static void BuildNamespace(this INamespaceSymbol ns, Context cx, TextWriter trapFile)
{
// Only include the assembly information in each type ID
// for normal extractions. This is because standalone extractions
// lack assembly information or may be ambiguous.
bool prependAssemblyToTypeId = !cx.Extractor.Standalone && ns.ContainingAssembly != null;
if (prependAssemblyToTypeId)
{
// Note that we exclude the revision number as this has
// been observed to be unstable.
var assembly = ns.ContainingAssembly.Identity;
trapFile.Write(assembly.Name);
trapFile.Write('_');
trapFile.Write(assembly.Version.Major);
trapFile.Write('.');
trapFile.Write(assembly.Version.Minor);
trapFile.Write('.');
trapFile.Write(assembly.Version.Build);
trapFile.Write("::");
}
trapFile.WriteSubId(Namespace.Create(cx, ns));
trapFile.Write('.');
}
public static Expression Create(ExpressionNodeInfo info)
{
var symbolInfo = info.Context.GetSymbolInfo(info.Node);
var target = symbolInfo.Symbol;
if (target == null && symbolInfo.CandidateReason == CandidateReason.OverloadResolutionFailure)
{
// The expression is probably a cast
target = info.Context.GetSymbolInfo((CSharpSyntaxNode)info.Node.Parent).Symbol;
}
if (target == null && (symbolInfo.CandidateReason == CandidateReason.Ambiguous || symbolInfo.CandidateReason == CandidateReason.MemberGroup))
{
// Pick one at random - they probably resolve to the same ID
target = symbolInfo.CandidateSymbols.First();
}
if (target == null)
{
info.Context.ModelError(info.Node, "Failed to resolve name");
return(new Unknown(info));
}
// There is a very strange bug in Microsoft.CodeAnalysis whereby
// target.Kind throws System.InvalidOperationException for Discard symbols.
// So, short-circuit that test here.
// Ideally this would be another case in the switch statement below.
if (target is IDiscardSymbol)
{
return(new Discard(info));
}
switch (target.Kind)
{
case SymbolKind.TypeParameter:
case SymbolKind.NamedType:
case SymbolKind.DynamicType:
return(TypeAccess.Create(info));
case SymbolKind.Property:
case SymbolKind.Field:
case SymbolKind.Event:
case SymbolKind.Method:
return(Access.Create(info, target, true, info.Context.CreateEntity(target)));
case SymbolKind.Local:
case SymbolKind.RangeVariable:
return(Access.Create(info, target, false, LocalVariable.Create(info.Context, target)));
case SymbolKind.Parameter:
return(Access.Create(info, target, false, Parameter.Create(info.Context, (IParameterSymbol)target)));
case SymbolKind.Namespace:
return(Access.Create(info, target, false, Namespace.Create(info.Context, (INamespaceSymbol)target)));
default:
throw new InternalError(info.Node, $"Unhandled identifier kind '{target.Kind}'");
}
}
public void ReachabilityMatrix_OneDirectionOnly()
{
Zen <Pod>[] pods = new Zen <Pod>[]
{
Pod.Create("default", EmptyDict <string, string>().Add("k0", "v0"), EmptyList <string>().AddBack("k0")),
Pod.Create("ns1", EmptyDict <string, string>().Add("k1", "v1"), EmptyList <string>().AddBack("k1")),
};
Zen <Namespace>[] namespaces = new Zen <Namespace>[]
{
Namespace.Create("default", EmptyDict <string, string>().Add("k0", "v0"), EmptyList <string>().AddBack("k0")),
Namespace.Create("ns1", EmptyDict <string, string>().Add("k1", "v1"), EmptyList <string>().AddBack("k1"))
};
Zen <Policy>[] policies = new Zen <Policy>[]
{
// only one side allows ingress traffic
Policy.Create("default", EmptyDict <string, string>().Add("k0", "v0"),
EmptyDict <string, string>(), EmptyDict <string, string>().Add("k1", "v1"),
EmptyList <string>().AddBack("k0"), EmptyList <string>(), EmptyList <string>().AddBack("k1")),
Policy.Create("ns1", EmptyDict <string, string>().Add("k1", "v1"),
EmptyDict <string, string>(), EmptyDict <string, string>().Add("k1", "v1"),
EmptyList <string>().AddBack("k1"), EmptyList <string>(), EmptyList <string>().AddBack("k1"),
False(), False()),
};
var output = Algorithms.CreateReachMatrix(pods, policies, namespaces).ingressMatrix;
var r0 = EmptyList <bool>().AddBack(true).AddBack(false);
var r1 = EmptyList <bool>().AddBack(false).AddBack(true);
TestHelper.AssertMatrixEqual(output, new Zen <IList <bool> >[] { r0, r1 }, "Reachability Matrix, one direction only");
}
public void PolicyShadowTest()
{
Zen <Pod>[] pods = new Zen <Pod>[]
{
Pod.Create("default", EmptyDict <string, string>().Add("k0", "v0").Add("k1", "v1"), EmptyList <string>().AddBack("k0").AddBack("k1")),
Pod.Create("default", EmptyDict <string, string>().Add("k1", "v1"), EmptyList <string>().AddBack("k1")),
Pod.Create("ns1", EmptyDict <string, string>().Add("k2", "v2"), EmptyList <string>().AddBack("k2")),
Pod.Create("ns1", EmptyDict <string, string>().Add("k3", "v3"), EmptyList <string>().AddBack("k3"))
};
Zen <Namespace>[] namespaces = new Zen <Namespace>[]
{
Namespace.Create("default", EmptyDict <string, string>().Add("k0", "v0"), EmptyList <string>().AddBack("k0")),
Namespace.Create("ns1", EmptyDict <string, string>().Add("k1", "v1"), EmptyList <string>().AddBack("k1"))
};
Zen <Policy>[] policies = new Zen <Policy>[]
{
Policy.Create("default", EmptyDict <string, string>().Add("k0", "v0").Add("k1", "v1"),
EmptyDict <string, string>().Add("k2", "v2"), EmptyDict <string, string>().Add("k1", "v1"),
EmptyList <string>().AddBack("k0").AddBack("k1"), EmptyList <string>().AddBack("k2"), EmptyList <string>().AddBack("k1")),
Policy.Create("default", EmptyDict <string, string>().Add("k1", "v1"),
EmptyDict <string, string>(), EmptyDict <string, string>().Add("k1", "v1"),
EmptyList <string>().AddBack("k1"), EmptyList <string>(), EmptyList <string>().AddBack("k1")),
Policy.Create("ns1", EmptyDict <string, string>().Add("k3", "v3"),
EmptyDict <string, string>().Add("k2", "v2"), EmptyDict <string, string>().Add("k0", "v0"),
EmptyList <string>().AddBack("k3"), EmptyList <string>().AddBack("k2"), EmptyList <string>().AddBack("k0")),
};
var podPolMx = Algorithms.CreateReachMatrix(pods, policies, namespaces).podPolMatrix;
var r0 = EmptyList <bool>().AddBack(true).AddBack(true).AddBack(false);
var r1 = EmptyList <bool>().AddBack(false).AddBack(true).AddBack(false);
var r2 = EmptyList <bool>().AddBack(false).AddBack(false).AddBack(false);
var r3 = EmptyList <bool>().AddBack(false).AddBack(false).AddBack(true);
TestHelper.AssertMatrixEqual(podPolMx, new Zen <IList <bool> >[] { r0, r1, r2, r3 }, "PolicyShadowTest: PodPolMatrix");
var polPodAllowedMx = Algorithms.CreateReachMatrix(pods, policies, namespaces).polPodAllowedMatrix;
r0 = EmptyList <bool>().AddBack(false).AddBack(false).AddBack(true).AddBack(false);
r1 = EmptyList <bool>().AddBack(false).AddBack(false).AddBack(true).AddBack(true);
r2 = EmptyList <bool>().AddBack(false).AddBack(false).AddBack(false).AddBack(false);
TestHelper.AssertMatrixEqual(polPodAllowedMx, new Zen <IList <bool> >[] { r0, r1, r2 }, "PolicyShadowTest: PolPodAllowedMatrix");
var polPodSelectedMx = Algorithms.CreateReachMatrix(pods, policies, namespaces).polPodSelectedMatrix;
r0 = EmptyList <bool>().AddBack(true).AddBack(false).AddBack(false).AddBack(false);
r1 = EmptyList <bool>().AddBack(true).AddBack(true).AddBack(false).AddBack(false);
r2 = EmptyList <bool>().AddBack(false).AddBack(false).AddBack(false).AddBack(true);
TestHelper.AssertMatrixEqual(polPodSelectedMx, new Zen <IList <bool> >[] { r0, r1, r2 }, "PolicyShadowTest: PolPodSelectedMatrix");
var shadowedPair = Verifier.PolicyShadowCheck(podPolMx, polPodAllowedMx, polPodSelectedMx);
Assert.IsTrue(shadowedPair.Length().EqualToNumber(1));
var expected = EmptyList <Tuple <int, int> >().AddBack(Tuple <int, int>(1, 0));
Assert.IsTrue(shadowedPair.ToString().Equals(expected.ToString()), "PolicyShadowTest: shadow pairs are not correct.\nExpected: {0}\nGot: {1}", expected.ToString(), shadowedPair.ToString());
}
public void ReachabilityMatrix_NSAndPod()
{
Zen <Pod>[] pods = new Zen <Pod>[]
{
Pod.Create("default", EmptyDict <string, string>().Add("k0", "v0").Add("k1", "v1"), EmptyList <string>().AddBack("k0").AddBack("k1")),
Pod.Create("default", EmptyDict <string, string>().Add("k1", "v1"), EmptyList <string>().AddBack("k1")),
Pod.Create("ns1", EmptyDict <string, string>().Add("k2", "v2"), EmptyList <string>().AddBack("k2")),
Pod.Create("ns1", EmptyDict <string, string>().Add("k3", "v3"), EmptyList <string>().AddBack("k3")),
Pod.Create("ns1", EmptyDict <string, string>().Add("k4", "v4"), EmptyList <string>().AddBack("k4"))
};
Zen <Namespace>[] namespaces = new Zen <Namespace>[]
{
Namespace.Create("default", EmptyDict <string, string>().Add("k0", "v0"), EmptyList <string>().AddBack("k0")),
Namespace.Create("ns1", EmptyDict <string, string>().Add("k1", "v1"), EmptyList <string>().AddBack("k1"))
};
Zen <Policy>[] policies = new Zen <Policy>[]
{
Policy.Create("default", EmptyDict <string, string>().Add("k0", "v0").Add("k1", "v1"),
EmptyDict <string, string>().Add("k4", "v4"), EmptyDict <string, string>().Add("k1", "v1"),
EmptyList <string>().AddBack("k0").AddBack("k1"), EmptyList <string>().AddBack("k4"), EmptyList <string>().AddBack("k1")),
Policy.Create("default", EmptyDict <string, string>().Add("k1", "v1"),
EmptyDict <string, string>().Add("k2", "v2"), EmptyDict <string, string>().Add("k1", "v1"),
EmptyList <string>().AddBack("k1"), EmptyList <string>().AddBack("k2"), EmptyList <string>().AddBack("k1"),
False(), False()),
Policy.Create("ns1", EmptyDict <string, string>().Add("k3", "v3"),
EmptyDict <string, string>().Add("k2", "v2"), EmptyDict <string, string>().Add("k0", "v0"),
EmptyList <string>().AddBack("k3"), EmptyList <string>().AddBack("k2"), EmptyList <string>().AddBack("k0")),
};
var ingress = Algorithms.CreateReachMatrix(pods, policies, namespaces).ingressMatrix;
var r0 = EmptyList <bool>().AddBack(true).AddBack(false).AddBack(false).AddBack(false).AddBack(true);
var r1 = EmptyList <bool>().AddBack(false).AddBack(true).AddBack(false).AddBack(false).AddBack(false);
var r2 = EmptyList <bool>().AddBack(true).AddBack(true).AddBack(true).AddBack(false).AddBack(true);
var r3 = EmptyList <bool>().AddBack(false).AddBack(false).AddBack(false).AddBack(true).AddBack(false);
var r4 = EmptyList <bool>().AddBack(false).AddBack(false).AddBack(true).AddBack(false).AddBack(true);
TestHelper.AssertMatrixEqual(ingress, new Zen <IList <bool> >[] { r0, r1, r2, r3, r4 }, "Reachability_Matrix_Test_NS_Pods(ingress matrix)");
var egress = Algorithms.CreateReachMatrix(pods, policies, namespaces).egressMatrix;
r0 = EmptyList <bool>().AddBack(true).AddBack(false).AddBack(true).AddBack(false).AddBack(false);
r1 = EmptyList <bool>().AddBack(false).AddBack(true).AddBack(true).AddBack(false).AddBack(false);
r2 = EmptyList <bool>().AddBack(false).AddBack(false).AddBack(true).AddBack(false).AddBack(true);
r3 = EmptyList <bool>().AddBack(false).AddBack(false).AddBack(false).AddBack(true).AddBack(false);
r4 = EmptyList <bool>().AddBack(true).AddBack(false).AddBack(true).AddBack(false).AddBack(true);
TestHelper.AssertMatrixEqual(egress, new Zen <IList <bool> >[] { r0, r1, r2, r3, r4 }, "Reachability_Matrix_Test_NS_Pods(egress matrix)");
}
public void NSLabelTest()
{
Zen <IDictionary <string, string> > l1 = EmptyDict <string, string>().Add("k1", "v1");
Zen <IDictionary <string, string> > l2 = EmptyDict <string, string>().Add("k2", "v1");
Zen <IDictionary <string, string> > l3 = EmptyDict <string, string>().Add("k3", "v1");
Zen <IList <string> > k1 = EmptyList <string>().AddBack("k1");
Zen <IList <string> > k2 = EmptyList <string>().AddBack("k2");
Zen <IList <string> > k3 = EmptyList <string>().AddBack("k3");
var ns1 = Namespace.Create("defaul", l1, k1);
var ns2 = Namespace.Create("defaul", l2, k2);
var ns3 = Namespace.Create("defaul", l3, k3);
Zen <Namespace>[] namespaces = new Zen <Namespace>[] { ns1, ns2, ns3 };
var output = Algorithms.CreateNSLabelMatrix(namespaces);
var r1 = EmptyList <bool>().AddBack(true).AddBack(false).AddBack(false);
var r2 = EmptyList <bool>().AddBack(false).AddBack(true).AddBack(false);
var r3 = EmptyList <bool>().AddBack(false).AddBack(false).AddBack(true);
Assert.IsTrue(output.Get(k1.At(0).Value().GetHashCode()).Value().ToString().Equals(r1.ToString()));
Assert.IsTrue(output.Get(k2.At(0).Value().GetHashCode()).Value().ToString().Equals(r2.ToString()));
Assert.IsTrue(output.Get(k3.At(0).Value().GetHashCode()).Value().ToString().Equals(r3.ToString()));
}
public void ReachabilityMatrix_TwoDirection()
{
Zen <Pod>[] pods = new Zen <Pod>[]
{
Pod.Create("default", EmptyDict <string, string>().Add("k0", "v0"), EmptyList <string>().AddBack("k0")),
Pod.Create("ns1", EmptyDict <string, string>().Add("k1", "v1"), EmptyList <string>().AddBack("k1")),
};
Zen <Namespace>[] namespaces = new Zen <Namespace>[]
{
Namespace.Create("default", EmptyDict <string, string>().Add("k0", "v0"), EmptyList <string>().AddBack("k0")),
Namespace.Create("ns1", EmptyDict <string, string>().Add("k1", "v1"), EmptyList <string>().AddBack("k1"))
};
Zen <Policy>[] policies = new Zen <Policy>[]
{
// only ingress is allowed
Policy.Create("default", EmptyDict <string, string>().Add("k0", "v0"),
EmptyDict <string, string>(), EmptyDict <string, string>().Add("k1", "v1"),
EmptyList <string>().AddBack("k0"), EmptyList <string>(), EmptyList <string>().AddBack("k1")),
// only egress is allowed
Policy.Create("ns1", EmptyDict <string, string>().Add("k1", "v1"),
EmptyDict <string, string>(), EmptyDict <string, string>().Add("k0", "v0"),
EmptyList <string>().AddBack("k1"), EmptyList <string>(), EmptyList <string>().AddBack("k0"),
False(), False()),
};
var ingress = Algorithms.CreateReachMatrix(pods, policies, namespaces).ingressMatrix;
var r0 = EmptyList <bool>().AddBack(true).AddBack(true);
var r1 = EmptyList <bool>().AddBack(false).AddBack(true);
TestHelper.AssertMatrixEqual(ingress, new Zen <IList <bool> >[] { r0, r1 }, "Happy path(ingress matrix)");
var egress = Algorithms.CreateReachMatrix(pods, policies, namespaces).egressMatrix;
r0 = EmptyList <bool>().AddBack(true).AddBack(false);
r1 = EmptyList <bool>().AddBack(true).AddBack(true);
TestHelper.AssertMatrixEqual(egress, new Zen <IList <bool> >[] { r0, r1 }, "Happy path(egress matrix)");
}
public override void Populate(TextWriter trapFile)
{
trapFile.types(this, Kinds.TypeKind.ARGLIST, "__arglist");
trapFile.parent_namespace(this, Namespace.Create(Context, Context.Compilation.GlobalNamespace));
Modifier.HasModifier(Context, trapFile, this, "public");
}
public override IEntity VisitNamespace(INamespaceSymbol ns) => Namespace.Create(cx, ns);
public override void Populate()
{
Context.Emit(Tuples.types(this, Kinds.TypeKind.ARGLIST, "__arglist"));
Context.Emit(Tuples.parent_namespace(this, Namespace.Create(Context, Context.Compilation.GlobalNamespace)));
Modifier.HasModifier(Context, this, "public");
}
static void BuildNamespace(this INamespaceSymbol ns, Context cx, TextWriter trapFile)
{
trapFile.WriteSubId(Namespace.Create(cx, ns));
trapFile.Write('.');
}
