CELMatcherImpl creates a new cel.Library based on the following pieces of data: - macroName: the function name to be used within CEL. This will be a macro and not a function proper. - funcName: the function overload name generated by the CEL macro used to represent the matcher. - matcherDataTypes:
(macroName, funcName string, matcherDataTypes []*cel.Type, fac any)
| 389 | // to provide a custom macro which does a more detailed analysis of the CEL |
| 390 | // literal provided to the macro as an argument. |
| 391 | func CELMatcherImpl(macroName, funcName string, matcherDataTypes []*cel.Type, fac any) (cel.Library, error) { |
| 392 | requestType := cel.ObjectType("http.Request") |
| 393 | var macro parser.Macro |
| 394 | switch len(matcherDataTypes) { |
| 395 | case 1: |
| 396 | matcherDataType := matcherDataTypes[0] |
| 397 | switch matcherDataType.String() { |
| 398 | case "list(string)": |
| 399 | macro = parser.NewGlobalVarArgMacro(macroName, celMatcherStringListMacroExpander(funcName)) |
| 400 | case cel.StringType.String(): |
| 401 | macro = parser.NewGlobalMacro(macroName, 1, celMatcherStringMacroExpander(funcName)) |
| 402 | case CELTypeJSON.String(): |
| 403 | macro = parser.NewGlobalMacro(macroName, 1, celMatcherJSONMacroExpander(funcName)) |
| 404 | default: |
| 405 | return nil, fmt.Errorf("unsupported matcher data type: %s", matcherDataType) |
| 406 | } |
| 407 | case 2: |
| 408 | if matcherDataTypes[0] == cel.StringType && matcherDataTypes[1] == cel.StringType { |
| 409 | macro = parser.NewGlobalMacro(macroName, 2, celMatcherStringListMacroExpander(funcName)) |
| 410 | matcherDataTypes = []*cel.Type{cel.ListType(cel.StringType)} |
| 411 | } else { |
| 412 | return nil, fmt.Errorf("unsupported matcher data type: %s, %s", matcherDataTypes[0], matcherDataTypes[1]) |
| 413 | } |
| 414 | case 3: |
| 415 | // nolint:gosec // false positive, impossible to be out of bounds; see: https://github.com/securego/gosec/issues/1525 |
| 416 | if matcherDataTypes[0] == cel.StringType && matcherDataTypes[1] == cel.StringType && matcherDataTypes[2] == cel.StringType { |
| 417 | macro = parser.NewGlobalMacro(macroName, 3, celMatcherStringListMacroExpander(funcName)) |
| 418 | matcherDataTypes = []*cel.Type{cel.ListType(cel.StringType)} |
| 419 | } else { |
| 420 | // nolint:gosec // false positive, impossible to be out of bounds; see: https://github.com/securego/gosec/issues/1525 |
| 421 | return nil, fmt.Errorf("unsupported matcher data type: %s, %s, %s", matcherDataTypes[0], matcherDataTypes[1], matcherDataTypes[2]) |
| 422 | } |
| 423 | } |
| 424 | envOptions := []cel.EnvOption{ |
| 425 | cel.Macros(macro), |
| 426 | cel.Function(funcName, |
| 427 | cel.Overload(funcName, append([]*cel.Type{requestType}, matcherDataTypes...), cel.BoolType), |
| 428 | cel.SingletonBinaryBinding(CELMatcherRuntimeFunction(funcName, fac))), |
| 429 | } |
| 430 | programOptions := []cel.ProgramOption{ |
| 431 | cel.CustomDecorator(CELMatcherDecorator(funcName, fac)), |
| 432 | } |
| 433 | return NewMatcherCELLibrary(envOptions, programOptions), nil |
| 434 | } |
| 435 | |
| 436 | // CELMatcherFactory converts a constant CEL value into a RequestMatcher. |
| 437 | // Deprecated: Use CELMatcherWithErrorFactory instead. |
no test coverage detected