Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: support bitwise operations #1919

Closed
tahsinrahman opened this issue Nov 22, 2019 · 1 comment · Fixed by #2160
Closed

Feature Request: support bitwise operations #1919

tahsinrahman opened this issue Nov 22, 2019 · 1 comment · Fixed by #2160
Labels
feature-request good first issue

Comments

@tahsinrahman
Copy link
Contributor

Expected Behavior

At https://github.com/kubeshield/bpf-opa-demo, we're writing policy in rego that can filter linux system call data. Most of the system calls have a flag parameter. It'd be a lot easier if opa supported bitwise operations.
For example, to check O_WRONLY flag is set on open syscall, we could do the following

O_WRONLY := (1<<1)

is_open_write {
	(input.event.params.flags & O_WRONLY)  > 0
}

Actual Behavior

Instead, we'd to do the following

O_WRONLY := 2

is_open_write {
	round((input.event.params.flags-0.1) / O_WRONLY) % 2 > 0
}

cc @tamalsaha
@tsandall
Copy link
Member

Adding support for bitwise operations on integer numbers would be good. Since bitwise operations are not used frequently today I'd rather not overload the infix & and | operators for now. We could add bitwise functions like:

c := bits.or(a, b)
c := bits.and(a, b)
# etc.

This way your policy would read as:

O_WRONLY := bits.lsh(1, 1)

is_open_write {
  bits.and(input.event.params.flags, O_WRONLY) > 0
}

@mjgpy3 mjgpy3 mentioned this issue Feb 29, 2020
Merged
mjgpy3 added a commit to mjgpy3/opa that referenced this issue Mar 1, 2020
@mjgpy3
Add bitwise operators after bits..
06540eb 
Fixes open-policy-agent#1919

Signed-off-by: Michael "Gilli" Gilliland <mjg.py3@gmail.com>
patrick-east pushed a commit that referenced this issue Mar 2, 2020
@mjgpy3 @patrick-east
Add bitwise operators after bits..
ff3766d 
Fixes #1919

Signed-off-by: Michael "Gilli" Gilliland <mjg.py3@gmail.com>
@zenmatic zenmatic mentioned this issue Mar 17, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature-request good first issue
Projects
Open Policy Agent
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add bitwise operators after bits.. mjgpy3/opa
2 participants
@tsandall @tahsinrahman