use Cow for FirewallCompareType::String

Author: GyulyVGC

src/firewall/items/http_request.rs

@@ -8,6 +8,7 @@ use crate::helpers::get_header;
 use crate::proto::appguard::{AppGuardHttpRequest, AppGuardTcpInfo};
 use rpn_predicate_interpreter::PredicateEvaluator;
 use serde::{Deserialize, Serialize};
+use std::borrow::Cow;
 
 #[derive(Debug, Serialize, Deserialize, PartialEq, Clone)]
 #[allow(clippy::enum_variant_names)]
@@ -42,30 +43,30 @@ impl HttpRequestField {
         item: &'a AppGuardHttpRequest,
     ) -> Option<FirewallCompareType<'a>> {
         match self {
-            HttpRequestField::HttpRequestUrl(v) => {
-                Some(FirewallCompareType::String((&item.original_url, v)))
-            }
-            HttpRequestField::HttpRequestMethod(v) => {
-                Some(FirewallCompareType::String((&item.method, v)))
-            }
-            HttpRequestField::HttpRequestQuery(HeaderVal(k, v)) => {
-                get_header(&item.query, k).map(|query| FirewallCompareType::String((query, v)))
-            }
+            HttpRequestField::HttpRequestUrl(v) => Some(FirewallCompareType::String((
+                &item.original_url,
+                Cow::Borrowed(v),
+            ))),
+            HttpRequestField::HttpRequestMethod(v) => Some(FirewallCompareType::String((
+                &item.method,
+                Cow::Borrowed(v),
+            ))),
+            HttpRequestField::HttpRequestQuery(HeaderVal(k, v)) => get_header(&item.query, k)
+                .map(|query| FirewallCompareType::String((query, Cow::Borrowed(v)))),
             HttpRequestField::HttpRequestCookie(v) => get_header(&item.headers, "Cookie")
-                .map(|cookie| FirewallCompareType::String((cookie, v))),
-            HttpRequestField::HttpRequestHeader(HeaderVal(k, v)) => {
-                get_header(&item.headers, k).map(|header| FirewallCompareType::String((header, v)))
-            }
+                .map(|cookie| FirewallCompareType::String((cookie, Cow::Borrowed(v)))),
+            HttpRequestField::HttpRequestHeader(HeaderVal(k, v)) => get_header(&item.headers, k)
+                .map(|header| FirewallCompareType::String((header, Cow::Borrowed(v)))),
             HttpRequestField::HttpRequestBody(v) => item
                 .body
                 .as_ref()
-                .map(|body| FirewallCompareType::String((body, v))),
+                .map(|body| FirewallCompareType::String((body, Cow::Borrowed(v)))),
             HttpRequestField::HttpRequestBodyLen(v) => item
                 .body
                 .as_ref()
                 .map(|body| FirewallCompareType::Usize((body.len(), v))),
             HttpRequestField::HttpRequestUserAgent(v) => get_header(&item.headers, "User-Agent")
-                .map(|user_agent| FirewallCompareType::String((user_agent, v))),
+                .map(|user_agent| FirewallCompareType::String((user_agent, Cow::Borrowed(v)))),
         }
     }
 }
@@ -76,7 +77,11 @@ impl PredicateEvaluator for AppGuardHttpRequest {
     type Reason = String;
     type Context = AppContext;
 
-    async fn evaluate_predicate(&self, predicate: &Self::Predicate, context: &Self::Context) -> bool {
+    async fn evaluate_predicate(
+        &self,
+        predicate: &Self::Predicate,
+        context: &Self::Context,
+    ) -> bool {
         if predicate.direction == Some(FirewallRuleDirection::Out) {
             return false;
         }
@@ -93,7 +98,8 @@ impl PredicateEvaluator for AppGuardHttpRequest {
                         direction: FirewallRuleDirection::In,
                     },
                     context,
-                ).await
+                )
+                .await
         }
     }
 

src/firewall/items/http_response.rs

@@ -8,6 +8,7 @@ use crate::helpers::get_header;
 use crate::proto::appguard::{AppGuardHttpResponse, AppGuardTcpInfo};
 use rpn_predicate_interpreter::PredicateEvaluator;
 use serde::{Deserialize, Serialize};
+use std::borrow::Cow;
 
 #[derive(Debug, Serialize, Deserialize, PartialEq, Clone)]
 #[allow(clippy::enum_variant_names)]
@@ -45,9 +46,8 @@ impl HttpResponseField {
                     None
                 }
             }
-            HttpResponseField::HttpResponseHeader(HeaderVal(k, v)) => {
-                get_header(&item.headers, k).map(|header| FirewallCompareType::String((header, v)))
-            }
+            HttpResponseField::HttpResponseHeader(HeaderVal(k, v)) => get_header(&item.headers, k)
+                .map(|header| FirewallCompareType::String((header, Cow::Borrowed(v)))),
         }
     }
 }
@@ -58,7 +58,11 @@ impl PredicateEvaluator for AppGuardHttpResponse {
     type Reason = String;
     type Context = AppContext;
 
-    async fn evaluate_predicate(&self, predicate: &Self::Predicate, context: &Self::Context) -> bool {
+    async fn evaluate_predicate(
+        &self,
+        predicate: &Self::Predicate,
+        context: &Self::Context,
+    ) -> bool {
         if predicate.direction == Some(FirewallRuleDirection::In) {
             return false;
         }
@@ -75,7 +79,8 @@ impl PredicateEvaluator for AppGuardHttpResponse {
                         direction: FirewallRuleDirection::Out,
                     },
                     context,
-                ).await
+                )
+                .await
         }
     }
 

src/firewall/items/ip_info.rs

@@ -3,6 +3,7 @@ use crate::firewall::rules::{FirewallCompareType, FirewallRuleField, FirewallRul
 use crate::proto::appguard::AppGuardIpInfo;
 use rpn_predicate_interpreter::PredicateEvaluator;
 use serde::{Deserialize, Serialize};
+use std::borrow::Cow;
 
 #[derive(Debug, Serialize, Deserialize, PartialEq, Clone)]
 #[serde(rename_all = "snake_case")]
@@ -39,35 +40,35 @@ impl IpInfoField {
             IpInfoField::Country(v) => item
                 .country
                 .as_ref()
-                .map(|country| FirewallCompareType::String((country, v))),
+                .map(|country| FirewallCompareType::String((country, Cow::Borrowed(v)))),
             IpInfoField::Asn(v) => item
                 .asn
                 .as_ref()
-                .map(|asn| FirewallCompareType::String((asn, v))),
+                .map(|asn| FirewallCompareType::String((asn, Cow::Borrowed(v)))),
             IpInfoField::Org(v) => item
                 .org
                 .as_ref()
-                .map(|org| FirewallCompareType::String((org, v))),
+                .map(|org| FirewallCompareType::String((org, Cow::Borrowed(v)))),
             IpInfoField::Continent(v) => item
                 .continent_code
                 .as_ref()
-                .map(|continent| FirewallCompareType::String((continent, v))),
+                .map(|continent| FirewallCompareType::String((continent, Cow::Borrowed(v)))),
             IpInfoField::City(v) => item
                 .city
                 .as_ref()
-                .map(|city| FirewallCompareType::String((city, v))),
+                .map(|city| FirewallCompareType::String((city, Cow::Borrowed(v)))),
             IpInfoField::Region(v) => item
                 .region
                 .as_ref()
-                .map(|region| FirewallCompareType::String((region, v))),
+                .map(|region| FirewallCompareType::String((region, Cow::Borrowed(v)))),
             IpInfoField::Postal(v) => item
                 .postal
                 .as_ref()
-                .map(|postal| FirewallCompareType::String((postal, v))),
+                .map(|postal| FirewallCompareType::String((postal, Cow::Borrowed(v)))),
             IpInfoField::Timezone(v) => item
                 .timezone
                 .as_ref()
-                .map(|timezone| FirewallCompareType::String((timezone, v))),
+                .map(|timezone| FirewallCompareType::String((timezone, Cow::Borrowed(v)))),
         }
     }
 }
@@ -78,7 +79,11 @@ impl<'a> PredicateEvaluator for &'a AppGuardIpInfo {
     type Reason = String;
     type Context = AppContext;
 
-    async fn evaluate_predicate(&self, predicate: &Self::Predicate, _context: &Self::Context) -> bool {
+    async fn evaluate_predicate(
+        &self,
+        predicate: &Self::Predicate,
+        _context: &Self::Context,
+    ) -> bool {
         if let FirewallRuleField::IpInfo(f) = &predicate.rule.field {
             return predicate.rule.condition.compare(f.get_compare_fields(self));
         }

src/firewall/items/smtp_request.rs

@@ -8,6 +8,7 @@ use crate::helpers::get_header;
 use crate::proto::appguard::{AppGuardSmtpRequest, AppGuardTcpInfo};
 use rpn_predicate_interpreter::PredicateEvaluator;
 use serde::{Deserialize, Serialize};
+use std::borrow::Cow;
 
 #[derive(Debug, Serialize, Deserialize, PartialEq, Clone)]
 #[allow(clippy::enum_variant_names)]
@@ -34,15 +35,14 @@ impl SmtpRequestField {
         item: &'a AppGuardSmtpRequest,
     ) -> Option<FirewallCompareType<'a>> {
         match self {
-            SmtpRequestField::SmtpRequestHeader(HeaderVal(k, v)) => {
-                get_header(&item.headers, k).map(|header| FirewallCompareType::String((header, v)))
-            }
+            SmtpRequestField::SmtpRequestHeader(HeaderVal(k, v)) => get_header(&item.headers, k)
+                .map(|header| FirewallCompareType::String((header, Cow::Borrowed(v)))),
             SmtpRequestField::SmtpRequestUserAgent(v) => get_header(&item.headers, "User-Agent")
-                .map(|user_agent| FirewallCompareType::String((user_agent, v))),
+                .map(|user_agent| FirewallCompareType::String((user_agent, Cow::Borrowed(v)))),
             SmtpRequestField::SmtpRequestBody(v) => item
                 .body
                 .as_ref()
-                .map(|body| FirewallCompareType::String((body, v))),
+                .map(|body| FirewallCompareType::String((body, Cow::Borrowed(v)))),
             SmtpRequestField::SmtpRequestBodyLen(l) => item
                 .body
                 .as_ref()
@@ -57,7 +57,11 @@ impl PredicateEvaluator for AppGuardSmtpRequest {
     type Reason = String;
     type Context = AppContext;
 
-    async fn evaluate_predicate(&self, predicate: &Self::Predicate, context: &Self::Context) -> bool {
+    async fn evaluate_predicate(
+        &self,
+        predicate: &Self::Predicate,
+        context: &Self::Context,
+    ) -> bool {
         if predicate.direction == Some(FirewallRuleDirection::Out) {
             return false;
         }
@@ -74,7 +78,8 @@ impl PredicateEvaluator for AppGuardSmtpRequest {
                         direction: FirewallRuleDirection::In,
                     },
                     context,
-                ).await
+                )
+                .await
         }
     }
 

src/firewall/items/smtp_response.rs

@@ -39,7 +39,11 @@ impl PredicateEvaluator for AppGuardSmtpResponse {
     type Reason = String;
     type Context = AppContext;
 
-    async fn evaluate_predicate(&self, predicate: &Self::Predicate, context: &Self::Context) -> bool {
+    async fn evaluate_predicate(
+        &self,
+        predicate: &Self::Predicate,
+        context: &Self::Context,
+    ) -> bool {
         if predicate.direction == Some(FirewallRuleDirection::In) {
             return false;
         }
@@ -56,7 +60,8 @@ impl PredicateEvaluator for AppGuardSmtpResponse {
                         direction: FirewallRuleDirection::Out,
                     },
                     context,
-                ).await
+                )
+                .await
         }
     }
 

src/firewall/items/tcp_connection.rs

@@ -5,6 +5,7 @@ use crate::firewall::rules::{
 use crate::proto::appguard::AppGuardTcpConnection;
 use rpn_predicate_interpreter::PredicateEvaluator;
 use serde::{Deserialize, Serialize};
+use std::borrow::Cow;
 
 #[derive(Debug, Serialize, Deserialize, PartialEq, Clone)]
 #[serde(rename_all = "snake_case")]
@@ -66,9 +67,10 @@ impl TcpConnectionField {
                 FirewallRuleDirection::Out => item.source_port,
             }
             .map(|p| FirewallCompareType::U32((p, v))),
-            TcpConnectionField::Protocol(v) => {
-                Some(FirewallCompareType::String((&item.protocol, v)))
-            }
+            TcpConnectionField::Protocol(v) => Some(FirewallCompareType::String((
+                &item.protocol,
+                Cow::Borrowed(v),
+            ))),
         }
     }
 }
@@ -79,13 +81,16 @@ impl<'a> PredicateEvaluator for &'a AppGuardTcpConnection {
     type Reason = String;
     type Context = AppContext;
 
-    async fn evaluate_predicate(&self, predicate: &Self::Predicate, context: &Self::Context) -> bool {
+    async fn evaluate_predicate(
+        &self,
+        predicate: &Self::Predicate,
+        context: &Self::Context,
+    ) -> bool {
         if let FirewallRuleField::TcpConnection(f) = &predicate.rule.field {
-            return predicate.rule.condition.compare(f.get_compare_fields(
-                self,
-                &predicate.direction,
-                context,
-            ).await);
+            return predicate.rule.condition.compare(
+                f.get_compare_fields(self, &predicate.direction, context)
+                    .await,
+            );
         }
         false
     }
@@ -101,19 +106,25 @@ impl<'a> PredicateEvaluator for &'a AppGuardTcpConnection {
 
 #[derive(Debug, Serialize, Deserialize, PartialEq, Clone)]
 #[serde(untagged)]
-enum IpAlias {
+pub enum IpAlias {
     Name(String),
     Addresses(Vec<String>),
 }
 
 impl IpAlias {
-    async fn to_ips(&self, context: &AppContext) -> Option<&Vec<String>> {
+    async fn to_ips(&self, context: &AppContext) -> Option<Cow<'_, Vec<String>>> {
         match self {
             IpAlias::Name(name) => {
                 let token = context.root_token_provider.get().await.ok()?.jwt.clone();
-                context.datastore.clone().get_ip_alias(token, name).await.ok()
+                context
+                    .datastore
+                    .clone()
+                    .get_ip_alias(token, name)
+                    .await
+                    .ok()
+                    .map(|a| Cow::Owned(a))
             }
-            IpAlias::Addresses(addresses) => Some(addresses),
+            IpAlias::Addresses(addresses) => Some(Cow::Borrowed(addresses)),
         }
     }
 }

src/firewall/items/tcp_info.rs

@@ -9,18 +9,26 @@ impl<'a> PredicateEvaluator for &'a AppGuardTcpInfo {
     type Reason = String;
     type Context = AppContext;
 
-    async fn evaluate_predicate(&self, predicate: &Self::Predicate, context: &Self::Context) -> bool {
+    async fn evaluate_predicate(
+        &self,
+        predicate: &Self::Predicate,
+        context: &Self::Context,
+    ) -> bool {
         match &predicate.rule.field {
-            FirewallRuleField::TcpConnection(_) => self
-                .connection
-                .as_ref()
-                .unwrap_or(&AppGuardTcpConnection::default())
-                .evaluate_predicate(predicate, context).await,
-            FirewallRuleField::IpInfo(_) => self
-                .ip_info
-                .as_ref()
-                .unwrap_or(&AppGuardIpInfo::default())
-                .evaluate_predicate(predicate, context).await,
+            FirewallRuleField::TcpConnection(_) => {
+                self.connection
+                    .as_ref()
+                    .unwrap_or(&AppGuardTcpConnection::default())
+                    .evaluate_predicate(predicate, context)
+                    .await
+            }
+            FirewallRuleField::IpInfo(_) => {
+                self.ip_info
+                    .as_ref()
+                    .unwrap_or(&AppGuardIpInfo::default())
+                    .evaluate_predicate(predicate, context)
+                    .await
+            }
             _ => false,
         }
     }

src/firewall/rules.rs

@@ -8,6 +8,7 @@ use crate::firewall::items::smtp_request::SmtpRequestField;
 use crate::firewall::items::smtp_response::SmtpResponseField;
 use crate::firewall::items::tcp_connection::TcpConnectionField;
 use crate::proto::appguard_commands::FirewallPolicy;
+use std::borrow::Cow;
 
 #[derive(Debug, Serialize, Deserialize, PartialEq, Clone)]
 #[serde(rename_all = "snake_case")]
@@ -85,7 +86,7 @@ impl FirewallRuleCondition {
     pub fn compare(&self, firewall_compare_type: Option<FirewallCompareType>) -> bool {
         if let Some(fields) = firewall_compare_type {
             return match fields {
-                FirewallCompareType::String((l, r)) => self.compare_vec(l, r),
+                FirewallCompareType::String((l, r)) => self.compare_vec(l, &r),
                 FirewallCompareType::Usize((l, r)) => self.compare_vec(&l, r),
                 FirewallCompareType::U32((l, r)) => self.compare_vec(&l, r),
                 FirewallCompareType::U64((l, r)) => self.compare_vec(&l, r),
@@ -130,7 +131,7 @@ impl FirewallRuleCondition {
 
 #[derive(Debug, PartialEq)]
 pub enum FirewallCompareType<'a> {
-    String((&'a String, &'a Vec<String>)),
+    String((&'a String, Cow<'a, Vec<String>>)),
     Usize((usize, &'a Vec<usize>)),
     U32((u32, &'a Vec<u32>)),
     U64((u64, &'a Vec<u64>)),