From 787a2e717abef70dc398afdd77ca872d142a9529 Mon Sep 17 00:00:00 2001
From: songhang <s.deng@f5.com>
Date: Thu, 1 Aug 2024 12:59:05 -0600
Subject: [PATCH] add NAP into go generate

---
 analyze.go                                  | 12 +++
 analyze_appProtectWAFv4_directives.gen.go   | 88 +++++++++++++++++++++
 analyze_appProtectWAFv4_directives.go       | 51 ------------
 analyze_appProtectWAFv5_directives.gen.go   | 88 +++++++++++++++++++++
 analyze_appProtectWAFv5_directives.go       | 51 ------------
 scripts/generate/configs/nap_v4_config.json |  9 +++
 scripts/generate/configs/nap_v5_config.json |  9 +++
 7 files changed, 206 insertions(+), 102 deletions(-)
 create mode 100644 analyze_appProtectWAFv4_directives.gen.go
 delete mode 100644 analyze_appProtectWAFv4_directives.go
 create mode 100644 analyze_appProtectWAFv5_directives.gen.go
 delete mode 100644 analyze_appProtectWAFv5_directives.go
 create mode 100644 scripts/generate/configs/nap_v4_config.json
 create mode 100644 scripts/generate/configs/nap_v5_config.json

diff --git a/analyze.go b/analyze.go
index 337e5fcd..8eda8d8f 100644
--- a/analyze.go
+++ b/analyze.go
@@ -7,6 +7,9 @@
 
 package crossplane
 
+// Upgrade for .gen.go files. If you don't have access to some private modules,
+// please use -skip options to skip them. e.g. go generate -skip="nap".
+
 // Update for headersmore
 //go:generate sh -c "sh ./scripts/generate/generate.sh --url https://github.com/openresty/headers-more-nginx-module.git --config-path ./scripts/generate/configs/headersmore_config.json > ./analyze_headersMore_directives.gen.go"
 
@@ -26,6 +29,15 @@ package crossplane
 // Otel provides its own config handler for some directives and they don't have context. Currently we don't support them.
 //go:generate sh -c "sh ./scripts/generate/generate.sh --url https://github.com/nginxinc/nginx-otel.git --config-path ./scripts/generate/configs/otel_config.json --branch main > ./analyze_otel_directives.gen.go"
 
+// Update for NAP v4 and v5.
+// NAP is a private module. Please ensure you have correct access and put the url.
+// and branch of it in environment variable NAP_URL, NAP_V4_BRANCH, and NAP_V5_BRANCH.
+// Override is for flag dirctives. NAP used ngxConfTake1 for flag directives, we change them to ngxConfFlag in crossplane.
+// NAP v4
+//go:generate sh -c "sh ./scripts/generate/generate.sh --url $NAP_URL --config-path ./scripts/generate/configs/nap_v4_config.json --branch $NAP_V4_BRANCH --path ./src > analyze_appProtectWAFv4_directives.gen.go"
+// NAP v5
+//go:generate sh -c "sh ./scripts/generate/generate.sh --url $NAP_URL --config-path ./scripts/generate/configs/nap_v5_config.json --branch $NAP_V5_BRANCH --path ./src > analyze_appProtectWAFv5_directives.gen.go"
+
 import (
 	"fmt"
 )
diff --git a/analyze_appProtectWAFv4_directives.gen.go b/analyze_appProtectWAFv4_directives.gen.go
new file mode 100644
index 00000000..c639b73f
--- /dev/null
+++ b/analyze_appProtectWAFv4_directives.gen.go
@@ -0,0 +1,88 @@
+/**
+ * Copyright (c) F5, Inc.
+ *
+ * This source code is licensed under the Apache License, Version 2.0 license found in the
+ * LICENSE file in the root directory of this source tree.
+ */
+
+// Code generated by generator; DO NOT EDIT.
+// All the definitions are extracted from the source code
+// Each bit mask describes these behaviors:
+//   - how many arguments the directive can take
+//   - whether or not it is a block directive
+//   - whether this is a flag (takes one argument that's either "on" or "off")
+//   - which contexts it's allowed to be in
+
+package crossplane
+
+var appProtectWAFv4Directives = map[string][]uint{
+    "app_protect_app_name": {
+        ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfTake1,
+    },
+    "app_protect_compressed_requests_action": {
+        ngxHTTPMainConf | ngxConfTake1,
+    },
+    "app_protect_config_set_timeout": {
+        ngxHTTPMainConf | ngxConfTake1,
+    },
+    "app_protect_cookie_seed": {
+        ngxHTTPMainConf | ngxConfTake1,
+    },
+    "app_protect_cpu_thresholds": {
+        ngxHTTPMainConf | ngxConfTake2,
+    },
+    "app_protect_custom_log_attribute": {
+        ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfTake2,
+    },
+    "app_protect_enable": {
+        ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfFlag,
+    },
+    "app_protect_enforcer_address": {
+        ngxHTTPMainConf | ngxConfTake1,
+    },
+    "app_protect_enforcer_memory_limit_mb": {
+        ngxHTTPMainConf | ngxConfTake1,
+    },
+    "app_protect_failure_mode_action": {
+        ngxHTTPMainConf | ngxConfTake1,
+    },
+    "app_protect_global_settings": {
+        ngxHTTPMainConf | ngxConfTake1,
+    },
+    "app_protect_logging_str": {
+        ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfTake1,
+    },
+    "app_protect_physical_memory_util_thresholds": {
+        ngxHTTPMainConf | ngxConfTake2,
+    },
+    "app_protect_policy_file": {
+        ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfTake1,
+    },
+    "app_protect_reconnect_period_seconds": {
+        ngxHTTPMainConf | ngxConfTake1,
+    },
+    "app_protect_request_buffer_overflow_action": {
+        ngxHTTPMainConf | ngxConfTake1,
+    },
+    "app_protect_response_enforcement_disable": {
+        ngxHTTPMainConf | ngxConfTake1,
+    },
+    "app_protect_security_log": {
+        ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfTake2,
+    },
+    "app_protect_security_log_enable": {
+        ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfFlag,
+    },
+    "app_protect_streaming_buffer_watermarks": {
+        ngxHTTPMainConf | ngxConfTake2,
+    },
+    "app_protect_user_defined_signatures": {
+        ngxHTTPMainConf | ngxConfTake1,
+    },
+}
+
+// MatchAppProtectWAFv4 is a MatchFunc for App Protect v4 module.
+func MatchAppProtectWAFv4(directive string) ([]uint, bool) {
+    m, ok := appProtectWAFv4Directives[directive]
+    return m, ok
+}
diff --git a/analyze_appProtectWAFv4_directives.go b/analyze_appProtectWAFv4_directives.go
deleted file mode 100644
index 113e48f4..00000000
--- a/analyze_appProtectWAFv4_directives.go
+++ /dev/null
@@ -1,51 +0,0 @@
-package crossplane
-
-// nginx app protect specific and global directives, inferred from
-// [https://docs.nginx.com/nginx-app-protect/configuration-guide/configuration/#directives]
-
-//nolint:gochecknoglobals
-var appProtectWAFv4Directives = map[string][]uint{
-	"app_protect_compressed_requests_action": {
-		ngxHTTPMainConf | ngxConfTake1,
-	},
-	"app_protect_cookie_seed": {
-		ngxHTTPMainConf | ngxConfTake1,
-	},
-	"app_protect_cpu_thresholds": {
-		ngxHTTPMainConf | ngxConfTake2,
-	},
-	"app_protect_enable": {
-		ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfFlag,
-	},
-	"app_protect_failure_mode_action": {
-		ngxHTTPMainConf | ngxConfTake1,
-	},
-	"app_protect_physical_memory_util_thresholds": {
-		ngxHTTPMainConf | ngxConfTake2,
-	},
-	"app_protect_policy_file": {
-		ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfTake1,
-	},
-	"app_protect_reconnect_period_seconds": {
-		ngxHTTPMainConf | ngxConfTake1,
-	},
-	"app_protect_request_buffer_overflow_action": {
-		ngxHTTPMainConf | ngxConfTake1,
-	},
-	"app_protect_security_log_enable": {
-		ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfFlag,
-	},
-	"app_protect_security_log": {
-		ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfTake2,
-	},
-	"app_protect_user_defined_signatures": {
-		ngxHTTPMainConf | ngxConfTake1,
-	},
-}
-
-// MatchAppProtectWAFv4 is a match function for parsing an NGINX config that contains the
-// App Protect v4 module.
-func MatchAppProtectWAFv4(directive string) ([]uint, bool) {
-	masks, matched := appProtectWAFv4Directives[directive]
-	return masks, matched
-}
diff --git a/analyze_appProtectWAFv5_directives.gen.go b/analyze_appProtectWAFv5_directives.gen.go
new file mode 100644
index 00000000..4601a25a
--- /dev/null
+++ b/analyze_appProtectWAFv5_directives.gen.go
@@ -0,0 +1,88 @@
+/**
+ * Copyright (c) F5, Inc.
+ *
+ * This source code is licensed under the Apache License, Version 2.0 license found in the
+ * LICENSE file in the root directory of this source tree.
+ */
+
+// Code generated by generator; DO NOT EDIT.
+// All the definitions are extracted from the source code
+// Each bit mask describes these behaviors:
+//   - how many arguments the directive can take
+//   - whether or not it is a block directive
+//   - whether this is a flag (takes one argument that's either "on" or "off")
+//   - which contexts it's allowed to be in
+
+package crossplane
+
+var appProtectWAFv5Directives = map[string][]uint{
+    "app_protect_app_name": {
+        ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfTake1,
+    },
+    "app_protect_compressed_requests_action": {
+        ngxHTTPMainConf | ngxConfTake1,
+    },
+    "app_protect_config_set_timeout": {
+        ngxHTTPMainConf | ngxConfTake1,
+    },
+    "app_protect_cookie_seed": {
+        ngxHTTPMainConf | ngxConfTake1,
+    },
+    "app_protect_cpu_thresholds": {
+        ngxHTTPMainConf | ngxConfTake2,
+    },
+    "app_protect_custom_log_attribute": {
+        ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfTake2,
+    },
+    "app_protect_enable": {
+        ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfFlag,
+    },
+    "app_protect_enforcer_address": {
+        ngxHTTPMainConf | ngxConfTake1,
+    },
+    "app_protect_enforcer_memory_limit_mb": {
+        ngxHTTPMainConf | ngxConfTake1,
+    },
+    "app_protect_failure_mode_action": {
+        ngxHTTPMainConf | ngxConfTake1,
+    },
+    "app_protect_global_settings": {
+        ngxHTTPMainConf | ngxConfTake1,
+    },
+    "app_protect_logging_str": {
+        ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfTake1,
+    },
+    "app_protect_physical_memory_util_thresholds": {
+        ngxHTTPMainConf | ngxConfTake2,
+    },
+    "app_protect_policy_file": {
+        ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfTake1,
+    },
+    "app_protect_reconnect_period_seconds": {
+        ngxHTTPMainConf | ngxConfTake1,
+    },
+    "app_protect_request_buffer_overflow_action": {
+        ngxHTTPMainConf | ngxConfTake1,
+    },
+    "app_protect_response_enforcement_disable": {
+        ngxHTTPMainConf | ngxConfTake1,
+    },
+    "app_protect_security_log": {
+        ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfTake2,
+    },
+    "app_protect_security_log_enable": {
+        ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfFlag,
+    },
+    "app_protect_streaming_buffer_watermarks": {
+        ngxHTTPMainConf | ngxConfTake2,
+    },
+    "app_protect_user_defined_signatures": {
+        ngxHTTPMainConf | ngxConfTake1,
+    },
+}
+
+// MatchAppProtectWAFv5 is a MatchFunc for App Protect v5 module.
+func MatchAppProtectWAFv5(directive string) ([]uint, bool) {
+    m, ok := appProtectWAFv5Directives[directive]
+    return m, ok
+}
diff --git a/analyze_appProtectWAFv5_directives.go b/analyze_appProtectWAFv5_directives.go
deleted file mode 100644
index 4538d3b3..00000000
--- a/analyze_appProtectWAFv5_directives.go
+++ /dev/null
@@ -1,51 +0,0 @@
-package crossplane
-
-// nginx app protect specific and global directives, inferred from
-// [https://docs.nginx.com/nginx-app-protect/configuration-guide/configuration/#directives]
-
-//nolint:gochecknoglobals
-var appProtectWAFv5Directives = map[string][]uint{
-	"app_protect_physical_memory_util_thresholds": {
-		ngxHTTPMainConf | ngxConfTake2,
-	},
-	"app_protect_cpu_thresholds": {
-		ngxHTTPMainConf | ngxConfTake2,
-	},
-	"app_protect_failure_mode_action": {
-		ngxHTTPMainConf | ngxConfTake1,
-	},
-	"app_protect_cookie_seed": {
-		ngxHTTPMainConf | ngxConfTake1,
-	},
-	"app_protect_request_buffer_overflow_action": {
-		ngxHTTPMainConf | ngxConfTake1,
-	},
-	"app_protect_reconnect_period_seconds": {
-		ngxHTTPMainConf | ngxConfTake1,
-	},
-	"app_protect_enforcer_address": {
-		ngxHTTPMainConf | ngxConfTake1,
-	},
-	"app_protect_enable": {
-		ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfFlag,
-	},
-	"app_protect_policy_file": {
-		ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfTake1,
-	},
-	"app_protect_security_log_enable": {
-		ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfFlag,
-	},
-	"app_protect_security_log": {
-		ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfTake2,
-	},
-	"app_protect_custom_log_attribute": {
-		ngxHTTPMainConf | ngxHTTPSrvConf | ngxHTTPLocConf | ngxConfTake2,
-	},
-}
-
-// MatchAppProtectWAFv5 is a match function for parsing an NGINX config that contains the
-// App Protect v5 module.
-func MatchAppProtectWAFv5(directive string) ([]uint, bool) {
-	masks, matched := appProtectWAFv5Directives[directive]
-	return masks, matched
-}
diff --git a/scripts/generate/configs/nap_v4_config.json b/scripts/generate/configs/nap_v4_config.json
new file mode 100644
index 00000000..a37ec58c
--- /dev/null
+++ b/scripts/generate/configs/nap_v4_config.json
@@ -0,0 +1,9 @@
+{
+    "directiveMapName":"appProtectWAFv4Directives",
+    "matchFuncName":"MatchAppProtectWAFv4",
+    "matchFuncComment":"MatchAppProtectWAFv4 is a MatchFunc for App Protect v4 module.",
+    "override":{
+        "app_protect_enable":[["ngxHTTPMainConf", "ngxHTTPSrvConf" , "ngxHTTPLocConf", "ngxConfFlag"]],
+        "app_protect_security_log_enable":[["ngxHTTPMainConf", "ngxHTTPSrvConf", "ngxHTTPLocConf", "ngxConfFlag"]]
+    }
+}
diff --git a/scripts/generate/configs/nap_v5_config.json b/scripts/generate/configs/nap_v5_config.json
new file mode 100644
index 00000000..e66a19b9
--- /dev/null
+++ b/scripts/generate/configs/nap_v5_config.json
@@ -0,0 +1,9 @@
+{
+    "directiveMapName":"appProtectWAFv5Directives",
+    "matchFuncName":"MatchAppProtectWAFv5",
+    "matchFuncComment":"MatchAppProtectWAFv5 is a MatchFunc for App Protect v5 module.",
+    "override":{
+        "app_protect_enable":[["ngxHTTPMainConf", "ngxHTTPSrvConf" , "ngxHTTPLocConf", "ngxConfFlag"]],
+        "app_protect_security_log_enable":[["ngxHTTPMainConf", "ngxHTTPSrvConf", "ngxHTTPLocConf", "ngxConfFlag"]]
+    }
+}