Lua evaluator - take 1

Author: wupeka

.gitmodules

@@ -1,3 +1,6 @@
 [submodule "src/adapters/pnp/azure-iot-sdk-c"]
 	path = src/adapters/pnp/azure-iot-sdk-c
 	url = https://github.com/Azure/azure-iot-sdk-c
+[submodule "src/modules/complianceengine/lua/src"]
+	path = src/modules/complianceengine/lua/src
+	url = https://github.com/lua/lua

.vscode/settings.json

@@ -85,6 +85,7 @@
         "semaphore": "cpp",
         "charconv": "cpp",
         "format": "cpp",
-        "span": "cpp"
+        "span": "cpp",
+        "unordered_set": "cpp"
     }
 }

src/modules/complianceengine/CMakeLists.txt

@@ -5,3 +5,5 @@ add_subdirectory(src)
 if (BUILD_TESTS)
     add_subdirectory(tests)
 endif()
+
+add_subdirectory(lua)

src/modules/complianceengine/lua/CMakeLists.txt

@@ -0,0 +1,43 @@
+project(lualib)
+
+
+add_library(lualib STATIC
+src/lapi.c
+src/lcode.c
+src/lctype.c
+src/ldebug.c
+src/ldo.c
+src/ldump.c
+src/lfunc.c
+src/lgc.c
+src/llex.c
+src/lmem.c
+src/lobject.c
+src/lopcodes.c
+src/lparser.c
+src/lstate.c
+src/lstring.c
+src/ltable.c
+src/ltm.c
+src/lundump.c
+src/lvm.c
+src/lzio.c
+src/ltests.c
+src/lauxlib.c
+src/lbaselib.c
+src/ldblib.c
+src/liolib.c
+src/lmathlib.c
+src/loslib.c
+src/ltablib.c
+src/lstrlib.c
+src/lutf8lib.c
+src/loadlib.c
+src/lcorolib.c
+src/linit.c
+)
+
+set_property(TARGET lualib PROPERTY POSITION_INDEPENDENT_CODE ON)
+
+# POSIX, not Linux, as Linux implies libdl which we don't want.
+target_compile_options(lualib PRIVATE -DLUA_USE_POSIX -Wno-error=unused-const-variable=)

src/modules/complianceengine/lua/src

@@ -131,6 +131,7 @@ add_library(complianceenginelib STATIC
     JsonWrapper.cpp
     KernelModuleTools.cpp
     ListValidShells.cpp
+    LuaEvaluator.cpp
     NetworkTools.cpp
     PasswordEntriesIterator.cpp
     Procedure.cpp
@@ -156,8 +157,10 @@ target_link_libraries(complianceenginelib PRIVATE
     logging
     commonutils
     parsonlib
+    lualib
     )
 
 target_include_directories(complianceenginelib PUBLIC
     ${MODULES_INC_DIR}
-    ${CMAKE_CURRENT_SOURCE_DIR})
+    ${CMAKE_CURRENT_SOURCE_DIR}
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../lua/src)

src/modules/complianceengine/src/lib/CMakeLists.txt

@@ -5,6 +5,7 @@
 
 #include "JsonWrapper.h"
 #include "Logging.h"
+#include "LuaEvaluator.h"
 #include "Reasons.h"
 #include "Result.h"
 
@@ -25,11 +26,14 @@ using std::string;
 Evaluator::Evaluator(std::string ruleName, const struct json_object_t* json, const ParameterMap& parameters, ContextInterface& context)
     : mJson(json),
       mParameters(parameters),
-      mContext(context)
+      mContext(context),
+      mLuaEvaluator(std::unique_ptr<LuaEvaluator>(new LuaEvaluator()))
 {
     mIndicators.Push(std::move(ruleName));
 }
 
+Evaluator::~Evaluator() = default;
+
 Result<AuditResult> Evaluator::ExecuteAudit(const PayloadFormatter& formatter)
 {
     auto result = EvaluateProcedure(mJson, Action::Audit);
@@ -109,6 +113,20 @@ Result<Status> Evaluator::EvaluateProcedure(const JSON_Object* object, const Act
         return result.Value();
     }
 
+    if (!strcmp(name, "lua"))
+    {
+        mIndicators.Push("lua");
+        const auto result = EvaluateLua(value, action);
+        if (!result.HasValue())
+        {
+            OsConfigLogError(mContext.GetLogHandle(), "Evaluation failed: %s", result.Error().message.c_str());
+            return result;
+        }
+        mIndicators.Back().status = result.Value();
+        mIndicators.Pop();
+        return result.Value();
+    }
+
     mIndicators.Push(name);
     auto result = EvaluateBuiltinProcedure(name, value, action);
     if (!result.HasValue())
@@ -206,6 +224,49 @@ Result<Status> Evaluator::EvaluateNot(const json_value_t* value, const Action ac
     return Status::Compliant;
 }
 
+Result<Status> Evaluator::EvaluateLua(const json_value_t* value, const Action action)
+{
+    OsConfigLogDebug(mContext.GetLogHandle(), "Evaluating lua operator");
+
+    if (nullptr == value)
+    {
+        OsConfigLogError(mContext.GetLogHandle(), "invalid argument");
+        return Error("invalid argument", EINVAL);
+    }
+
+    if (json_value_get_type(value) != JSONObject)
+    {
+        OsConfigLogError(mContext.GetLogHandle(), "lua value is not an object");
+        return Error("lua value is not an object", EINVAL);
+    }
+
+    // Lua can be used for both audit and remediation
+    // Get the arguments from the JSON object
+    auto arguments = GetBuiltinProcedureArguments(value);
+    if (!arguments.HasValue())
+    {
+        OsConfigLogError(mContext.GetLogHandle(), "Failed to get lua arguments: %s", arguments.Error().message.c_str());
+        return arguments.Error();
+    }
+
+    // Call the lua evaluation function using our LuaEvaluator instance
+    auto scriptIt = arguments.Value().find("script");
+    if (scriptIt == arguments.Value().end())
+    {
+        OsConfigLogError(mContext.GetLogHandle(), "No script content provided");
+        return Error("No script content provided", EINVAL);
+    }
+
+    auto result = mLuaEvaluator->Evaluate(scriptIt->second, mIndicators, mContext, action);
+    if (!result.HasValue())
+    {
+        OsConfigLogError(mContext.GetLogHandle(), "Lua evaluation failed: %s", result.Error().message.c_str());
+        return result.Error();
+    }
+
+    return result.Value();
+}
+
 Result<map<string, string>> Evaluator::GetBuiltinProcedureArguments(const json_value_t* value) const
 {
     map<string, string> result;

src/modules/complianceengine/src/lib/Evaluator.cpp

@@ -12,6 +12,7 @@
 
 #include <Optional.h>
 #include <map>
+#include <memory>
 #include <sstream>
 #include <string>
 #include <vector>
@@ -43,6 +44,16 @@ struct json_value_t;
 namespace ComplianceEngine
 {
 
+// Define Action enum outside of class for forward declarations
+enum class Action
+{
+    Audit,
+    Remediate
+};
+
+// Forward declaration
+class LuaEvaluator;
+
 class PayloadFormatter
 {
 public:
@@ -113,7 +124,7 @@ class Evaluator
 {
 public:
     Evaluator(std::string ruleName, const struct json_object_t* json, const ParameterMap& parameters, ContextInterface& context);
-    ~Evaluator() = default;
+    ~Evaluator();
     Evaluator(const Evaluator&) = delete;
     Evaluator(Evaluator&&) = delete;
     Evaluator& operator=(const Evaluator&) = delete;
@@ -122,13 +133,10 @@ class Evaluator
     Result<AuditResult> ExecuteAudit(const PayloadFormatter& formatter);
     Result<Status> ExecuteRemediation();
 
-private:
-    enum class Action
-    {
-        Audit,
-        Remediate
-    };
+    // Make procedure map public for access from Lua scripts
+    static const ProcedureMap mProcedureMap;
 
+private:
     enum class ListAction
     {
         AnyOf,
@@ -138,17 +146,19 @@ class Evaluator
     Result<Status> EvaluateProcedure(const struct json_object_t* object, Action action);
     Result<Status> EvaluateList(const struct json_value_t* value, Action action, ListAction listAction);
     Result<Status> EvaluateNot(const struct json_value_t* value, Action action);
+    Result<Status> EvaluateLua(const struct json_value_t* value, Action action);
     Result<Status> EvaluateBuiltinProcedure(const std::string& procedureName, const struct json_value_t* value, Action action);
     Result<std::map<std::string, std::string>> GetBuiltinProcedureArguments(const json_value_t* value) const;
     const struct json_object_t* mJson;
     const ParameterMap& mParameters;
     ContextInterface& mContext;
-    // autogenerated, instantiated in ProcedureMap.cpp
-    static const ProcedureMap mProcedureMap;
     static const size_t cLogstreamMaxSize = 4096;
 
     // List of indicators which determine the final state of the evaluation
     IndicatorsTree mIndicators;
+
+    // Lua evaluator instance for this evaluator
+    std::unique_ptr<LuaEvaluator> mLuaEvaluator;
 };
 } // namespace ComplianceEngine