From 9500cb9cc64b4b0ac8da12611bb86d0830cc710c Mon Sep 17 00:00:00 2001 From: kaanaktas Date: Fri, 15 Jul 2022 19:24:52 +0100 Subject: [PATCH] implemented custom configuration files to allow user to create own settings --- benchmark_test.go | 4 +- cache/cache.go | 4 +- cache/in_memory.go | 4 + config/common.go | 28 +++- datafilter/executor.go | 107 -------------- datafilter/load.go | 64 +++++++- datafilter/owasp.go | 8 +- datafilter/pan.go | 8 +- datafilter/testdata/datafilter_rule_set.json | 24 +++ datafilter/types.go | 18 +-- .../datafilter_test.go => datafilter_test.go | 30 +++- executor/executor.go | 138 ++++++++++++++++++ go.mod | 1 + go.sum | 2 + impl_samples/echo/main.go | 4 +- impl_samples/echo/utils.go | 6 +- main.go | 36 +++-- policy/load.go | 62 ++++---- policy/{ => testdata}/common_rules.json | 0 policy/{ => testdata}/policy_rule_set.json | 0 20 files changed, 362 insertions(+), 186 deletions(-) delete mode 100644 datafilter/executor.go create mode 100644 datafilter/testdata/datafilter_rule_set.json rename datafilter/datafilter_test.go => datafilter_test.go (55%) create mode 100644 executor/executor.go rename policy/{ => testdata}/common_rules.json (100%) rename policy/{ => testdata}/policy_rule_set.json (100%) diff --git a/benchmark_test.go b/benchmark_test.go index 3beae3d..205c32e 100644 --- a/benchmark_test.go +++ b/benchmark_test.go @@ -2,7 +2,7 @@ package main import ( "github.com/kaanaktas/go-slm/config" - "github.com/kaanaktas/go-slm/datafilter" + "github.com/kaanaktas/go-slm/executor" "io/ioutil" "log" "testing" @@ -25,6 +25,6 @@ func Benchmark(b *testing.B) { serviceName := "test" for i := 0; i < b.N; i++ { - datafilter.Execute(data, serviceName) + executor.Execute(data, serviceName, config.Request) } } diff --git a/cache/cache.go b/cache/cache.go index 8147f06..6e59b3b 100644 --- a/cache/cache.go +++ b/cache/cache.go @@ -7,9 +7,9 @@ import ( type Cache interface { Get(k string) (interface{}, bool) Set(k string, v interface{}, d time.Duration) error + Flush() } const ( - NoExpiration time.Duration = -1 - DefaultExpiration time.Duration = 0 + NoExpiration time.Duration = -1 ) diff --git a/cache/in_memory.go b/cache/in_memory.go index deadda0..8de4eb8 100644 --- a/cache/in_memory.go +++ b/cache/in_memory.go @@ -19,6 +19,10 @@ func (i *inMemory) Set(k string, v interface{}, d time.Duration) error { return nil } +func (i *inMemory) Flush() { + i.cache.Flush() +} + var onceInMem sync.Once func (i *inMemory) initiateInMemory() { diff --git a/config/common.go b/config/common.go index dea56c1..d822c5d 100644 --- a/config/common.go +++ b/config/common.go @@ -3,15 +3,23 @@ package config import ( "log" "os" + "runtime/debug" "time" ) const NumberOfWorker = 5 +//policy rule set directions +const ( + Request = "request" + Response = "response" +) + +var RootDirectory, _ = os.Getwd() + func ReadFile(fileName string) ([]byte, error) { content, err := os.ReadFile(fileName) if err != nil { - log.Printf("error reading the file %q: %v\n", fileName, err) return nil, err } @@ -30,8 +38,16 @@ func PolicyKey(serviceName, direction string) string { return serviceName + "_" + direction } -//policy rule set directions -const ( - Request = "request" - Response = "response" -) +func IsModuleImported(currentModuleName string) bool { + if currentModuleName == "" { + currentModuleName = "github.com/kaanaktas/go-slm" + } + + bi, ok := debug.ReadBuildInfo() + if !ok { + log.Println("Failed to read build info") + return false + } + + return !(currentModuleName == bi.Path) +} diff --git a/datafilter/executor.go b/datafilter/executor.go deleted file mode 100644 index 2127f76..0000000 --- a/datafilter/executor.go +++ /dev/null @@ -1,107 +0,0 @@ -package datafilter - -import ( - "fmt" - "github.com/kaanaktas/go-slm/cache" - "github.com/kaanaktas/go-slm/config" - "github.com/kaanaktas/go-slm/policy" - "log" - "sync" -) - -var cacheIn = cache.NewInMemory() - -func Execute(data, serviceName, direction string) { - policyKey := config.PolicyKey(serviceName, direction) - cachedRule, ok := cacheIn.Get(access.Key) - if !ok { - panic("policyRule doesn't exist") - } - - policyRules := cachedRule.(access.PolicyRules)[policyKey] - if len(policyRules) == 0 { - log.Println("No ruleSet found for", serviceName) - return - } - - breaker := make(chan string) - in := make(chan validate) - closeCh := make(chan struct{}) - - go processor(policyRules, in, breaker) - go validator(&data, in, closeCh, breaker) - - select { - case v := <-breaker: - panic(v) - case <-closeCh: - } - - log.Println("no_match") -} - -func processor(accessList []access.Rule, in chan<- validate, breaker <-chan string) { - defer func() { - close(in) - }() - - for _, v := range accessList { - if v.Active { - if rule, ok := cacheIn.Get(v.Name); ok { - processRule(rule.([]validate), in, breaker) - } - } - } -} - -func processRule(patterns []validate, in chan<- validate, breaker <-chan string) { - var wg sync.WaitGroup - - for _, pattern := range patterns { - wg.Add(1) - - pattern := pattern - go func() { - defer wg.Done() - - if !pattern.disable() { - select { - case <-breaker: - return - case in <- pattern: - } - } - }() - } - - wg.Wait() -} - -func validator(data *string, in <-chan validate, closeCh chan<- struct{}, breaker chan<- string) { - defer func() { - close(closeCh) - }() - - var wg sync.WaitGroup - - //Distribute work to multiple workers - for i := 0; i < config.NumberOfWorker; i++ { - wg.Add(1) - worker(&wg, data, in, breaker) - } - - wg.Wait() -} - -func worker(wg *sync.WaitGroup, data *string, in <-chan validate, breaker chan<- string) { - go func() { - defer wg.Done() - - for v := range in { - if v.validate(data) { - breaker <- fmt.Sprint(v.toString()) - return - } - } - }() -} diff --git a/datafilter/load.go b/datafilter/load.go index 0e9350d..819f1a3 100644 --- a/datafilter/load.go +++ b/datafilter/load.go @@ -2,17 +2,14 @@ package datafilter import ( "embed" - _ "embed" "encoding/json" "fmt" "github.com/kaanaktas/go-slm/cache" + "github.com/kaanaktas/go-slm/config" "log" + "path/filepath" ) -func init() { - loadRules() -} - type ruleSet struct { Type string `json:"type"` Rules []rules `json:"rules"` @@ -23,20 +20,71 @@ type rules struct { Path string `json:"path"` } +var cacheIn = cache.NewInMemory() + //go:embed datafilter_rule_set.json var dataFilterRuleSet []byte //go:embed rules/* var ruleFs embed.FS -func loadRules() { - var ruleSet []ruleSet +func indexOfRuleSet(ruleSet []ruleSet, ruleType string) int { + for i, set := range ruleSet { + if ruleType == set.Type { + return i + } + } + return -1 +} + +func indexOfRule(rules []rules, ruleName string) int { + for i, rule := range rules { + if ruleName == rule.Name { + return i + } + } + return -1 +} + +func Load(dataFilterRuleSetPath string) { + var ruleSet, customRuleSet []ruleSet err := json.Unmarshal(dataFilterRuleSet, &ruleSet) if err != nil { msg := fmt.Sprintf("Can't unmarshall the content of datafilter_rule_set.json. Error: %s", err) panic(msg) } + if dataFilterRuleSetPath != "" { + content, err := config.ReadFile(filepath.Join(config.RootDirectory, dataFilterRuleSetPath)) + if err != nil { + msg := fmt.Sprintf("Error while reading %s. Error: %s", dataFilterRuleSetPath, err) + panic(msg) + } + err = json.Unmarshal(content, &customRuleSet) + if err != nil { + msg := fmt.Sprintf("Can't unmarshall the content of datafilter_rule_set.json. Error: %s", err) + panic(msg) + } + + for i := 0; i < len(customRuleSet); i++ { + ruleType := customRuleSet[i].Type + rsIndex := indexOfRuleSet(ruleSet, ruleType) + if rsIndex == -1 { + ruleSet = append(ruleSet, customRuleSet[i]) + } else { + customRules := customRuleSet[i].Rules + for k := 0; k < len(customRules); k++ { + index := indexOfRule(ruleSet[rsIndex].Rules, customRules[k].Name) + if index == -1 { + ruleSet[rsIndex].Rules = append(ruleSet[rsIndex].Rules, customRules[k]) + } else { + (ruleSet[rsIndex]).Rules[index].Path = customRules[k].Path + } + } + } + } + } + for _, set := range ruleSet { for _, rule := range set.Rules { content, err := ruleFs.ReadFile(rule.Path) @@ -51,7 +99,7 @@ func loadRules() { panic(msg) } - validateRule := make([]validate, len(patterns)) + validateRule := make([]Validate, len(patterns)) switch set.Type { case PAN: for i, v := range patterns { diff --git a/datafilter/owasp.go b/datafilter/owasp.go index 296bdac..ffb0412 100644 --- a/datafilter/owasp.go +++ b/datafilter/owasp.go @@ -6,15 +6,15 @@ type owasp struct { pattern } -func (o owasp) validate(data *string) bool { +func (o owasp) Validate(data *string) bool { matched, _ := regexp.MatchString(o.Rule, *data) return matched } -func (o owasp) toString() string { +func (o owasp) ToString() string { return o.Name + " " + o.Message } -func (o owasp) disable() bool { - return o.Disable +func (o owasp) Disable() bool { + return o.IsDisabled } diff --git a/datafilter/pan.go b/datafilter/pan.go index 63fd44e..5fc96ec 100644 --- a/datafilter/pan.go +++ b/datafilter/pan.go @@ -6,7 +6,7 @@ type pan struct { pattern } -func (p pan) validate(data *string) bool { +func (p pan) Validate(data *string) bool { r := regexp.MustCompile(p.Rule) matchList := r.FindAllString(*data, -1) for _, v := range matchList { @@ -18,10 +18,10 @@ func (p pan) validate(data *string) bool { return false } -func (p pan) toString() string { +func (p pan) ToString() string { return p.Name + " " + p.Message } -func (p pan) disable() bool { - return p.Disable +func (p pan) Disable() bool { + return p.IsDisabled } diff --git a/datafilter/testdata/datafilter_rule_set.json b/datafilter/testdata/datafilter_rule_set.json new file mode 100644 index 0000000..bd7369f --- /dev/null +++ b/datafilter/testdata/datafilter_rule_set.json @@ -0,0 +1,24 @@ +[ + { + "type": "pan", + "rules": [ + { + "name": "test_pan_process", + "path": "rules/pan_process.json" + } + ] + }, + { + "type": "owasp", + "rules": [ + { + "name": "sqli", + "path": "rules/owasp_attack_sqli.json" + }, + { + "name": "xss", + "path": "rules/owasp_attack_xss.json" + } + ] + } +] diff --git a/datafilter/types.go b/datafilter/types.go index e7b8e32..a26608e 100644 --- a/datafilter/types.go +++ b/datafilter/types.go @@ -1,9 +1,9 @@ package datafilter -type validate interface { - validate(data *string) bool - toString() string - disable() bool +type Validate interface { + Validate(data *string) bool + ToString() string + Disable() bool } //filter types @@ -13,9 +13,9 @@ const ( ) type pattern struct { - Name string `json:"name"` - Rule string `json:"rule"` - Sample string `json:"sample"` - Message string `json:"message"` - Disable bool `json:"disable"` + Name string `json:"name"` + Rule string `json:"rule"` + Sample string `json:"sample"` + Message string `json:"message"` + IsDisabled bool `json:"disable"` } diff --git a/datafilter/datafilter_test.go b/datafilter_test.go similarity index 55% rename from datafilter/datafilter_test.go rename to datafilter_test.go index a662858..e36ebb7 100644 --- a/datafilter/datafilter_test.go +++ b/datafilter_test.go @@ -1,10 +1,21 @@ -package datafilter +package main import ( + "github.com/kaanaktas/go-slm/cache" "github.com/kaanaktas/go-slm/config" + "github.com/kaanaktas/go-slm/executor" + "os" "testing" ) +func TestMain(m *testing.M) { + _ = os.Setenv("GO_SLM_POLICY_RULE_SET_PATH", "/policy/testdata/policy_rule_set.json") + _ = os.Setenv("GO_SLM_COMMON_RULES_PATH", "/policy/testdata/common_rules.json") + _ = os.Setenv("GO_SLM_CURRENT_MODULE_NAME", "github.com/kaanaktas/dummy") + + os.Exit(m.Run()) +} + func TestExecute(t *testing.T) { type args struct { data string @@ -54,7 +65,22 @@ func TestExecute(t *testing.T) { t.Errorf("%s didn't panic", tt.name) } }() - Execute(tt.args.data, tt.args.serviceName, config.Request) + executor.Execute(tt.args.data, tt.args.serviceName, config.Request) }) } } + +func TestCache(t *testing.T) { + _ = os.Setenv("GO_SLM_DATA_FILTER_RULE_SET_PATH", "/datafilter/testdata/datafilter_rule_set.json") + + cacheIn := cache.NewInMemory() + cacheIn.Flush() + + executor.Execute("test_sqli_filter", "test", config.Request) + if _, ok := cacheIn.Get("test_pan_process"); !ok { + t.Error("test_pan_process is not in the cache") + } + if _, ok := cacheIn.Get("pan_process"); !ok { + t.Error("pan_process is not in the cache") + } +} diff --git a/executor/executor.go b/executor/executor.go new file mode 100644 index 0000000..cf2de66 --- /dev/null +++ b/executor/executor.go @@ -0,0 +1,138 @@ +package executor + +import ( + "fmt" + "github.com/kaanaktas/go-slm/cache" + "github.com/kaanaktas/go-slm/config" + "github.com/kaanaktas/go-slm/datafilter" + "github.com/kaanaktas/go-slm/policy" + "github.com/kelseyhightower/envconfig" + "log" + "sync" +) + +var cacheIn = cache.NewInMemory() + +type Specification struct { + PolicyRuleSetPath string `envconfig:"policy_rule_set_path"` + CommonRulesPath string `envconfig:"common_rules_path"` + DataFilterRuleSetPath string `envconfig:"data_filter_rule_set_path"` + CurrentModuleName string `envconfig:"current_module_name"` +} + +func loadConfiguration() { + var spec Specification + err := envconfig.Process("go_slm", &spec) + if err != nil { + log.Fatal(err.Error()) + } + + if !config.IsModuleImported(spec.CurrentModuleName) || config.RootDirectory == "" { + panic("root directory is empty or module is not imported") + } + + policy.Load(spec.PolicyRuleSetPath, spec.CommonRulesPath) + datafilter.Load(spec.DataFilterRuleSetPath) +} + +var isConfigurationFlagSet = "isConfigurationFlagSet" + +func Execute(data, serviceName, direction string) { + if _, ok := cacheIn.Get(isConfigurationFlagSet); !ok { + loadConfiguration() + _ = cacheIn.Set(isConfigurationFlagSet, true, cache.NoExpiration) + } + + policyKey := config.PolicyKey(serviceName, direction) + cachedRule, ok := cacheIn.Get(policy.Key) + if !ok { + panic("policyRule doesn't exist") + } + + policyRules := cachedRule.(policy.Rules)[policyKey] + if len(policyRules) == 0 { + log.Println("No ruleSet found for", serviceName) + return + } + + breaker := make(chan string) + in := make(chan datafilter.Validate) + closeCh := make(chan struct{}) + + go processor(policyRules, in, breaker) + go validator(&data, in, closeCh, breaker) + + select { + case v := <-breaker: + panic(v) + case <-closeCh: + } + + log.Println("no_match with datafilter rules") +} + +func processor(accessList []policy.CommonRule, in chan<- datafilter.Validate, breaker <-chan string) { + defer func() { + close(in) + }() + + for _, v := range accessList { + if v.Active { + if rule, ok := cacheIn.Get(v.Name); ok { + processRule(rule.([]datafilter.Validate), in, breaker) + } + } + } +} + +func processRule(patterns []datafilter.Validate, in chan<- datafilter.Validate, breaker <-chan string) { + var wg sync.WaitGroup + + for _, pattern := range patterns { + wg.Add(1) + + pattern := pattern + go func() { + defer wg.Done() + + if !pattern.Disable() { + select { + case <-breaker: + return + case in <- pattern: + } + } + }() + } + + wg.Wait() +} + +func validator(data *string, in <-chan datafilter.Validate, closeCh chan<- struct{}, breaker chan<- string) { + defer func() { + close(closeCh) + }() + + var wg sync.WaitGroup + + //Distribute work to multiple workers + for i := 0; i < config.NumberOfWorker; i++ { + wg.Add(1) + worker(&wg, data, in, breaker) + } + + wg.Wait() +} + +func worker(wg *sync.WaitGroup, data *string, in <-chan datafilter.Validate, breaker chan<- string) { + go func() { + defer wg.Done() + + for v := range in { + if v.Validate(data) { + breaker <- fmt.Sprint(v.ToString()) + return + } + } + }() +} diff --git a/go.mod b/go.mod index e69d661..95da0d8 100644 --- a/go.mod +++ b/go.mod @@ -3,6 +3,7 @@ module github.com/kaanaktas/go-slm go 1.18 require ( + github.com/kelseyhightower/envconfig v1.4.0 github.com/labstack/echo/v4 v4.7.2 github.com/patrickmn/go-cache v2.1.0+incompatible ) diff --git a/go.sum b/go.sum index 4e2e973..81cd2b7 100644 --- a/go.sum +++ b/go.sum @@ -3,6 +3,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY= github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= +github.com/kelseyhightower/envconfig v1.4.0 h1:Im6hONhd3pLkfDFsbRgu68RDNkGF1r3dvMUtDTo2cv8= +github.com/kelseyhightower/envconfig v1.4.0/go.mod h1:cccZRl6mQpaq41TPp5QxidR+Sa3axMbJDNb//FQX6Gg= github.com/labstack/echo/v4 v4.7.2 h1:Kv2/p8OaQ+M6Ex4eGimg9b9e6icoxA42JSlOR3msKtI= github.com/labstack/echo/v4 v4.7.2/go.mod h1:xkCDAdFCIf8jsFQ5NnbK7oqaF/yU1A1X20Ltm0OvSks= github.com/labstack/gommon v0.3.1 h1:OomWaJXm7xR6L1HmEtGyQf26TEn7V6X88mktX9kee9o= diff --git a/impl_samples/echo/main.go b/impl_samples/echo/main.go index f4c51ae..17ee906 100644 --- a/impl_samples/echo/main.go +++ b/impl_samples/echo/main.go @@ -2,7 +2,7 @@ package main import ( "github.com/kaanaktas/go-slm/config" - "github.com/kaanaktas/go-slm/datafilter" + "github.com/kaanaktas/go-slm/executor" "github.com/labstack/echo/v4" "github.com/labstack/echo/v4/middleware" "io/ioutil" @@ -40,7 +40,7 @@ func testPost(c echo.Context) error { func testGet(c echo.Context) error { p1 := c.QueryParam("param1") - datafilter.Execute(p1, "test", config.Request) + executor.Execute(p1, "test", config.Request) return c.JSON(http.StatusOK, "no_match") } diff --git a/impl_samples/echo/utils.go b/impl_samples/echo/utils.go index d52b374..149e01b 100644 --- a/impl_samples/echo/utils.go +++ b/impl_samples/echo/utils.go @@ -3,7 +3,7 @@ package main import ( "bytes" "github.com/kaanaktas/go-slm/config" - "github.com/kaanaktas/go-slm/datafilter" + "github.com/kaanaktas/go-slm/executor" "github.com/labstack/echo/v4" "io/ioutil" "net/http" @@ -22,7 +22,7 @@ func requestDump(s ServiceIdExtractor) echo.MiddlewareFunc { c.Request().Body = ioutil.NopCloser(bytes.NewBuffer(reqBody)) serviceName := s(c) - datafilter.Execute(string(reqBody), serviceName, config.Request) + executor.Execute(string(reqBody), serviceName, config.Request) return next(c) } @@ -35,7 +35,7 @@ func extractServiceId(c echo.Context) string { } func responseBeforeHook(respBody string, c echo.Context, s ServiceIdExtractor) { - datafilter.Execute(respBody, s(c), config.Response) + executor.Execute(respBody, s(c), config.Response) } func customRecover(next echo.HandlerFunc) echo.HandlerFunc { diff --git a/main.go b/main.go index 3b23eb1..c70a46d 100644 --- a/main.go +++ b/main.go @@ -2,27 +2,41 @@ package main import ( "github.com/kaanaktas/go-slm/config" - "github.com/kaanaktas/go-slm/datafilter" + "github.com/kaanaktas/go-slm/executor" "log" + "os" "runtime" ) +func init() { + _ = os.Setenv("GO_SLM_COMMON_RULES_PATH", "/policy/testdata/common_rules.json") + _ = os.Setenv("GO_SLM_POLICY_RULE_SET_PATH", "/policy/testdata/policy_rule_set.json") + //pretending to be imported by another project + _ = os.Setenv("GO_SLM_CURRENT_MODULE_NAME", "github.com/kaanaktas/dummy") +} + func main() { defer config.Elapsed("Execution")() defer func() { - if r := recover(); r != nil { - log.Println("Recovered in Execute", r) - } - log.Println("All Channels were closed successfully. Number of goroutine:", runtime.NumGoroutine()) }() serviceName := "test" + testData := [...]string{ + "clear data with no match", + "admin' AND 1=1 --", + "http://testing.com/book.html?default=", + "44044333322221111deded AND 1=1 --ede4444333322221111dededede44044333322221111dededede4442333322221111dededede"} - data := "clear data with no match" - //data := "admin' AND 1=1 --" - //data := "http://testing.com/book.html?default=" - //data := "44044333322221111deded AND 1=1 --ede4444333322221111dededede44044333322221111dededede4442333322221111dededede" - - datafilter.Execute(data, serviceName, config.Request) + for _, data := range testData { + func() { + defer func() { + if r := recover(); r != nil { + log.Println("Recovered in Execute", r) + } + }() + log.Println("Filtering data:", data) + executor.Execute(data, serviceName, config.Request) + }() + } } diff --git a/policy/load.go b/policy/load.go index 92e94b3..4f7d111 100644 --- a/policy/load.go +++ b/policy/load.go @@ -1,32 +1,30 @@ -package access +package policy import ( - _ "embed" "encoding/json" "fmt" "github.com/kaanaktas/go-slm/cache" "github.com/kaanaktas/go-slm/config" "log" + "path/filepath" ) const Key = "access_rule" -func init() { - loadAccesses() -} +var cacheIn = cache.NewInMemory() -type Rule struct { +type CommonRule struct { Name string `json:"name"` Active bool `json:"active"` } -type Rules struct { - Name string `json:"Name"` - Rules []Rule `json:"rule"` +type CommonRules struct { + Name string `json:"Name"` + Rules []CommonRule `json:"rule"` } -type RuleSet struct { - Rules []Rules `json:"Rules"` +type CommonRuleSet struct { + Rules []CommonRules `json:"Rules"` } type Policy struct { @@ -39,32 +37,44 @@ type Policies struct { Policies []Policy `json:"policies"` } -type PolicyRules map[string][]Rule - -var cacheIn = cache.NewInMemory() +type Rules map[string][]CommonRule -//go:embed policy_rule_set.json -var policyRuleSetContent []byte +func Load(policyRuleSetPath, commonRulesPath string) { + if policyRuleSetPath == "" { + panic("POLICY_RULE_SET_PATH hasn't been set") + } -//go:embed common_rules.json -var commonRulesContent []byte + if commonRulesPath == "" { + panic("COMMON_RULES_PATH hasn't been set") + } -func loadAccesses() { var ps Policies - err := json.Unmarshal(policyRuleSetContent, &ps) + content, err := config.ReadFile(filepath.Join(config.RootDirectory, policyRuleSetPath)) + if err != nil { + msg := fmt.Sprintf("Error while reading %s. Error: %s", policyRuleSetPath, err) + panic(msg) + } + + err = json.Unmarshal(content, &ps) + if err != nil { + msg := fmt.Sprintf("Can't unmarshall the content of %s. Error: %s", policyRuleSetPath, err) + panic(msg) + } + + var rules CommonRuleSet + content, err = config.ReadFile(filepath.Join(config.RootDirectory, commonRulesPath)) if err != nil { - msg := fmt.Sprintf("Can't unmarshall the content of policy_rule_set.json. Error: %s", err) + msg := fmt.Sprintf("Error while reading %s. Error: %s", commonRulesPath, err) panic(msg) } - var rules RuleSet - err = json.Unmarshal(commonRulesContent, &rules) + err = json.Unmarshal(content, &rules) if err != nil { - msg := fmt.Sprintf("Can't unmarshall the content of policy_rule_set.json. Error: %s", err) + msg := fmt.Sprintf("Can't unmarshall the content of %s. Error: %s", commonRulesPath, err) panic(msg) } - policyRules := make(PolicyRules) + policyRules := make(Rules) for _, policy := range ps.Policies { for _, rule := range rules.Rules { @@ -78,5 +88,5 @@ func loadAccesses() { } _ = cacheIn.Set(Key, policyRules, cache.NoExpiration) - log.Println("policy Rules have been loaded successfully") + log.Println("policy CommonRules have been loaded successfully") } diff --git a/policy/common_rules.json b/policy/testdata/common_rules.json similarity index 100% rename from policy/common_rules.json rename to policy/testdata/common_rules.json diff --git a/policy/policy_rule_set.json b/policy/testdata/policy_rule_set.json similarity index 100% rename from policy/policy_rule_set.json rename to policy/testdata/policy_rule_set.json