responsetime"`
+	CompletionTime LimitConfig `json:"completiontime"`
 }
 
 func (config *EnvelopConfig) decideI(valProfile ValueProfile) *Decision {
@@ -115,8 +107,8 @@ func (config *EnvelopConfig) fuseI(otherValConfig ValueConfig) {
 }
 
 func (config *EnvelopConfig) Fuse(otherConfig *EnvelopConfig) {
-	config.CompletionTime.Fuse(otherConfig.CompletionTime)
-	config.ResponseTime.Fuse(otherConfig.ResponseTime)
+	config.CompletionTime.Fuse(&otherConfig.CompletionTime)
+	config.ResponseTime.Fuse(&otherConfig.ResponseTime)
 }
 
 func (config *EnvelopConfig) Prepare() {

pkg/apis/guard/v1alpha1/limit.go

@@ -0,0 +1,129 @@
+/*
+Copyright 2022 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+//////////////////// LimitProfile ////////////////
+
+// Exposes ValueProfile interface
+type LimitProfile uint8
+
+func (profile *LimitProfile) profileI(args ...interface{}) {
+	profile.Profile(args[0].(uint))
+}
+
+// Exponentially represent uint up to ~1M using a uint8
+// For inputs > ~1M use 255
+// Exponential representation help stabilize the limits and avoid unnecessary alerts
+// For example 10 means 10, 20 means 24-25, 40 means 80-83 and 50 means 128-135, 80 means 496-527, etc.
+func (profile *LimitProfile) Profile(val uint) {
+	v := val
+	base := uint(0)
+
+	// batch 16, then 32, then 64, etc.
+	for v >= 16 {
+		base = base + 16
+		v -= 16
+		v = v >> 1
+	}
+
+	res := v + base
+	if res > 255 {
+		res = 255
+	}
+	*profile = LimitProfile(res)
+}
+
+//////////////////// LimitPile ////////////////
+
+// Exposes ValuePile interface
+type LimitPile []uint8
+
+func (pile *LimitPile) addI(valProfile ValueProfile) {
+	pile.Add(*valProfile.(*LimitProfile))
+}
+
+// profile is RO and unchanged - never uses profile internal objects
+func (pile *LimitPile) Add(profile LimitProfile) {
+	*pile = append(*pile, uint8(profile))
+}
+
+func (pile *LimitPile) Clear() {
+	*pile = nil
+}
+
+func (pile *LimitPile) mergeI(otherValPile ValuePile) {
+	pile.Merge(*otherValPile.(*LimitPile))
+}
+
+// otherPile is RO and unchanged - never uses otherPile internal objects
+func (pile *LimitPile) Merge(otherPile LimitPile) {
+	*pile = append(*pile, otherPile...)
+}
+
+// ////////////////// LimitConfig ////////////////
+
+// Exposes ValueConfig interface
+type LimitConfig uint8
+
+func (config *LimitConfig) decideI(valProfile ValueProfile) *Decision {
+	return config.Decide(*valProfile.(*LimitProfile))
+}
+
+// profile is RO and unchanged - never uses profile internal objects
+func (config *LimitConfig) Decide(profile LimitProfile) *Decision {
+	var current *Decision
+
+	if uint8(profile) <= uint8(*config) { // found ok interval
+		return nil
+	}
+	DecideInner(&current, 1, "Limit out of Range: %d", profile)
+	return current
+}
+
+func (config *LimitConfig) learnI(valPile ValuePile) {
+	config.Learn(*valPile.(*LimitPile))
+}
+
+// Learn now offers the simplest single rule support
+func (config *LimitConfig) Learn(pile LimitPile) {
+	if len(pile) == 0 {
+		return
+	}
+
+	max := pile[0]
+	for _, v := range pile {
+
+		if max < v {
+			max = v
+		}
+	}
+
+	if max > uint8(*config) {
+		(*config) = LimitConfig(max)
+	}
+}
+
+func (config *LimitConfig) fuseI(otherValConfig ValueConfig) {
+	config.Fuse(otherValConfig.(*LimitConfig))
+}
+
+func (config *LimitConfig) Fuse(otherConfig *LimitConfig) {
+
+}
+
+func (config *LimitConfig) Prepare() {
+}

pkg/apis/guard/v1alpha1/limit_test.go

@@ -0,0 +1,46 @@
+/*
+Copyright 2022 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	"testing"
+)
+
+func TestLimit_V1(t *testing.T) {
+	arguments := [][]uint{
+		{4},
+		{5},
+		{9},
+		{254},
+		{255},
+		{0},
+	}
+	var args []interface{}
+	var profiles []ValueProfile
+	var piles []ValuePile
+	var configs []ValueConfig
+	for i := 0; i < 10; i++ {
+		profiles = append(profiles, new(LimitProfile))
+		piles = append(piles, new(LimitPile))
+		configs = append(configs, new(LimitConfig))
+	}
+	for i := 0; i < len(arguments); i++ {
+		args = append(args, arguments[i])
+	}
+
+	ValueTests_All(t, profiles, piles, configs, args...)
+}

pkg/apis/guard/v1alpha1/sessionData_test.go

@@ -128,7 +128,7 @@ func TestSessionData_Decide(t *testing.T) {
 				reqData:   "abc",
 				reqTime:   time.Date(2009, time.November, 10, 23, 0, 0, 0, time.UTC),
 			},
-			decision: "[Req:[MediaType:[Type:[Unexpected key none in Set,],],Method:[Unexpected key Post in Set,],Proto:[Unexpected key HTTP/1.1 in Set,],Url:[Segments:[Value 2 Not Allowed!,],Val:[Digits:[Value 1 Not Allowed!,],Letters:[Value 3 Not Allowed!,],Sequences:[Value 3 Not Allowed!,],Unicode Blocks:[Unexpected Flags in FlagSlice 400 on Element 0,],Unicodes:[Value 1 Not Allowed!,],],],],ReqBody:[Structured Body not allowed,],Resp:[MediaType:[Type:[Unexpected key none in Set,],],],RespBody:[Structured Body not allowed,],]",
+			decision: "[Envelop:[CompletionTime:[Limit out of Range: 255,],ResponseTime:[Limit out of Range: 255,],],Req:[MediaType:[Type:[Unexpected key none in Set,],],Method:[Unexpected key Post in Set,],Proto:[Unexpected key HTTP/1.1 in Set,],Url:[Segments:[Value 2 Not Allowed!,],Val:[Digits:[Limit out of Range: 1,],Letters:[Limit out of Range: 3,],Sequences:[Limit out of Range: 3,],Unicode Blocks:[Unexpected Flags in FlagSlice 400 on Element 0,],Unicodes:[Limit out of Range: 1,],],],],ReqBody:[Structured Body not allowed,],Resp:[MediaType:[Type:[Unexpected key none in Set,],],],RespBody:[Structured Body not allowed,],]",
 		},
 	}
 	for _, tt := range tests {

pkg/apis/guard/v1alpha1/simpleVal.go

@@ -105,13 +105,13 @@ const ( // sequence types
 
 // Exposes ValueProfile interface
 type SimpleValProfile struct {
-	Digits       CountProfile
-	Letters      CountProfile
-	Spaces       CountProfile
-	SpecialChars CountProfile
-	NonReadables CountProfile
-	Unicodes     CountProfile
-	Sequences    CountProfile
+	Digits       LimitProfile
+	Letters      LimitProfile
+	Spaces       LimitProfile
+	SpecialChars LimitProfile
+	NonReadables LimitProfile
+	Unicodes     LimitProfile
+	Sequences    LimitProfile
 	Flags        AsciiFlagsProfile
 	UnicodeFlags FlagSliceProfile
 }
@@ -202,38 +202,14 @@ func (profile *SimpleValProfile) Profile(str string) {
 			seqPrevType = seqType
 		}
 	}
-	if totalCounter > 0xFF {
-		totalCounter = 0xFF
-		if digitCounter > 0xFF {
-			digitCounter = 0xFF
-		}
-		if letterCounter > 0xFF {
-			letterCounter = 0xFF
-		}
-		if specialCharCounter > 0xFF {
-			specialCharCounter = 0xFF
-		}
-		if unicodeCounter > 0xFF {
-			unicodeCounter = 0xFF
-		}
-		if spaceCounter > 0xFF {
-			spaceCounter = 0xFF
-		}
-		if nonReadableCounter > 0xFF {
-			nonReadableCounter = 0xFF
-		}
-		if sequenceCounter > 0xFF {
-			sequenceCounter = 0xFF
-		}
-	}
 
-	profile.Spaces.Profile(uint8(spaceCounter))
-	profile.Unicodes.Profile(uint8(unicodeCounter))
-	profile.NonReadables.Profile(uint8(nonReadableCounter))
-	profile.Digits.Profile(uint8(digitCounter))
-	profile.Letters.Profile(uint8(letterCounter))
-	profile.SpecialChars.Profile(uint8(specialCharCounter))
-	profile.Sequences.Profile(uint8(sequenceCounter))
+	profile.Spaces.Profile(uint(spaceCounter))
+	profile.Unicodes.Profile(uint(unicodeCounter))
+	profile.NonReadables.Profile(uint(nonReadableCounter))
+	profile.Digits.Profile(uint(digitCounter))
+	profile.Letters.Profile(uint(letterCounter))
+	profile.SpecialChars.Profile(uint(specialCharCounter))
+	profile.Sequences.Profile(uint(sequenceCounter))
 
 	profile.Flags.Profile(flags)
 	profile.UnicodeFlags.Profile(unicodeFlags)
@@ -243,13 +219,13 @@ func (profile *SimpleValProfile) Profile(str string) {
 
 // Exposes ValuePile interface
 type SimpleValPile struct {
-	Digits       CountPile
-	Letters      CountPile
-	Spaces       CountPile
-	SpecialChars CountPile
-	NonReadables CountPile
-	Unicodes     CountPile
-	Sequences    CountPile
+	Digits       LimitPile
+	Letters      LimitPile
+	Spaces       LimitPile
+	SpecialChars LimitPile
+	NonReadables LimitPile
+	Unicodes     LimitPile
+	Sequences    LimitPile
 	Flags        AsciiFlagsPile
 	UnicodeFlags FlagSlicePile
 }
@@ -302,13 +278,13 @@ func (pile *SimpleValPile) Clear() {
 
 // Exposes ValueConfig interface
 type SimpleValConfig struct {
-	Digits       CountConfig      `json:"digits"`
-	Letters      CountConfig      `json:"letters"`
-	Spaces       CountConfig      `json:"spaces"`
-	SpecialChars CountConfig      `json:"schars"`
-	NonReadables CountConfig      `json:"nonreadables"`
-	Unicodes     CountConfig      `json:"unicodes"`
-	Sequences    CountConfig      `json:"sequences"`
+	Digits       LimitConfig      `json:"digits"`
+	Letters      LimitConfig      `json:"letters"`
+	Spaces       LimitConfig      `json:"spaces"`
+	SpecialChars LimitConfig      `json:"schars"`
+	NonReadables LimitConfig      `json:"nonreadables"`
+	Unicodes     LimitConfig      `json:"unicodes"`
+	Sequences    LimitConfig      `json:"sequences"`
 	Flags        AsciiFlagsConfig `json:"flags"`
 	UnicodeFlags FlagSliceConfig  `json:"unicodeFlags"`
 	//Mandatory    bool           `json:"mandatory"`
@@ -334,13 +310,13 @@ func (config *SimpleValConfig) fuseI(otherValConfig ValueConfig) {
 }
 
 func (config *SimpleValConfig) Fuse(otherConfig *SimpleValConfig) {
-	config.Digits.Fuse(otherConfig.Digits)
-	config.Letters.Fuse(otherConfig.Letters)
-	config.Spaces.Fuse(otherConfig.Spaces)
-	config.SpecialChars.Fuse(otherConfig.SpecialChars)
-	config.NonReadables.Fuse(otherConfig.NonReadables)
-	config.Unicodes.Fuse(otherConfig.Unicodes)
-	config.Sequences.Fuse(otherConfig.Sequences)
+	config.Digits.Fuse(&otherConfig.Digits)
+	config.Letters.Fuse(&otherConfig.Letters)
+	config.Spaces.Fuse(&otherConfig.Spaces)
+	config.SpecialChars.Fuse(&otherConfig.SpecialChars)
+	config.NonReadables.Fuse(&otherConfig.NonReadables)
+	config.Unicodes.Fuse(&otherConfig.Unicodes)
+	config.Sequences.Fuse(&otherConfig.Sequences)
 	config.Flags.Fuse(otherConfig.Flags)
 	config.UnicodeFlags.Fuse(otherConfig.UnicodeFlags)
 }