internal static Dictionary <string, HashSet <string> > GetAllClassificationIdentifiers(OrganizationId organizationId, IConfigurationSession openedDataSession = null, Func <TransportRule, bool> inclusiveFilter = null, QueryFilter additionalFilter = null, IClassificationDefinitionsDataReader dataReader = null, IClassificationDefinitionsDiagnosticsReporter classificationDefinitionsDiagnosticsReporter = null) { IClassificationDefinitionsDiagnosticsReporter classificationDefinitionsDiagnosticsReporter2 = classificationDefinitionsDiagnosticsReporter ?? ClassificationDefinitionsDiagnosticsReporter.Instance; Dictionary <string, HashSet <string> > dictionary = new Dictionary <string, HashSet <string> >(ClassificationDefinitionConstants.RuleCollectionIdComparer); foreach (Tuple <TransportRule, XDocument> tuple in DlpUtils.AggregateOobAndCustomClassificationDefinitions(organizationId, openedDataSession, inclusiveFilter, additionalFilter, dataReader, classificationDefinitionsDiagnosticsReporter2)) { TransportRule item = tuple.Item1; XDocument item2 = tuple.Item2; ExAssert.RetailAssert(item2 != null, "XDocument instance returned from AggregateOobAndCustomClassificationDefinitions should never be null!"); string rulePackId; HashSet <string> value; try { rulePackId = XmlProcessingUtils.GetRulePackId(item2); value = new HashSet <string>(XmlProcessingUtils.GetAllRuleIds(item2), ClassificationDefinitionConstants.RuleIdComparer); } catch (XmlException ex) { ClassificationDefinitionsDiagnosticsReporter.Instance.WriteCorruptRulePackageDiagnosticsInformation(0, organizationId, item.DistinguishedName, new AggregateException(new Exception[] { ex }).Flatten()); continue; } ExAssert.RetailAssert(!dictionary.ContainsKey(rulePackId), "Duplicate classification rule collection ID '{0}' under tenant's organization '{1}' is a should never ever happen case", new object[] { rulePackId, organizationId.ToString() }); dictionary.Add(rulePackId, value); } return(dictionary); }
protected override void InternalValidate() { TaskLogger.LogEnter(); if (base.OptionalIdentityData != null) { base.OptionalIdentityData.ConfigurationContainerRdn = ClassificationDefinitionConstants.ClassificationDefinitionsRdn; } base.InternalValidate(); string name = ((DataClassificationObjectId)this.implementation.DataClassificationPresentationObject.Identity).Name; ILookup <string, Rule> dataClassificationsInUse = DlpUtils.GetDataClassificationsInUse(base.DataSession, new string[] { name }, ClassificationDefinitionConstants.RuleIdComparer); if (dataClassificationsInUse.Contains(name)) { List <string> list = (from transportRule in dataClassificationsInUse[name] select transportRule.Name).ToList <string>(); if (list.Count > 0) { base.WriteError(new DataClassificationInUseException(this.implementation.DataClassificationPresentationObject.Name, string.Join(Strings.ClassificationRuleCollectionOffendingListSeparator, list)), ErrorCategory.InvalidOperation, null); } } TaskLogger.LogExit(); }
internal override IEnumerable <T> GetObjectsInOrganization <T>(string identityString, ADObjectId rootId, IDirectorySession session, OptionalIdentityData optionalData) { IEnumerable <T> objectsInOrganization = base.GetObjectsInOrganization <T>(identityString, rootId, session, optionalData); if (typeof(T) != typeof(TransportRule)) { return(objectsInOrganization); } ClassificationIdentityMatcher <Tuple <TransportRule, XDocument> > nameMatcher = this.CreateNameMatchFilter(identityString); if (nameMatcher == null) { return(objectsInOrganization); } List <T> list = objectsInOrganization.ToList <T>(); QueryFilter queryFilter = ClassificationRuleCollectionIdParameter.CreateExcludeFilter <T>(list); if (optionalData != null && optionalData.AdditionalFilter != null) { queryFilter = ((queryFilter == null) ? optionalData.AdditionalFilter : QueryFilter.AndTogether(new QueryFilter[] { queryFilter, optionalData.AdditionalFilter })); } IEnumerable <Tuple <TransportRule, XDocument> > source = DlpUtils.AggregateOobAndCustomClassificationDefinitions(session.SessionSettings.CurrentOrganizationId, session as IConfigurationSession, null, queryFilter, new ClassificationDefinitionsDataReader(false), null); return(list.Concat(from rulePackDataObject in source where nameMatcher.Match(rulePackDataObject) select(T)((object)rulePackDataObject.Item1))); }
protected override bool EvaluateMatch(Tuple <TransportRule, XDocument> rulePackDataObject, Func <string, CultureInfo, CompareOptions, bool> objectPropertyMatchOperator) { ExAssert.RetailAssert(rulePackDataObject != null && rulePackDataObject.Item1 != null && rulePackDataObject.Item2 != null, "The rule pack data object passed to the name matcher must not be null"); bool flag = false; DlpUtils.DataClassificationQueryContext dataClassificationQueryContext = new DlpUtils.DataClassificationQueryContext(rulePackDataObject.Item1.OrganizationId, ClassificationDefinitionsDiagnosticsReporter.Instance) { CurrentRuleCollectionTransportRuleObject = rulePackDataObject.Item1, CurrentRuleCollectionXDoc = rulePackDataObject.Item2 }; XElement operationArgument; if (!DlpUtils.TryExecuteOperation <XmlException, XDocument, XElement>(dataClassificationQueryContext, new Func <XDocument, XElement>(XmlProcessingUtils.GetRulePackageMetadataElement), dataClassificationQueryContext.CurrentRuleCollectionXDoc, out operationArgument)) { return(flag); } ClassificationRuleCollectionLocalizableDetails classificationRuleCollectionLocalizableDetails; if (!DlpUtils.TryExecuteOperation <XmlException, XElement, ClassificationRuleCollectionLocalizableDetails>(dataClassificationQueryContext, new Func <XElement, ClassificationRuleCollectionLocalizableDetails>(XmlProcessingUtils.ReadDefaultRulePackageMetadata), operationArgument, out classificationRuleCollectionLocalizableDetails)) { return(flag); } flag = objectPropertyMatchOperator(classificationRuleCollectionLocalizableDetails.Name, classificationRuleCollectionLocalizableDetails.Culture, CompareOptions.IgnoreCase); if (!flag) { Dictionary <CultureInfo, ClassificationRuleCollectionLocalizableDetails> source; if (!DlpUtils.TryExecuteOperation <XmlException, XElement, Dictionary <CultureInfo, ClassificationRuleCollectionLocalizableDetails> >(dataClassificationQueryContext, new Func <XElement, Dictionary <CultureInfo, ClassificationRuleCollectionLocalizableDetails> >(XmlProcessingUtils.ReadAllRulePackageMetadata), operationArgument, out source)) { return(flag); } flag = source.Any((KeyValuePair <CultureInfo, ClassificationRuleCollectionLocalizableDetails> localizedDetail) => objectPropertyMatchOperator(localizedDetail.Value.Name, localizedDetail.Key, CompareOptions.IgnoreCase)); } return(flag); }
internal Dictionary <string, HashSet <string> > GetAllExistingClassificationIdentifiers(Func <TransportRule, bool> inclusiveFilter = null) { OrganizationId currentOrganizationId = this.CurrentOrganizationId; IConfigurationSession openedDataSession = this.dataSession; IClassificationDefinitionsDataReader dataReader = this.classificationsDataReader; IClassificationDefinitionsDiagnosticsReporter classificationDefinitionsDiagnosticsReporter = this.classificationDiagnosticsReporter; return(DlpUtils.GetAllClassificationIdentifiers(currentOrganizationId, openedDataSession, inclusiveFilter, null, dataReader, classificationDefinitionsDiagnosticsReporter)); }
private static bool PopulateMatchResults(DlpUtils.DataClassificationQueryContext queryContext, Dictionary <string, DataClassificationPresentationObject> queriedNameDictionary, IEnumerable <QueryMatchResult> nameMatchResultsFromCurrentRulePack, Dictionary <string, DataClassificationPresentationObject> queriedGuidDictionary, IEnumerable <QueryMatchResult> idMatchResultsFromCurrentRulePack, Dictionary <string, DataClassificationPresentationObject> allQueryResultsDictionary) { ClassificationRuleCollectionPresentationObject classificationRuleCollectionPresentationObject; if (!DlpUtils.CreateClassificationRuleCollectionPresentationObject(queryContext, out classificationRuleCollectionPresentationObject)) { return(false); } List <Tuple <QueryMatchResult, DataClassificationPresentationObject> > list; if (!DlpUtils.CreateDataClassificationPresentationObjects(queryContext, classificationRuleCollectionPresentationObject, nameMatchResultsFromCurrentRulePack, out list)) { return(false); } List <Tuple <QueryMatchResult, DataClassificationPresentationObject> > list2; if (!DlpUtils.CreateDataClassificationPresentationObjects(queryContext, classificationRuleCollectionPresentationObject, idMatchResultsFromCurrentRulePack, out list2)) { return(false); } foreach (Tuple <QueryMatchResult, DataClassificationPresentationObject> tuple in list) { QueryMatchResult item = tuple.Item1; DataClassificationPresentationObject item2 = tuple.Item2; if (queriedNameDictionary[item.QueryString] != null) { throw new ArgumentException(Strings.DataClassificationAmbiguousName(item.QueryString)); } DlpUtils.EnsureResultsIntegrity(queryContext, item, allQueryResultsDictionary, classificationRuleCollectionPresentationObject); queriedNameDictionary[item.QueryString] = item2; allQueryResultsDictionary.Add(item.MatchingRuleId, item2); } foreach (Tuple <QueryMatchResult, DataClassificationPresentationObject> tuple2 in list2) { QueryMatchResult item3 = tuple2.Item1; DataClassificationPresentationObject item4 = tuple2.Item2; DataClassificationPresentationObject dataClassificationPresentationObject = queriedGuidDictionary[item3.QueryString]; if (dataClassificationPresentationObject != null) { queryContext.CurrentDiagnosticsReporter.WriteDuplicateRuleIdAcrossRulePacksDiagnosticsInformation(0, queryContext.CurrentOrganizationId, dataClassificationPresentationObject.ClassificationRuleCollection.DistinguishedName, queryContext.CurrentRuleCollectionTransportRuleObject.DistinguishedName, item3.MatchingRuleId); throw new ArgumentException(Strings.DataClassificationAmbiguousIdentifier(item3.QueryString)); } DlpUtils.EnsureResultsIntegrity(queryContext, item3, allQueryResultsDictionary, classificationRuleCollectionPresentationObject); queriedGuidDictionary[item3.QueryString] = item4; allQueryResultsDictionary.Add(item3.MatchingRuleId, item4); } return(true); }
private static bool CreateDataClassificationPresentationObjects(DlpUtils.DataClassificationQueryContext queryContext, ClassificationRuleCollectionPresentationObject ruleCollectionPresentationObject, IEnumerable <QueryMatchResult> queryMatchResults, out List <Tuple <QueryMatchResult, DataClassificationPresentationObject> > presentationObjects) { presentationObjects = null; List <Tuple <QueryMatchResult, DataClassificationPresentationObject> > list = new List <Tuple <QueryMatchResult, DataClassificationPresentationObject> >(); foreach (QueryMatchResult queryMatchResult in queryMatchResults) { DataClassificationPresentationObject item; if (!DlpUtils.CreateDataClassificationPresentationObject(queryContext, queryMatchResult.MatchingRuleId, queryMatchResult.MatchingRuleXElement, queryMatchResult.MatchingResourceXElement, ruleCollectionPresentationObject, out item)) { return(false); } list.Add(new Tuple <QueryMatchResult, DataClassificationPresentationObject>(queryMatchResult, item)); } presentationObjects = list; return(true); }
internal static IList <string> GetDeletedRulesInUse(IConfigDataProvider dataSession, TransportRule existingRulePackObject, ISet <string> referencingRules = null, XDocument updatedRulePackXDoc = null) { ExAssert.RetailAssert(dataSession != null && existingRulePackObject != null, "The data session and rule package object to be updated / deleted must be specified in order to check if any deleted rules are in-use by ETR."); HashSet <string> hashSet; try { XDocument ruleCollectionDocumentFromTransportRule = ClassificationDefinitionUtils.GetRuleCollectionDocumentFromTransportRule(existingRulePackObject); hashSet = new HashSet <string>(XmlProcessingUtils.GetAllRuleIds(ruleCollectionDocumentFromTransportRule), ClassificationDefinitionConstants.RuleIdComparer); } catch (ArgumentException) { ((ClassificationDefinitionsDiagnosticsReporter)ClassificationDefinitionsDiagnosticsReporter.Instance).Tracer.TraceWarning <string>(0L, "Deleting classification rule collection '{0}' with null compressed data.", existingRulePackObject.DistinguishedName); return(Enumerable.Empty <string>().ToList <string>()); } catch (AggregateException ex) { ((ClassificationDefinitionsDiagnosticsReporter)ClassificationDefinitionsDiagnosticsReporter.Instance).Tracer.TraceWarning <string, string>(0L, "Deleting classification rule collection '{0}' with invalid compressed data or invalid decompressed data. Details: {1}", existingRulePackObject.DistinguishedName, ex.Flatten().ToString()); return(Enumerable.Empty <string>().ToList <string>()); } catch (XmlException ex2) { ((ClassificationDefinitionsDiagnosticsReporter)ClassificationDefinitionsDiagnosticsReporter.Instance).Tracer.TraceWarning <string, string>(0L, "Deleting classification rule collection '{0}' with invalid XML contents. Details: {1}", existingRulePackObject.DistinguishedName, new AggregateException(new Exception[] { ex2 }).Flatten().ToString()); return(Enumerable.Empty <string>().ToList <string>()); } if (updatedRulePackXDoc != null) { foreach (string item in XmlProcessingUtils.GetAllRuleIds(updatedRulePackXDoc)) { hashSet.Remove(item); } } return(ClassificationRuleCollectionValidationUtils.ProcessClassificationReferences(DlpUtils.GetDataClassificationsInUse(dataSession, hashSet, ClassificationDefinitionConstants.RuleIdComparer), referencingRules)); }
internal static IEnumerable <DataClassificationPresentationObject> QueryDataClassification(IEnumerable <string> queriedIdentities, OrganizationId organizationId, IConfigurationSession openedDataSession = null, IClassificationDefinitionsDataReader dataReader = null, IClassificationDefinitionsDiagnosticsReporter diagnosticsReporter = null) { ArgumentValidator.ThrowIfNull("queriedIdentities", queriedIdentities); if (object.ReferenceEquals(null, organizationId)) { throw new ArgumentNullException("organizationId"); } List <string> list = new List <string>(); Dictionary <string, DataClassificationPresentationObject> queriedNameDictionary = new Dictionary <string, DataClassificationPresentationObject>(StringComparer.Ordinal); Dictionary <string, DataClassificationPresentationObject> queriedGuidDictionary = new Dictionary <string, DataClassificationPresentationObject>(ClassificationDefinitionConstants.RuleIdComparer); Dictionary <string, DataClassificationPresentationObject> allQueryResultsDictionary = new Dictionary <string, DataClassificationPresentationObject>(ClassificationDefinitionConstants.RuleIdComparer); foreach (string text in queriedIdentities) { if (!string.IsNullOrEmpty(text)) { list.Add(text); Guid guid; if (GuidHelper.TryParseGuid(text, out guid)) { queriedGuidDictionary.Add(text, null); } else { queriedNameDictionary.Add(text, null); } } } if (!list.Any <string>()) { return(Enumerable.Empty <DataClassificationPresentationObject>()); } DlpUtils.DataClassificationQueryContext dataClassificationQueryContext = new DlpUtils.DataClassificationQueryContext(organizationId, diagnosticsReporter ?? ClassificationDefinitionsDiagnosticsReporter.Instance); bool flag = queriedNameDictionary.Any <KeyValuePair <string, DataClassificationPresentationObject> >(); bool flag2 = queriedGuidDictionary.Any <KeyValuePair <string, DataClassificationPresentationObject> >(); foreach (Tuple <TransportRule, XDocument> tuple in DlpUtils.AggregateOobAndCustomClassificationDefinitions(organizationId, openedDataSession, null, null, dataReader, dataClassificationQueryContext.CurrentDiagnosticsReporter)) { dataClassificationQueryContext.CurrentRuleCollectionTransportRuleObject = tuple.Item1; dataClassificationQueryContext.CurrentRuleCollectionXDoc = tuple.Item2; IEnumerable <QueryMatchResult> nameMatchResultsFromCurrentRulePack = Enumerable.Empty <QueryMatchResult>(); if (!flag || DlpUtils.GetNameQueryMatchResult(dataClassificationQueryContext, queriedNameDictionary.Keys, out nameMatchResultsFromCurrentRulePack)) { IEnumerable <QueryMatchResult> idMatchResultsFromCurrentRulePack = Enumerable.Empty <QueryMatchResult>(); if (!flag2 || DlpUtils.GetIdQueryMatchResult(dataClassificationQueryContext, queriedGuidDictionary.Keys, out idMatchResultsFromCurrentRulePack)) { DlpUtils.PopulateMatchResults(dataClassificationQueryContext, queriedNameDictionary, nameMatchResultsFromCurrentRulePack, queriedGuidDictionary, idMatchResultsFromCurrentRulePack, allQueryResultsDictionary); } } } return((from presentationObject in list.Select(delegate(string queriedIdentity) { DataClassificationPresentationObject result; if (queriedNameDictionary.TryGetValue(queriedIdentity, out result)) { return result; } if (!queriedGuidDictionary.TryGetValue(queriedIdentity, out result)) { return null; } return result; }) where presentationObject != null select presentationObject).ToList <DataClassificationPresentationObject>()); }
private static bool CreateDataClassificationPresentationObject(DlpUtils.DataClassificationQueryContext operationContext, string ruleIdentifier, XElement ruleElement, XElement resourceElement, ClassificationRuleCollectionPresentationObject ruleCollectionPresentationObject, out DataClassificationPresentationObject dataClassificationPresentationObject) { return(DlpUtils.TryExecuteOperation <XmlException, object, object, DataClassificationPresentationObject>(operationContext, (object unusedStub1, object unusedStub2) => DataClassificationPresentationObject.Create(ruleIdentifier, ruleElement, resourceElement, ruleCollectionPresentationObject), null, null, out dataClassificationPresentationObject)); }
private static bool CreateClassificationRuleCollectionPresentationObject(DlpUtils.DataClassificationQueryContext operationContext, out ClassificationRuleCollectionPresentationObject presentationObject) { return(DlpUtils.TryExecuteOperation <XmlException, TransportRule, XDocument, ClassificationRuleCollectionPresentationObject>(operationContext, new Func <TransportRule, XDocument, ClassificationRuleCollectionPresentationObject>(ClassificationRuleCollectionPresentationObject.Create), operationContext.CurrentRuleCollectionTransportRuleObject, operationContext.CurrentRuleCollectionXDoc, out presentationObject)); }
private static bool GetIdQueryMatchResult(DlpUtils.DataClassificationQueryContext queryContext, IEnumerable <string> queriedIds, out IEnumerable <QueryMatchResult> idMatchResultsFromCurrentRulePack) { return(DlpUtils.TryExecuteOperation <XmlException, XDocument, IEnumerable <string>, IEnumerable <QueryMatchResult> >(queryContext, new Func <XDocument, IEnumerable <string>, IEnumerable <QueryMatchResult> >(XmlProcessingUtils.GetMatchingRulesById), queryContext.CurrentRuleCollectionXDoc, queriedIds, out idMatchResultsFromCurrentRulePack)); }
private static bool GetNameQueryMatchResult(DlpUtils.DataClassificationQueryContext queryContext, IEnumerable <string> queriedNames, out IEnumerable <QueryMatchResult> nameMatchResultsFromCurrentRulePack) { return(DlpUtils.TryExecuteOperation <XmlException, XDocument, IEnumerable <string>, IEnumerable <QueryMatchResult> >(queryContext, (XDocument rulePackXDoc, IEnumerable <string> queriedRuleNames) => XmlProcessingUtils.GetMatchingRulesByName(rulePackXDoc, queriedRuleNames, NameMatchingOptions.InvariantNameOrLocalizedNameMatch, true), queryContext.CurrentRuleCollectionXDoc, queriedNames, out nameMatchResultsFromCurrentRulePack)); }