Negated scalar condition for matchers

[Anilm3]

This PR introduces the ability to negate certain operators, using the ! as a prefix. The set of operators supported are the following: !match_regex, !phrase_match, !exact_match, !ip_match and !equals. Negated operators work through the use of the scalar_negated_condition, which operates in a similar manner to the scalar_condition, however only producing a match if the exhaustive evaluation of the given address + key_path results in no match.

Negated operators have the following restrictions:

• Matches can only be performed on available addresses, as the WAF has no information regarding whether an address will be provided later on, in a subsequent run.
• Due to the above, only a single address can be specified as an input.
• Some operators have been intentionally left without support, such as lower_than and greater_than, as their negated version can be an operator in and of itself, e.g. greater_equal and lower_equal.

Remaining work:

• Fuzzer support: this will be done in a separate PR as the whole ruleset generation needs to be revamped in the fuzzer.

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 89.54545% with 23 lines in your changes missing coverage. Please review.

Project coverage is 84.75%. Comparing base (749b4fd) to head (b7fc7a5).

Files with missing lines	Patch %	Lines
src/parser/matcher_parser.cpp	89.13%	5 Missing and 5 partials ⚠️
src/condition/scalar_condition.hpp	64.28%	0 Missing and 5 partials ⚠️
src/condition/scalar_condition.cpp	91.11%	2 Missing and 2 partials ⚠️
src/parser/expression_parser.cpp	84.21%	1 Missing and 2 partials ⚠️
src/parser/matcher_parser.hpp	85.71%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #335      +/-   ##
==========================================
+ Coverage   84.61%   84.75%   +0.14%     
==========================================
  Files         148      149       +1     
  Lines        7080     7152      +72     
  Branches     3271     3301      +30     
==========================================
+ Hits         5991     6062      +71     
+ Misses        411      409       -2     
- Partials      678      681       +3     

Flag	Coverage Δ
waf_test	84.75% <89.54%> (+0.14%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[pr-commenter]

Benchmarks

Benchmark execution time: 2024-09-26 13:05:05

Comparing candidate commit b7fc7a5 in PR branch anilm3/negated_scalar_condition with baseline commit 749b4fd in branch master.

Found 0 performance improvements and 1 performance regressions! Performance is the same for 0 metrics, 0 unstable metrics.

scenario:global-benchmark.random

• 🟥 execution_time [+9.573ms; +9.630ms] or [+3.393%; +3.413%]

[cataphract]

difficult to follow. You clearly expect a certain type here, judging by the very specific constructor but it's not mentioned until later in the file. Maybe adding requires(std::is_same_v<ResultType, bool> || std::is_same_v<ResultType, std::optional<condition_match>>) .

Although, I'd very much prefer you don't have this where you build the condition_match in this template for the scalar_condition and for the negated condition you build it in the caller... seems that what you need is a boolean to indicate to this template if you should generate the match when res is true or false.

[cataphract]

kind of hacky. you could just change parse_matcher to take the names of the matchers as non-type template parameters instead of having these fake void types.

[cataphract]

fwict this could easily be refactored to remove the duplication while improving legibility