From 313aca2df994b2f96d8e4d30cfda3009b08e6071 Mon Sep 17 00:00:00 2001 From: Joshua Stone Date: Tue, 16 Sep 2025 14:54:56 -0400 Subject: [PATCH 01/13] pp mlib changes --- src/policy_provider/SamplePolicyProvider.c | 32 +++++++++++++++------- src/policy_provider/SamplePolicyProvider.h | 15 +--------- test/test_BackendPolicyProvider.c | 11 -------- test/test_PublicInterfaceImpl.c | 3 -- 4 files changed, 23 insertions(+), 38 deletions(-) diff --git a/src/policy_provider/SamplePolicyProvider.c b/src/policy_provider/SamplePolicyProvider.c index a0c18bdc..dac91f47 100644 --- a/src/policy_provider/SamplePolicyProvider.c +++ b/src/policy_provider/SamplePolicyProvider.c @@ -27,12 +27,23 @@ */ #include #include - -#include #include +#include +#include #include "SamplePolicyProvider.h" +/** @struct BSLP_SecOperPtrList_t + * Defines a basic list of ::BSL_SecOper_t pointers. + */ +/// @cond Doxygen_Suppress +// NOLINTBEGIN +// GCOV_EXCL_START +M_ARRAY_DEF(BSLP_SecOperPtrList, BSL_SecOper_t *, M_PTR_OPLIST) +// GCOV_EXCL_STOP +// NOLINTEND +/// @endcond + static bool BSLP_PolicyProvider_IsConsistent(const BSLP_PolicyProvider_t *self) { ASSERT_ARG_NONNULL(self); @@ -164,15 +175,15 @@ int BSLP_QueryPolicy(const void *user_data, BSL_SecurityActionSet_t *output_acti const BSLP_PolicyRule_t *rule = &self->rules[index]; if (!BSLP_PolicyRule_IsConsistent(rule)) { - BSL_LOG_ERR("Rule `%s` is not consistent", m_string_get_cstr(rule->description)); + BSL_LOG_ERR("Rule `%s` is not consistent", rule->description); continue; } - BSL_LOG_DEBUG("Evaluating against rule `%s`", m_string_get_cstr(rule->description)); + BSL_LOG_DEBUG("Evaluating against rule `%s`", rule->description); if (!BSLP_PolicyPredicate_IsMatch(rule->predicate, location, primary_block.field_src_node_id, primary_block.field_dest_eid)) { - BSL_LOG_DEBUG("Rule `%s` not a match", m_string_get_cstr(rule->description)); + BSL_LOG_DEBUG("Rule `%s` not a match", rule->description); continue; } @@ -258,7 +269,7 @@ int BSLP_QueryPolicy(const void *user_data, BSL_SecurityActionSet_t *output_acti BSL_LOG_INFO("append to end"); BSLP_SecOperPtrList_push_back(secops, sec_oper); } - BSL_LOG_INFO("Created sec operation for rule `%s`", m_string_get_cstr(rule->description)); + BSL_LOG_INFO("Created sec operation for rule `%s`", rule->description); } BSL_PrimaryBlock_deinit(&primary_block); @@ -408,7 +419,8 @@ int BSLP_PolicyRule_Init(BSLP_PolicyRule_t *self, const char *desc, BSLP_PolicyP { ASSERT_ARG_NONNULL(self); memset(self, 0, sizeof(*self)); - string_init_set_str(self->description, desc); + self->description = BSL_MALLOC(strlen(desc)+1); + strcpy(self->description, desc); self->sec_block_type = sec_block_type; self->target_block_type = target_block_type; self->predicate = predicate; @@ -424,9 +436,9 @@ int BSLP_PolicyRule_Init(BSLP_PolicyRule_t *self, const char *desc, BSLP_PolicyP void BSLP_PolicyRule_Deinit(BSLP_PolicyRule_t *self) { ASSERT_ARG_EXPR(BSLP_PolicyRule_IsConsistent(self)); - BSL_LOG_INFO("BSLP_PolicyRule_Deinit: %s, nparams=%zu", m_string_get_cstr(self->description), + BSL_LOG_INFO("BSLP_PolicyRule_Deinit: %s, nparams=%zu", self->description, BSLB_SecParamList_size(self->params)); - string_clear(self->description); + BSL_FREE(self->description); BSLB_SecParamList_clear(self->params); memset(self, 0, sizeof(*self)); } @@ -486,7 +498,7 @@ int BSLP_PolicyRule_EvaluateAsSecOper(const BSLP_PolicyRule_t *self, BSL_SecOper const BSL_SecParam_t *param = BSLB_SecParamList_cref(pit); BSL_SecOper_AppendParam(sec_oper, param); } - BSL_LOG_INFO("Created sec operation for rule `%s`", m_string_get_cstr(self->description)); + BSL_LOG_INFO("Created sec operation for rule `%s`", self->description); return BSL_SUCCESS; } diff --git a/src/policy_provider/SamplePolicyProvider.h b/src/policy_provider/SamplePolicyProvider.h index e6d60efb..58c10bbd 100644 --- a/src/policy_provider/SamplePolicyProvider.h +++ b/src/policy_provider/SamplePolicyProvider.h @@ -29,21 +29,9 @@ #define BSLP_SAMPLE_POLICY_PROVIDER_H #include -#include -#include #include #include -/** @struct BSLP_SecOperPtrList_t - * Defines a basic list of ::BSL_SecOper_t pointers. - */ -/// @cond Doxygen_Suppress -// NOLINTBEGIN -// GCOV_EXCL_START -M_ARRAY_DEF(BSLP_SecOperPtrList, BSL_SecOper_t *, M_PTR_OPLIST) -// GCOV_EXCL_STOP -// NOLINTEND -/// @endcond /** * THE key function that matches a bundle against a rule to provide the output action and specific parameters to use for @@ -105,7 +93,7 @@ bool BSLP_PolicyPredicate_IsMatch(const BSLP_PolicyPredicate_t *self, BSL_Policy */ typedef struct BSLP_PolicyRule_s { - string_t description; + char *description; BSLP_PolicyPredicate_t *predicate; BSL_SecRole_e role; BSL_BundleBlockTypeCode_e target_block_type; @@ -173,7 +161,6 @@ int BSLP_PolicyRule_EvaluateAsSecOper(const BSLP_PolicyRule_t *self, BSL_SecOper /// @brief Concrete definition of a policy provider typedef struct BSLP_PolicyProvider_s { - string_t name; BSLP_PolicyPredicate_t predicates[BSLP_POLICYPREDICATE_ARRAY_CAPACITY]; size_t predicate_count; BSLP_PolicyRule_t rules[BSLP_POLICYPREDICATE_ARRAY_CAPACITY]; diff --git a/test/test_BackendPolicyProvider.c b/test/test_BackendPolicyProvider.c index deb87c29..9a951905 100644 --- a/test/test_BackendPolicyProvider.c +++ b/test/test_BackendPolicyProvider.c @@ -83,8 +83,6 @@ void tearDown(void) */ void test_PolicyProvider_InspectEmptyRuleset(void) { - BSLP_PolicyProvider_t *policy = BSL_PolicyDict_get(LocalTestCtx.bsl.policy_reg, BSL_SAMPLE_PP_ID)->user_data; - string_init_set_str(policy->name, "Unit Test Policy Provider!"); TEST_ASSERT_EQUAL(0, BSL_TestUtils_LoadBundleFromCBOR(&LocalTestCtx, RFC9173_TestVectors_AppendixA1.cbor_bundle_bib)); @@ -98,7 +96,6 @@ void test_PolicyProvider_InspectEmptyRuleset(void) TEST_ASSERT_EQUAL(0, BSL_SecurityAction_CountSecOpers(act)); BSL_SecurityActionSet_Deinit(&action_set); - string_clear(policy->name); } /** @@ -110,7 +107,6 @@ void test_PolicyProvider_InspectEmptyRuleset(void) void test_PolicyProvider_InspectSingleBIBRuleset(void) { BSLP_PolicyProvider_t *policy = BSL_PolicyDict_get(LocalTestCtx.bsl.policy_reg, BSL_SAMPLE_PP_ID)->user_data; - string_init_set_str(policy->name, "Unit Test Policy Provider!"); BSLP_PolicyPredicate_t *predicate = &policy->predicates[policy->predicate_count++]; BSLP_PolicyPredicate_Init(predicate, BSL_POLICYLOCATION_APPIN, BSL_TestUtils_GetEidPatternFromText("*:**"), @@ -131,7 +127,6 @@ void test_PolicyProvider_InspectSingleBIBRuleset(void) TEST_ASSERT_EQUAL(1, BSL_SecurityAction_CountSecOpers(BSL_SecurityActionSet_GetActionAtIndex(&action_set, 0))); BSL_SecurityActionSet_Deinit(&action_set); - string_clear(policy->name); } /** @@ -140,7 +135,6 @@ void test_PolicyProvider_InspectSingleBIBRuleset(void) void test_PolicyProvider_Inspect_RFC9173_BIB(void) { BSLP_PolicyProvider_t *policy = BSL_PolicyDict_get(LocalTestCtx.bsl.policy_reg, BSL_SAMPLE_PP_ID)->user_data; - string_init_set_str(policy->name, "Unit Test Policy Provider!"); BSLP_PolicyPredicate_t *predicate = &policy->predicates[policy->predicate_count++]; BSLP_PolicyPredicate_Init(predicate, BSL_POLICYLOCATION_APPIN, BSL_TestUtils_GetEidPatternFromText("*:**"), @@ -167,7 +161,6 @@ void test_PolicyProvider_Inspect_RFC9173_BIB(void) TEST_ASSERT_EQUAL(3, BSL_SecOper_CountParams(BSL_SecurityAction_GetSecOperAtIndex(act, 0))); BSL_SecurityActionSet_Deinit(&action_set); - string_clear(policy->name); } // TODO - test with also setting sec pararms and other things and test the RFC 9173 things. @@ -187,11 +180,9 @@ void test_MultiplePolicyProviders(void) BSLP_PolicyProvider_t *policy = BSL_PolicyDict_get(LocalTestCtx.bsl.policy_reg, BSL_SAMPLE_PP_ID)->user_data; policy->pp_id = BSL_SAMPLE_PP_ID; - string_init_set_str(policy->name, "Unit Test Policy Provider 1!"); BSLP_PolicyProvider_t *policy2 = BSL_PolicyDict_get(LocalTestCtx.bsl.policy_reg, BSL_SAMPLE_PP_ID_2)->user_data; policy2->pp_id = BSL_SAMPLE_PP_ID_2; - string_init_set_str(policy2->name, "Unit Test Policy Provider 2!"); BSLP_PolicyPredicate_t *predicate = &policy->predicates[policy->predicate_count++]; BSLP_PolicyPredicate_Init(predicate, BSL_POLICYLOCATION_APPIN, BSL_TestUtils_GetEidPatternFromText("*:**"), @@ -254,6 +245,4 @@ void test_MultiplePolicyProviders(void) BSL_SecurityActionSet_Deinit(&action_set); BSL_FREE(response_set); - string_clear(policy->name); - string_clear(policy2->name); } diff --git a/test/test_PublicInterfaceImpl.c b/test/test_PublicInterfaceImpl.c index a952ae9d..d03d93af 100644 --- a/test/test_PublicInterfaceImpl.c +++ b/test/test_PublicInterfaceImpl.c @@ -135,7 +135,6 @@ void setUp(void) TEST_ASSERT_EQUAL(0, BSL_API_RegisterPolicyProvider(&LocalTestCtx.bsl, BSL_SAMPLE_PP_ID, policy_desc)); BSLP_PolicyProvider_t *policy = BSL_PolicyDict_get(LocalTestCtx.bsl.policy_reg, BSL_SAMPLE_PP_ID)->user_data; - string_init_set_str(policy->name, "Unit Test Policy Provider!"); policy->pp_id = 1; @@ -569,8 +568,6 @@ void setUp(void) void tearDown(void) { BSL_SecurityActionSet_Deinit(&action_set); - BSLP_PolicyProvider_t *policy = BSL_PolicyDict_get(LocalTestCtx.bsl.policy_reg, BSL_SAMPLE_PP_ID)->user_data; - string_clear(policy->name); mock_bpa_ctr_deinit(&LocalTestCtx.mock_bpa_ctr); BSL_CryptoDeinit(); TEST_ASSERT_EQUAL(0, BSL_API_DeinitLib(&LocalTestCtx.bsl)); From 6e5308c714476254d84f0a4a13fcc6b9e4ff981a Mon Sep 17 00:00:00 2001 From: Joshua Stone Date: Tue, 16 Sep 2025 14:58:22 -0400 Subject: [PATCH 02/13] format --- src/policy_provider/SamplePolicyProvider.c | 5 ++--- src/policy_provider/SamplePolicyProvider.h | 3 +-- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/src/policy_provider/SamplePolicyProvider.c b/src/policy_provider/SamplePolicyProvider.c index dac91f47..1eade28e 100644 --- a/src/policy_provider/SamplePolicyProvider.c +++ b/src/policy_provider/SamplePolicyProvider.c @@ -419,7 +419,7 @@ int BSLP_PolicyRule_Init(BSLP_PolicyRule_t *self, const char *desc, BSLP_PolicyP { ASSERT_ARG_NONNULL(self); memset(self, 0, sizeof(*self)); - self->description = BSL_MALLOC(strlen(desc)+1); + self->description = BSL_MALLOC(strlen(desc) + 1); strcpy(self->description, desc); self->sec_block_type = sec_block_type; self->target_block_type = target_block_type; @@ -436,8 +436,7 @@ int BSLP_PolicyRule_Init(BSLP_PolicyRule_t *self, const char *desc, BSLP_PolicyP void BSLP_PolicyRule_Deinit(BSLP_PolicyRule_t *self) { ASSERT_ARG_EXPR(BSLP_PolicyRule_IsConsistent(self)); - BSL_LOG_INFO("BSLP_PolicyRule_Deinit: %s, nparams=%zu", self->description, - BSLB_SecParamList_size(self->params)); + BSL_LOG_INFO("BSLP_PolicyRule_Deinit: %s, nparams=%zu", self->description, BSLB_SecParamList_size(self->params)); BSL_FREE(self->description); BSLB_SecParamList_clear(self->params); memset(self, 0, sizeof(*self)); diff --git a/src/policy_provider/SamplePolicyProvider.h b/src/policy_provider/SamplePolicyProvider.h index 58c10bbd..2ed3bf9e 100644 --- a/src/policy_provider/SamplePolicyProvider.h +++ b/src/policy_provider/SamplePolicyProvider.h @@ -32,7 +32,6 @@ #include #include - /** * THE key function that matches a bundle against a rule to provide the output action and specific parameters to use for * the security operation. @@ -93,7 +92,7 @@ bool BSLP_PolicyPredicate_IsMatch(const BSLP_PolicyPredicate_t *self, BSL_Policy */ typedef struct BSLP_PolicyRule_s { - char *description; + char *description; BSLP_PolicyPredicate_t *predicate; BSL_SecRole_e role; BSL_BundleBlockTypeCode_e target_block_type; From c54d592aabe68b247bf276960f331b2fc503fbdb Mon Sep 17 00:00:00 2001 From: Joshua Stone Date: Tue, 16 Sep 2025 18:30:55 -0400 Subject: [PATCH 03/13] strcpy security fix w #define --- src/policy_provider/SamplePolicyProvider.c | 4 ++-- src/policy_provider/SamplePolicyProvider.h | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/policy_provider/SamplePolicyProvider.c b/src/policy_provider/SamplePolicyProvider.c index 1eade28e..19570b01 100644 --- a/src/policy_provider/SamplePolicyProvider.c +++ b/src/policy_provider/SamplePolicyProvider.c @@ -419,8 +419,8 @@ int BSLP_PolicyRule_Init(BSLP_PolicyRule_t *self, const char *desc, BSLP_PolicyP { ASSERT_ARG_NONNULL(self); memset(self, 0, sizeof(*self)); - self->description = BSL_MALLOC(strlen(desc) + 1); - strcpy(self->description, desc); + self->description = BSL_MALLOC(strnlen(desc, POLICY_RULE_DESCRIPTION_MAX_STRLEN) + 1); + strncpy(self->description, desc, POLICY_RULE_DESCRIPTION_MAX_STRLEN); self->sec_block_type = sec_block_type; self->target_block_type = target_block_type; self->predicate = predicate; diff --git a/src/policy_provider/SamplePolicyProvider.h b/src/policy_provider/SamplePolicyProvider.h index 2ed3bf9e..a489542c 100644 --- a/src/policy_provider/SamplePolicyProvider.h +++ b/src/policy_provider/SamplePolicyProvider.h @@ -77,6 +77,9 @@ void BSLP_PolicyPredicate_Deinit(BSLP_PolicyPredicate_t *self); bool BSLP_PolicyPredicate_IsMatch(const BSLP_PolicyPredicate_t *self, BSL_PolicyLocation_e location, BSL_HostEID_t src_eid, BSL_HostEID_t dst_eid); + +#define POLICY_RULE_DESCRIPTION_MAX_STRLEN 100 + /** * @brief Represents a policy rule * From 57e1f14250992d829ca84678bb6ba7487f8a31cc Mon Sep 17 00:00:00 2001 From: Joshua Stone Date: Tue, 16 Sep 2025 18:46:51 -0400 Subject: [PATCH 04/13] strnlen --- src/policy_provider/SamplePolicyProvider.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/policy_provider/SamplePolicyProvider.c b/src/policy_provider/SamplePolicyProvider.c index 19570b01..5248d05f 100644 --- a/src/policy_provider/SamplePolicyProvider.c +++ b/src/policy_provider/SamplePolicyProvider.c @@ -27,6 +27,7 @@ */ #include #include +#include #include #include @@ -419,8 +420,10 @@ int BSLP_PolicyRule_Init(BSLP_PolicyRule_t *self, const char *desc, BSLP_PolicyP { ASSERT_ARG_NONNULL(self); memset(self, 0, sizeof(*self)); - self->description = BSL_MALLOC(strnlen(desc, POLICY_RULE_DESCRIPTION_MAX_STRLEN) + 1); - strncpy(self->description, desc, POLICY_RULE_DESCRIPTION_MAX_STRLEN); + size_t desc_sz = strnlen(desc, POLICY_RULE_DESCRIPTION_MAX_STRLEN); + self->description = BSL_MALLOC(desc_sz + 1); + strncpy(self->description, desc, desc_sz); + self->description[desc_sz - 1] = '\0'; self->sec_block_type = sec_block_type; self->target_block_type = target_block_type; self->predicate = predicate; From cda7a7228ef5d048f2254b89c52bd4796bd22905 Mon Sep 17 00:00:00 2001 From: Joshua Stone Date: Tue, 16 Sep 2025 18:53:09 -0400 Subject: [PATCH 05/13] apply format --- src/policy_provider/SamplePolicyProvider.c | 10 +++++----- src/policy_provider/SamplePolicyProvider.h | 1 - 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/src/policy_provider/SamplePolicyProvider.c b/src/policy_provider/SamplePolicyProvider.c index 5248d05f..f6aa2784 100644 --- a/src/policy_provider/SamplePolicyProvider.c +++ b/src/policy_provider/SamplePolicyProvider.c @@ -420,14 +420,14 @@ int BSLP_PolicyRule_Init(BSLP_PolicyRule_t *self, const char *desc, BSLP_PolicyP { ASSERT_ARG_NONNULL(self); memset(self, 0, sizeof(*self)); - size_t desc_sz = strnlen(desc, POLICY_RULE_DESCRIPTION_MAX_STRLEN); + size_t desc_sz = strnlen(desc, POLICY_RULE_DESCRIPTION_MAX_STRLEN); self->description = BSL_MALLOC(desc_sz + 1); strncpy(self->description, desc, desc_sz); self->description[desc_sz - 1] = '\0'; - self->sec_block_type = sec_block_type; - self->target_block_type = target_block_type; - self->predicate = predicate; - self->context_id = context_id; + self->sec_block_type = sec_block_type; + self->target_block_type = target_block_type; + self->predicate = predicate; + self->context_id = context_id; // TODO(bvb) assert Role in expected range self->failure_action_code = failure_action_code; self->role = role; diff --git a/src/policy_provider/SamplePolicyProvider.h b/src/policy_provider/SamplePolicyProvider.h index a489542c..14aa0604 100644 --- a/src/policy_provider/SamplePolicyProvider.h +++ b/src/policy_provider/SamplePolicyProvider.h @@ -77,7 +77,6 @@ void BSLP_PolicyPredicate_Deinit(BSLP_PolicyPredicate_t *self); bool BSLP_PolicyPredicate_IsMatch(const BSLP_PolicyPredicate_t *self, BSL_PolicyLocation_e location, BSL_HostEID_t src_eid, BSL_HostEID_t dst_eid); - #define POLICY_RULE_DESCRIPTION_MAX_STRLEN 100 /** From 699e38fb84ad5fbfad9df1a657416f574391b586 Mon Sep 17 00:00:00 2001 From: Joshua Stone Date: Wed, 17 Sep 2025 12:49:01 -0400 Subject: [PATCH 06/13] add bslp to define --- src/policy_provider/SamplePolicyProvider.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/policy_provider/SamplePolicyProvider.h b/src/policy_provider/SamplePolicyProvider.h index 14aa0604..c33ee4d5 100644 --- a/src/policy_provider/SamplePolicyProvider.h +++ b/src/policy_provider/SamplePolicyProvider.h @@ -77,7 +77,7 @@ void BSLP_PolicyPredicate_Deinit(BSLP_PolicyPredicate_t *self); bool BSLP_PolicyPredicate_IsMatch(const BSLP_PolicyPredicate_t *self, BSL_PolicyLocation_e location, BSL_HostEID_t src_eid, BSL_HostEID_t dst_eid); -#define POLICY_RULE_DESCRIPTION_MAX_STRLEN 100 +#define BSLP_POLICY_RULE_DESCRIPTION_MAX_STRLEN 100 /** * @brief Represents a policy rule From ae36492c8a390ea518f04e9b18aa26c8ae47879b Mon Sep 17 00:00:00 2001 From: Joshua Stone Date: Wed, 17 Sep 2025 15:59:59 -0400 Subject: [PATCH 07/13] docs + formatting --- src/policy_provider/SamplePolicyProvider.c | 4 +++- src/policy_provider/SamplePolicyProvider.h | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/policy_provider/SamplePolicyProvider.c b/src/policy_provider/SamplePolicyProvider.c index f6aa2784..3bec8715 100644 --- a/src/policy_provider/SamplePolicyProvider.c +++ b/src/policy_provider/SamplePolicyProvider.c @@ -420,10 +420,12 @@ int BSLP_PolicyRule_Init(BSLP_PolicyRule_t *self, const char *desc, BSLP_PolicyP { ASSERT_ARG_NONNULL(self); memset(self, 0, sizeof(*self)); - size_t desc_sz = strnlen(desc, POLICY_RULE_DESCRIPTION_MAX_STRLEN); + + size_t desc_sz = strnlen(desc, BSLP_POLICYPREDICATE_ARRAY_CAPACITY); self->description = BSL_MALLOC(desc_sz + 1); strncpy(self->description, desc, desc_sz); self->description[desc_sz - 1] = '\0'; + self->sec_block_type = sec_block_type; self->target_block_type = target_block_type; self->predicate = predicate; diff --git a/src/policy_provider/SamplePolicyProvider.h b/src/policy_provider/SamplePolicyProvider.h index c33ee4d5..ad87886a 100644 --- a/src/policy_provider/SamplePolicyProvider.h +++ b/src/policy_provider/SamplePolicyProvider.h @@ -77,6 +77,7 @@ void BSLP_PolicyPredicate_Deinit(BSLP_PolicyPredicate_t *self); bool BSLP_PolicyPredicate_IsMatch(const BSLP_PolicyPredicate_t *self, BSL_PolicyLocation_e location, BSL_HostEID_t src_eid, BSL_HostEID_t dst_eid); +/// @brief Maximum string length of a policy rule description; Affects \ref BSLP_PolicyRule_Init::desc #define BSLP_POLICY_RULE_DESCRIPTION_MAX_STRLEN 100 /** @@ -108,7 +109,7 @@ typedef struct BSLP_PolicyRule_s * @brief Initialize this policy rule * * @param[in] self This policy rule - * @param[in] dest Description of this rule (C-string) + * @param[in] dest Description of this rule (C-string). Will copy characters of parameter from index 0 to ::BSLP_POLICY_RULE_DESCRIPTION_MAX_STRLEN - 1. * @param[in] predicate Predicate used to identify which bundles apply * @param[in] context_id Security context ID * @param[in] role Such as source, acceptor, etc From 63cd3e19fdb5fda4547ae34665992725bfc3ec4f Mon Sep 17 00:00:00 2001 From: Joshua Stone Date: Wed, 17 Sep 2025 16:07:53 -0400 Subject: [PATCH 08/13] fix symbol --- src/policy_provider/SamplePolicyProvider.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/policy_provider/SamplePolicyProvider.h b/src/policy_provider/SamplePolicyProvider.h index ad87886a..7687e4f4 100644 --- a/src/policy_provider/SamplePolicyProvider.h +++ b/src/policy_provider/SamplePolicyProvider.h @@ -77,7 +77,7 @@ void BSLP_PolicyPredicate_Deinit(BSLP_PolicyPredicate_t *self); bool BSLP_PolicyPredicate_IsMatch(const BSLP_PolicyPredicate_t *self, BSL_PolicyLocation_e location, BSL_HostEID_t src_eid, BSL_HostEID_t dst_eid); -/// @brief Maximum string length of a policy rule description; Affects \ref BSLP_PolicyRule_Init::desc +/// @brief Maximum string length of a policy rule description; Affects @ref BSLP_PolicyRule_Init::desc #define BSLP_POLICY_RULE_DESCRIPTION_MAX_STRLEN 100 /** From 8e028c548919ee0ea9b2ea346ab2ee5801895d8e Mon Sep 17 00:00:00 2001 From: Joshua Stone Date: Wed, 17 Sep 2025 16:24:01 -0400 Subject: [PATCH 09/13] docs --- src/policy_provider/SamplePolicyProvider.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/policy_provider/SamplePolicyProvider.h b/src/policy_provider/SamplePolicyProvider.h index 7687e4f4..14e1bfe3 100644 --- a/src/policy_provider/SamplePolicyProvider.h +++ b/src/policy_provider/SamplePolicyProvider.h @@ -77,7 +77,10 @@ void BSLP_PolicyPredicate_Deinit(BSLP_PolicyPredicate_t *self); bool BSLP_PolicyPredicate_IsMatch(const BSLP_PolicyPredicate_t *self, BSL_PolicyLocation_e location, BSL_HostEID_t src_eid, BSL_HostEID_t dst_eid); -/// @brief Maximum string length of a policy rule description; Affects @ref BSLP_PolicyRule_Init::desc +/** + * Maximum string length of a policy rule description; + * Affects ::BSLP_PolicyRule_Init `desc` parameter + */ #define BSLP_POLICY_RULE_DESCRIPTION_MAX_STRLEN 100 /** From 4736b821a0a710765a23267e0c2a8f180d995146 Mon Sep 17 00:00:00 2001 From: Joshua Stone Date: Wed, 17 Sep 2025 16:24:44 -0400 Subject: [PATCH 10/13] format --- src/policy_provider/SamplePolicyProvider.c | 10 +++++----- src/policy_provider/SamplePolicyProvider.h | 7 ++++--- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/src/policy_provider/SamplePolicyProvider.c b/src/policy_provider/SamplePolicyProvider.c index 3bec8715..ee9ef7fd 100644 --- a/src/policy_provider/SamplePolicyProvider.c +++ b/src/policy_provider/SamplePolicyProvider.c @@ -425,11 +425,11 @@ int BSLP_PolicyRule_Init(BSLP_PolicyRule_t *self, const char *desc, BSLP_PolicyP self->description = BSL_MALLOC(desc_sz + 1); strncpy(self->description, desc, desc_sz); self->description[desc_sz - 1] = '\0'; - - self->sec_block_type = sec_block_type; - self->target_block_type = target_block_type; - self->predicate = predicate; - self->context_id = context_id; + + self->sec_block_type = sec_block_type; + self->target_block_type = target_block_type; + self->predicate = predicate; + self->context_id = context_id; // TODO(bvb) assert Role in expected range self->failure_action_code = failure_action_code; self->role = role; diff --git a/src/policy_provider/SamplePolicyProvider.h b/src/policy_provider/SamplePolicyProvider.h index 14e1bfe3..49f75a9a 100644 --- a/src/policy_provider/SamplePolicyProvider.h +++ b/src/policy_provider/SamplePolicyProvider.h @@ -78,9 +78,9 @@ bool BSLP_PolicyPredicate_IsMatch(const BSLP_PolicyPredicate_t *self, BSL_Policy BSL_HostEID_t src_eid, BSL_HostEID_t dst_eid); /** - * Maximum string length of a policy rule description; + * Maximum string length of a policy rule description; * Affects ::BSLP_PolicyRule_Init `desc` parameter - */ + */ #define BSLP_POLICY_RULE_DESCRIPTION_MAX_STRLEN 100 /** @@ -112,7 +112,8 @@ typedef struct BSLP_PolicyRule_s * @brief Initialize this policy rule * * @param[in] self This policy rule - * @param[in] dest Description of this rule (C-string). Will copy characters of parameter from index 0 to ::BSLP_POLICY_RULE_DESCRIPTION_MAX_STRLEN - 1. + * @param[in] dest Description of this rule (C-string). Will copy characters of parameter from index 0 to + * ::BSLP_POLICY_RULE_DESCRIPTION_MAX_STRLEN - 1. * @param[in] predicate Predicate used to identify which bundles apply * @param[in] context_id Security context ID * @param[in] role Such as source, acceptor, etc From 0891d38bd5a0585c7c900a496df80bff3bbf40d9 Mon Sep 17 00:00:00 2001 From: Joshua Stone Date: Wed, 17 Sep 2025 16:27:17 -0400 Subject: [PATCH 11/13] off by 1 --- src/policy_provider/SamplePolicyProvider.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/policy_provider/SamplePolicyProvider.c b/src/policy_provider/SamplePolicyProvider.c index ee9ef7fd..2e79475c 100644 --- a/src/policy_provider/SamplePolicyProvider.c +++ b/src/policy_provider/SamplePolicyProvider.c @@ -424,7 +424,7 @@ int BSLP_PolicyRule_Init(BSLP_PolicyRule_t *self, const char *desc, BSLP_PolicyP size_t desc_sz = strnlen(desc, BSLP_POLICYPREDICATE_ARRAY_CAPACITY); self->description = BSL_MALLOC(desc_sz + 1); strncpy(self->description, desc, desc_sz); - self->description[desc_sz - 1] = '\0'; + self->description[desc_sz] = '\0'; self->sec_block_type = sec_block_type; self->target_block_type = target_block_type; From 4accf4daf037860244739838d34b57581f1a492b Mon Sep 17 00:00:00 2001 From: Joshua Stone Date: Wed, 17 Sep 2025 20:44:55 -0400 Subject: [PATCH 12/13] test policyrule description limit --- test/test_SamplePolicyProvider.c | 35 ++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/test/test_SamplePolicyProvider.c b/test/test_SamplePolicyProvider.c index ca265a8e..e436ba92 100644 --- a/test/test_SamplePolicyProvider.c +++ b/test/test_SamplePolicyProvider.c @@ -122,4 +122,39 @@ void test_SamplePolicyProvider_WildcardPolicyRuleVerifiesBIB(void) BSLP_PolicyPredicate_Deinit(&predicate); } +TEST_CASE("") +TEST_CASE("1") +TEST_CASE("0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789") // 100 char +TEST_CASE("01234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890") // 101 char +void test_SamplePolicyProvider_PolicyRuleInit_Description(const char *description) +{ + BSLP_PolicyPredicate_t predicate; + BSLP_PolicyPredicate_Init(&predicate, BSL_POLICYLOCATION_APPIN, BSL_TestUtils_GetEidPatternFromText("*:**"), + BSL_TestUtils_GetEidPatternFromText("*:**"), BSL_TestUtils_GetEidPatternFromText("*:**")); + + BSLP_PolicyRule_t rule; + BSLP_PolicyRule_Init(&rule, description, &predicate, 1, BSL_SECROLE_VERIFIER, + BSL_SECBLOCKTYPE_BIB, BSL_BLOCK_TYPE_PAYLOAD, BSL_POLICYACTION_DROP_BUNDLE); + + TEST_ASSERT_LESS_OR_EQUAL(BSLP_POLICY_RULE_DESCRIPTION_MAX_STRLEN, strlen(rule.description)); + + if (strlen(description) <= BSLP_POLICY_RULE_DESCRIPTION_MAX_STRLEN) + { + TEST_ASSERT_EQUAL(strlen(description), strlen(rule.description)); + } + else + { + TEST_ASSERT_EQUAL(BSLP_POLICY_RULE_DESCRIPTION_MAX_STRLEN, strlen(rule.description)); + } + + // unity doesn't like TEST_ASSERT_EQUAL_MEMORY call on 0 length buffer + if (strlen(description) > 0) + { + TEST_ASSERT_EQUAL_MEMORY(description, rule.description, strlen(rule.description)); + } + + BSLP_PolicyRule_Deinit(&rule); + BSLP_PolicyPredicate_Deinit(&predicate); +} + // TODO(bvb) more tests with more granular predicates and rules From 79c0b78010d1fa5df5b79037c88f6d265a46c82e Mon Sep 17 00:00:00 2001 From: Joshua Stone Date: Wed, 17 Sep 2025 20:45:17 -0400 Subject: [PATCH 13/13] format --- test/test_SamplePolicyProvider.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/test/test_SamplePolicyProvider.c b/test/test_SamplePolicyProvider.c index e436ba92..0aa515d8 100644 --- a/test/test_SamplePolicyProvider.c +++ b/test/test_SamplePolicyProvider.c @@ -124,8 +124,10 @@ void test_SamplePolicyProvider_WildcardPolicyRuleVerifiesBIB(void) TEST_CASE("") TEST_CASE("1") -TEST_CASE("0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789") // 100 char -TEST_CASE("01234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890") // 101 char +TEST_CASE( + "0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789") // 100 char +TEST_CASE( + "01234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890") // 101 char void test_SamplePolicyProvider_PolicyRuleInit_Description(const char *description) { BSLP_PolicyPredicate_t predicate; @@ -133,8 +135,8 @@ void test_SamplePolicyProvider_PolicyRuleInit_Description(const char *descriptio BSL_TestUtils_GetEidPatternFromText("*:**"), BSL_TestUtils_GetEidPatternFromText("*:**")); BSLP_PolicyRule_t rule; - BSLP_PolicyRule_Init(&rule, description, &predicate, 1, BSL_SECROLE_VERIFIER, - BSL_SECBLOCKTYPE_BIB, BSL_BLOCK_TYPE_PAYLOAD, BSL_POLICYACTION_DROP_BUNDLE); + BSLP_PolicyRule_Init(&rule, description, &predicate, 1, BSL_SECROLE_VERIFIER, BSL_SECBLOCKTYPE_BIB, + BSL_BLOCK_TYPE_PAYLOAD, BSL_POLICYACTION_DROP_BUNDLE); TEST_ASSERT_LESS_OR_EQUAL(BSLP_POLICY_RULE_DESCRIPTION_MAX_STRLEN, strlen(rule.description));