feat(filter): foreach function
#423
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
rabbitstack
changed the title
foreach function
rabbitstack
force-pushed
the
foreach-function
branch
2 times, most recently
from
ccb3616 to
f78ea76
Compare
rabbitstack
force-pushed
the
foreach-function
branch
from
f78ea76 to
e5da11b
Compare
Foreach adds iteration capabilities to the rule language. The decision to keep the function implementation outside the functions package is deliberate. The function mostly operates with raw expressions, and if the function lived in the functions package, that would create a cyclic import, but also likely to unleash more painful side effects. For the sake of simplicity it is better to keep the function close to the parser and AST evaluation. Foreach accepts three required and multiple optional arguments. The first argument is the iterable value typically yielded by the pseudo field. The function recognizes process internal state collections such as modules, threads, memory mappings, or thread stack frames. Obviously, it is also possible to iterate over a simple string slice. The second argument represents the bound variable which is an item associated with every element in the slice. The bound variable is accessed in the third argument, the predicate. It is usually followed by the segment that denotes the accessed value. Unsurprisingly, the predicate is commonly a binary expression which can be formed of not/paren expressions, other functions, and so on. The predicate is executed on every item in the slice. If the predicate evaluates to true, the function also returns the true value. Lastly, foreach function can receive an optional list of fields from the outer context, i.e. outside predicate loop. Therefore, for the predicate to access the field not defined within the scope of the iterable, it must capture the field first. Note that the side effect of introducing the foreach function is observed in the form of deprecation of previous segment/paths fields. This trend will follow in subsequent pull requests, untangling and overly simplifying the accessor codebase.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What is the purpose of this PR / why it is needed?
foreachadds iteration capabilities to the rule language. The decision to keep the implementation outside thefunctionspackage is deliberate.The function mostly operates with raw expressions, and if it lived in the
functionspackage, it would create a cyclic import and likely unleash more painful side effects. For the sake of simplicity, it is better to keep the function close to the parser and AST evaluation.foreachaccepts three required and multiple optional arguments. The first argument is the iterable value typically yielded by the pseudo field. The function recognizes process internal state collections such as modules, threads, memory mappings, or thread stack frames. Obviously, it is also possible to iterate over simple string slices. The second argument represents the bound variable which is an item associated with every element in the slice. The bound variable is accessed in the third argument, the predicate. It is usually followed by the segment that denotes the accessed value. Unsurprisingly, the predicate is commonly a binary expression that can be formed ofnot/parenexpressions, other functions, and so on. The predicate is executed on every item in the slice. If the predicate evaluates to true, the function also returns the true value.Lastly,
foreachfunction can receive an optional list of fields from the outer context, i.e. outside predicate loop. Therefore, for the predicate to access the field not defined within the scope of the iterable, it must capture the field first.Note that the side effect of introducing the
foreachfunction is observed in the form of deprecation of previous segment/path fields. This trend will follow in subsequent pull requests, untangling and overly simplifying the accessor codebase.Some examples of
foreachusage:services.exeand the current process is protected. In this example, theps.is_protectedfield is captured before its usage in the predicateWhat type of change does this PR introduce?
/kind feature (non-breaking change which adds functionality)
/kind cleanup
/kind improvement
Any specific area of the project related to this PR?
/area rule-engine
/area filters
Special notes for the reviewer
Does this PR introduce a user-facing change?
Yes, the
foreachfunction must be properly documented and exposed to the final user.