corazawaf · M4tteoP · Nov 14, 2024 · Nov 5, 2024 · Nov 7, 2024 · Nov 11, 2024
@@ -242,8 +242,17 @@
 			}
 			vLog.Debug().Msg("Expanding arguments for rule")
 
+			args := make([]string, 1)
+			var errs []error
+			var argsLen int
 			for i, arg := range values {
-				args, errs := r.transformArg(arg, i, cache)
+				if r.MultiMatch {
+					args, errs = r.transformMultiMatchArg(arg)
+					argsLen = len(args)
+				} else {
+					args[0], errs = r.transformArg(arg, i, cache)
+					argsLen = 1
+				}
 				if len(errs) > 0 {
 					vWarnLog := vLog.Warn()
 					if vWarnLog.IsEnabled() {
@@ -255,7 +264,7 @@
 				}
 
 				// args represents the transformed variables
-				for _, carg := range args {
+				for _, carg := range args[:argsLen] {
 					evalLog := vLog.
 						Debug().
 						Str("operator_function", r.operator.Function).
@@ -381,42 +390,41 @@
 	return matchedValues
 }
 
-func (r *Rule) transformArg(arg types.MatchData, argIdx int, cache map[transformationKey]*transformationValue) ([]string, []error) {
-	if r.MultiMatch {
-		// TODOs:
-		// - We don't need to run every transformation. We could try for each until found
-		// - Cache is not used for multimatch
-		return r.executeTransformationsMultimatch(arg.Value())
-	} else {
-		switch {
-		case len(r.transformations) == 0:
-			return []string{arg.Value()}, nil
-		case arg.Variable().Name() == "TX":
-			// no cache for TX
-			arg, errs := r.executeTransformations(arg.Value())
-			return []string{arg}, errs
-		default:
-			// NOTE: See comment on transformationKey struct to understand this hacky code
-			argKey := arg.Key()
-			argKeyPtr := unsafe.StringData(argKey)
-			key := transformationKey{
-				argKey:            argKeyPtr,
-				argIndex:          argIdx,
-				argVariable:       arg.Variable(),
-				transformationsID: r.transformationsID,
-			}
-			if cached, ok := cache[key]; ok {
-				return cached.args, cached.errs
-			} else {
-				ars, es := r.executeTransformations(arg.Value())
-				args := []string{ars}
-				errs := es
-				cache[key] = &transformationValue{
-					args: args,
-					errs: es,
-				}
-				return args, errs
+func (r *Rule) transformMultiMatchArg(arg types.MatchData) ([]string, []error) {
+	// TODOs:
+	// - We don't need to run every transformation. We could try for each until found
+	// - Cache is not used for multimatch
+	return r.executeTransformationsMultimatch(arg.Value())
+}
+
+func (r *Rule) transformArg(arg types.MatchData, argIdx int, cache map[transformationKey]*transformationValue) (string, []error) {
+	switch {
+	case len(r.transformations) == 0:
+		return arg.Value(), nil
+	case arg.Variable().Name() == "TX":
+		// no cache for TX
+		arg, errs := r.executeTransformations(arg.Value())
+		return arg, errs
+	default:
+		// NOTE: See comment on transformationKey struct to understand this hacky code
+		argKey := arg.Key()
+		argKeyPtr := unsafe.StringData(argKey)
+		key := transformationKey{
+			argKey:            argKeyPtr,
+			argIndex:          argIdx,
+			argVariable:       arg.Variable(),
+			transformationsID: r.transformationsID,
+		}
+		if cached, ok := cache[key]; ok {
+			return cached.arg, cached.errs
+		} else {
+			ars, es := r.executeTransformations(arg.Value())
+			errs := es
+			cache[key] = &transformationValue{
+				arg:  ars,
+				errs: es,
 			}
+			return ars, errs
 		}
 	}
 }

@@ -506,23 +506,23 @@ func TestTransformArgSimple(t *testing.T) {
 	rule := NewRule()
 	_ = rule.AddTransformation("AppendA", transformationAppendA)
 	_ = rule.AddTransformation("AppendB", transformationAppendB)
-	args, errs := rule.transformArg(md, 0, transformationCache)
+	arg, errs := rule.transformArg(md, 0, transformationCache)
 	if errs != nil {
 		t.Fatalf("Unexpected errors executing transformations: %v", errs)
 	}
-	if args[0] != "/testAB" {
-		t.Errorf("Expected \"/testAB\", got \"%s\"", args[0])
+	if arg != "/testAB" {
+		t.Errorf("Expected \"/testAB\", got \"%s\"", arg)
 	}
 	if len(transformationCache) != 1 {
 		t.Errorf("Expected 1 transformations in cache, got %d", len(transformationCache))
 	}
 	// Repeating the same transformation, expecting still one element in the cache (that means it is a cache hit)
-	args, errs = rule.transformArg(md, 0, transformationCache)
+	arg, errs = rule.transformArg(md, 0, transformationCache)
 	if errs != nil {
 		t.Fatalf("Unexpected errors executing transformations: %v", errs)
 	}
-	if args[0] != "/testAB" {
-		t.Errorf("Expected \"/testAB\", got \"%s\"", args[0])
+	if arg != "/testAB" {
+		t.Errorf("Expected \"/testAB\", got \"%s\"", arg)
 	}
 	if len(transformationCache) != 1 {
 		t.Errorf("Expected 1 transformations in cache, got %d", len(transformationCache))
@@ -538,12 +538,12 @@ func TestTransformArgNoCacheForTXVariable(t *testing.T) {
 	}
 	rule := NewRule()
 	_ = rule.AddTransformation("AppendA", transformationAppendA)
-	args, errs := rule.transformArg(md, 0, transformationCache)
+	arg, errs := rule.transformArg(md, 0, transformationCache)
 	if errs != nil {
 		t.Fatalf("Unexpected errors executing transformations: %v", errs)
 	}
-	if args[0] != "testA" {
-		t.Errorf("Expected \"testA\", got \"%s\"", args[0])
+	if arg != "testA" {
+		t.Errorf("Expected \"testA\", got \"%s\"", arg)
 	}
 	if len(transformationCache) != 0 {
 		t.Errorf("Expected 0 transformations in cache, got %d. It is not expected to cache TX variable transformations", len(transformationCache))

@@ -260,6 +260,6 @@ type transformationKey struct {
 }
 
 type transformationValue struct {
-	args []string
+	arg  string
 	errs []error
 }