feat: add Scanner::rules method to list rules

vthib · vthib · commit 68ee69bc7f80 · 2025-02-02T14:10:51.000+01:00
This is motivated by the future python bindings which
allows inspecting rules in a scanner, but this can be useful
in Rust as well.
diff --git a/boreal/src/scanner/mod.rs b/boreal/src/scanner/mod.rs
@@ -361,6 +361,70 @@ impl Scanner {
     pub fn get_string_symbol(&self, symbol: StringSymbol) -> &str {
         self.inner.bytes_pool.get_str(symbol)
     }
+
+    /// List rules contained in this scanner.
+    #[must_use]
+    pub fn rules(&self) -> RulesIter {
+        RulesIter {
+            global_rules: self.inner.global_rules.iter(),
+            rules: self.inner.rules.iter(),
+            namespaces: &self.inner.namespaces,
+        }
+    }
+}
+
+/// Iterator on the rules of a scanner.
+#[derive(Debug)]
+pub struct RulesIter<'scanner> {
+    global_rules: std::slice::Iter<'scanner, Rule>,
+    rules: std::slice::Iter<'scanner, Rule>,
+    namespaces: &'scanner [Option<String>],
+}
+
+impl<'scanner> Iterator for RulesIter<'scanner> {
+    type Item = RuleDetails<'scanner>;
+
+    fn next(&mut self) -> Option<Self::Item> {
+        let (rule, is_global) = match self.global_rules.next() {
+            Some(rule) => (rule, true),
+            None => (self.rules.next()?, false),
+        };
+
+        Some(RuleDetails {
+            name: &rule.name,
+            namespace: self
+                .namespaces
+                .get(rule.namespace_index)
+                .and_then(|v| v.as_deref()),
+            tags: &rule.tags,
+            metadatas: &rule.metadatas,
+            is_global,
+            is_private: rule.is_private,
+        })
+    }
+}
+
+/// Details on a rule contained in a scanner
+#[derive(Debug)]
+#[non_exhaustive]
+pub struct RuleDetails<'scanner> {
+    /// Name of the rule.
+    pub name: &'scanner str,
+
+    /// Namespace containing the rule. None if in the default namespace.
+    pub namespace: Option<&'scanner str>,
+
+    /// Tags associated with the rule.
+    pub tags: &'scanner [String],
+
+    /// Metadata associated with the rule.
+    pub metadatas: &'scanner [Metadata],
+
+    /// Is the rule global
+    pub is_global: bool,
+
+    /// Is the rule private
+    pub is_private: bool,
 }
 
 #[derive(Debug)]
@@ -1548,5 +1612,18 @@ mod tests {
             entrypoint: None,
             params: &ScanParams::default(),
         });
+        test_type_traits_non_clonable(RulesIter {
+            global_rules: [].iter(),
+            rules: [].iter(),
+            namespaces: &[],
+        });
+        test_type_traits_non_clonable(RuleDetails {
+            name: "",
+            namespace: None,
+            tags: &[],
+            metadatas: &[],
+            is_global: false,
+            is_private: false,
+        });
     }
 }
diff --git a/boreal/tests/it/api.rs b/boreal/tests/it/api.rs
@@ -4,6 +4,7 @@ use std::io::{Seek, Write};
 use std::sync::atomic::{AtomicBool, Ordering};
 
 use boreal::compiler::CompilerBuilder;
+use boreal::MetadataValue;
 
 // An import is reused in the same namespace
 #[test]
@@ -93,3 +94,92 @@ rule a {
     assert!(!FIRST.load(Ordering::SeqCst));
     assert!(SECOND.load(Ordering::SeqCst));
 }
+
+#[test]
+fn test_scanner_list_rules() {
+    let mut compiler = boreal::Compiler::new();
+
+    compiler
+        .add_rules_str(
+            r#"
+global rule g {
+    condition: true
+}
+private rule p: tag {
+    meta:
+        b = true
+    condition: true
+}
+"#,
+        )
+        .unwrap();
+    compiler
+        .add_rules_str_in_namespace(
+            r#"
+private global rule pg: tag1 tag2 {
+    meta:
+        s = "str"
+        i = -23
+    condition: true
+}
+
+rule r: tag {
+    condition: true
+}
+"#,
+            "namespace",
+        )
+        .unwrap();
+
+    let scanner = compiler.into_scanner();
+    let rules: Vec<_> = scanner.rules().collect();
+
+    assert_eq!(rules.len(), 4);
+
+    let r0 = &rules[0];
+    assert_eq!(r0.name, "g");
+    assert_eq!(r0.namespace, None);
+    assert_eq!(r0.tags.len(), 0);
+    assert!(r0.is_global);
+    assert!(!r0.is_private);
+    assert_eq!(r0.metadatas.len(), 0);
+
+    let r1 = &rules[1];
+    assert_eq!(r1.name, "pg");
+    assert_eq!(r1.namespace, Some("namespace"));
+    assert_eq!(r1.tags, &["tag1", "tag2"]);
+    assert!(r1.is_global);
+    assert!(r1.is_private);
+    assert_eq!(r1.metadatas.len(), 2);
+    assert_eq!(scanner.get_string_symbol(r1.metadatas[0].name), "s");
+    match r1.metadatas[0].value {
+        MetadataValue::Bytes(b) => assert_eq!(scanner.get_bytes_symbol(b), b"str"),
+        _ => panic!("invalid metadata {:?}", r1.metadatas[0]),
+    };
+    assert_eq!(scanner.get_string_symbol(r1.metadatas[1].name), "i");
+    match r1.metadatas[1].value {
+        MetadataValue::Integer(i) => assert_eq!(i, -23),
+        _ => panic!("invalid metadata {:?}", r1.metadatas[1]),
+    };
+
+    let r2 = &rules[2];
+    assert_eq!(r2.name, "p");
+    assert_eq!(r2.namespace, None);
+    assert_eq!(r2.tags, &["tag"]);
+    assert!(!r2.is_global);
+    assert!(r2.is_private);
+    assert_eq!(r2.metadatas.len(), 1);
+    assert_eq!(scanner.get_string_symbol(r2.metadatas[0].name), "b");
+    match r2.metadatas[0].value {
+        MetadataValue::Boolean(b) => assert!(b),
+        _ => panic!("invalid metadata {:?}", r1.metadatas[0]),
+    };
+
+    let r3 = &rules[3];
+    assert_eq!(r3.name, "r");
+    assert_eq!(r3.namespace, Some("namespace"));
+    assert_eq!(r3.tags, &["tag"]);
+    assert!(!r3.is_global);
+    assert!(!r3.is_private);
+    assert_eq!(r3.metadatas.len(), 0);
+}
