Fixes for unreachable rules detection, v0.6.1

CHANGELOG.md

@@ -1,3 +1,8 @@
+## v0.6.1 [2016-04-25]
+
+- Fixed false positive for unreachable rules checks with `or`
+- Fixed missing detection for multiple unreachable rules
+
 ## v0.6.0 [2016-04-22]
 
 - Refactoring - moved all generic functions from checks to lib/acl and lib/backend

checks/unreachable.go

@@ -43,7 +43,7 @@ func CheckUnreachableRules(s *lib.Section) []lib.Problem {
 				// if current keyword is same as in line when this ACL was used
 				if _, ok := checkableKWs[curKW]; ok && curKW == kwMap[prevLine] {
 					// if previous acl line is more generic than current
-					if A.In(aclsMap[prevLine], curACLs) {
+					if A.In(aclsMap[prevLine], curACLs) && !A.HasOrs(curACLs) {
 						problems = append(
 							problems,
 							lib.Problem{
@@ -64,9 +64,10 @@ func CheckUnreachableRules(s *lib.Section) []lib.Problem {
 						)
 					}
 				}
+			} else {
+				// add current acl to used acls map
+				usedACLs[*acl] = i
 			}
-			// add current acl to used acls map
-			usedACLs[*acl] = i
 		}
 	}
 	return problems

haproxy-lint.go

@@ -28,7 +28,7 @@ import (
 	"github.com/abulimov/haproxy-lint/lib"
 )
 
-var version = "0.6.0"
+var version = "0.6.1"
 
 func myUsage() {
 	fmt.Printf("Usage: %s [OPTIONS] haproxy.cfg\n", os.Args[0])

lib/acl/acl.go

@@ -14,15 +14,17 @@ type ACL struct {
 	Predefined bool
 	Negated    bool
 	Inline     bool
+	Or         bool
 }
 
 func (a ACL) String() string {
 	return fmt.Sprintf(
-		"Name: %s, Predefined: %t, Negated: %t, Inline: %t",
+		"Name: %s, Predefined: %t, Negated: %t, Inline: %t, Or: %t",
 		a.Name,
 		a.Predefined,
 		a.Negated,
 		a.Inline,
+		a.Or,
 	)
 }
 
@@ -67,21 +69,23 @@ func ParseACLs(line string) []*ACL {
 	if len(afterIfMatch) > 0 {
 		if len(afterIfMatch[0]) > 1 {
 			afterIfString := afterIfMatch[0][1]
-			word := regexp.MustCompile(`({[^}]+}|\w+|!)`)
+			word := regexp.MustCompile(`({[^}]+}|\w+|!|\|{2})`)
 			words := word.FindAllString(afterIfString, -1)
 			negated := false
+			or := false
 			for _, w := range words {
 				switch w {
 				case "!":
 					negated = true
-				case "or":
-					continue
+				case "or", "||":
+					or = true
 				default:
 					acls = append(acls, &ACL{
 						Name:       w,
 						Predefined: IsPredefined(w),
 						Negated:    negated,
 						Inline:     IsInline(w),
+						Or:         or,
 					})
 					negated = false
 				}
@@ -114,6 +118,16 @@ func LineUsesACL(acl, line string) bool {
 	return strings.Contains(line, acl)
 }
 
+// HasOrs check if some of ACLs are used with OR operator
+func HasOrs(acls []*ACL) bool {
+	for _, a := range acls {
+		if a.Or {
+			return true
+		}
+	}
+	return false
+}
+
 // In checks if second list of acls contains first
 func In(first, second []*ACL) bool {
 	m := make(map[ACL]bool)

lib/acl/acl_test.go

@@ -104,6 +104,26 @@ func TestParseACLs(t *testing.T) {
 					Negated:    false,
 					Inline:     false,
 					Predefined: false,
+					Or:         true,
+				},
+			},
+		},
+		{
+			name: "pre-defined acl and '||'",
+			line: "redirect scheme https code 301 if METH_GET || h_missing",
+			want: []*ACL{
+				{
+					Name:       "METH_GET",
+					Negated:    false,
+					Inline:     false,
+					Predefined: true,
+				},
+				{
+					Name:       "h_missing",
+					Negated:    false,
+					Inline:     false,
+					Predefined: false,
+					Or:         true,
 				},
 			},
 		},

testdata/haproxy.cfg

@@ -33,7 +33,9 @@ frontend https-in
 
     use_backend undefined-servers if h_test
 
-    use_backend servers if h_test { ssl_fc }
+    use_backend servers if h_test or { ssl_fc }
+
+    use_backend servers if h_test h_some
 
     redirect scheme https if !{ ssl_fc }
     default_backend other-servers