Add upsertObjectWithExplicitPrev to IdentifiedObjectStore#353
Closed
TriggerRao wants to merge 3652 commits into
Closed
Add upsertObjectWithExplicitPrev to IdentifiedObjectStore#353TriggerRao wants to merge 3652 commits into
TriggerRao wants to merge 3652 commits into
Conversation
* add non head entry span flag for malicious sources * fix * fix
* Validate that the parent entity id exists * Validate transformation pipeline * Fraud policy typed validations * Span extraction validation * Remove extra util class * Remove stray dependency * Remove stary function * Add unit test * Nit * Refactoring based on review
* Add proto files for custom signature config service * Add proto files for custom signature config service changed name * Add proto files for custom signature config service changed file structure * Add proto files for custom signature config service moved service outside edge * Add import for edge custom signature config * removed edge directory and moved into a single proto * added the converters for clauses to rule definitions * resolved errors added proto * Update gradle locks (#4023) Co-authored-by: saxenakshitiz <84707889+saxenakshitiz@users.noreply.github.com> * AAP-10731: Add Bulk status change API for policies (#3992) * AAP-10731 Add Bulk status change API for policies * Expose helm config for tagged and api-protectionDetection config (#3993) * AAP-10566: adding proto for api abuse policy (#3969) * Update gradle locks (#4024) Co-authored-by: soujanyanmbri <54130357+soujanyanmbri@users.noreply.github.com> * Update gradle locks (#4028) Co-authored-by: keyurdoshi03 <218757170+keyurdoshi03@users.noreply.github.com> * Add code owner for custom policies and edge (#4029) * [AIS-97] Chore: Add "Full Name" Exclusion Rule for MCP Entities (#4026) * NO-TICKET | CHORE: Relax another constraint for application rule (#4030) * Relax another constraint * nits * AAP-10874: Fallback from the last user's email to generic last updated email for Audit details (#4017) * DC-1166: fetch configs separately & overlay disabled flag to exclude default (#4031) * fetch configs separately & overlay disabled flag to exclude default * spotless apply * simplify filtering * spotless apply --------- Co-authored-by: Donald Propst <donald.prospt@harness.io> * AAP-10650: updated rules version to latest 1.4.0 (#4010) * updated rules version * date updated * Update gradle locks (#4036) * NO-TICKET: new v1.4.0 waf version in helm values (#4037) * new v1.4.0 waf version in helm values * remove helm override * template update * resolved * conditional block * conditional block for api config as well * comment out apiGlobalConfig --------- Co-authored-by: Deepanshu kumar <114489502+Deepanshu0703@users.noreply.github.com> * Update gradle locks (#4039) Co-authored-by: sidharth-jain23 <32795041+sidharth-jain23@users.noreply.github.com> * Chore: Add required dependences to commons module for refactor (#4042) * update coraza-waf image for multi-arch support (#4040) * Expose Auth Regex and Value out of range config (#4034) * AAP-10846 - Certificate regions filter fix (#4018) * AAP-10846 - Fixed Behaviour of TLS cert Filters * OR/ANY conditions * Added unit tests for certificate filter regions * AAP-10294 : Fix Jexl for roles, scopes and authType (#4033) * Fix Jexl for roles, scopes and authType * Remove unused subRuleConfigs from threat rule config Removed unused subRuleConfigs for parameterAnomaly and authn rules. * Add newline at end of api-protect-threat-rule-configs.conf Fix missing newline at end of file in threat rule config. * Add newline at end of api-protect-threat-rule-configs.conf Fix missing newline at the end of the configuration file. * Add newline at end of api-protect-threat-rule-configs.conf Fix missing newline at end of file in threat rule config. * resolve apiIdResolver logic * Update gradle locks (#4046) Co-authored-by: Gg-harness <203631318+Gg-harness@users.noreply.github.com> * AAP-10909: implementation for abuse policy api (#4027) * AAP-10752: Add Impl for Bulk Status Change of Policies (#4035) * AAP-10788: Add impl for Bulk status change for Custom Signatures * AAP-10783: Add impl for Bulk status change for Detection Exclusion Rules * AAP-10784: Add impl for Bulk status change for IP range rules * AAP-10786: Add impl for Bulk status change for Malicious Sources rules * AAP-10787: Add impl for Bulk status change for Rate-Limiting rules * AAP-10785: Add impl for Bulk status change for Region rules * NO-TICKET: Chore: Change ht dependency from api to implementation (#4052) * Chore: Change ht dependency from api to implementation * Update locks * Update catalog version to 0.4.4672 * Update gradle locks (#4056) Co-authored-by: DibyojyotiS <49481952+DibyojyotiS@users.noreply.github.com> --------- Co-authored-by: Gaurav Gupta <gaurav.gupta@harness.io> Co-authored-by: traceable-ci-app[bot] <145809357+traceable-ci-app[bot]@users.noreply.github.com> * Refactor disable Anomaly ruleType rule by default (#4045) * NO-TICKET : Clean up dependencies in config-service-commons build.gradle.kts (#4057) * Add crs_9420190 for RICH_TEXT_HTML and FREE_TEXT in paramValueTypeModsecExcludes config (#4060) * NO-TICKET: Relax assetSelector validation for dynamic app group rules (#4049) * Sending info to agents when modsec non-trackable clauses are present (#4059) * AAP-10728: Fraud event kind & transformation function defintion (#4001) * Introduce data model event kind * Initial derivation * First draft of the APIs * Use enums to enlist system defined types * Add proto services * Add GQL annotations * Edit proto * Add allowed types * Using primiative arrays * Simplify type identifier * Introducing templates * Refactoring based on review comments * Refactoring based on review comments * Make system types as string as well * Update input kinds * Simplify eventKind id construct * nit * Update protos * Clean naming * Fix mapping * Remove type param field in proto * Remove type param field in proto * Rename complex data model events * Try * CHeck * CHeck * Revert "Sending info to agents when modsec non-trackable clauses are present …" (#4065) This reverts commit 97ce3b0. * AAP-10874: Fallback on lastUpdatedEmail when lastUserUpdatedEmail is unavailable. (#4044) * Add MCP Tool asset type (#4068) * ASP-1349: fix: add default span filter check for scope matching (#4069) * Update gradle locks (#4072) Co-authored-by: soujanyanmbri <54130357+soujanyanmbri@users.noreply.github.com> * Update gradle locks (#4075) Co-authored-by: DibyojyotiS <49481952+DibyojyotiS@users.noreply.github.com> * NO-TICKET: Add proto validations in GQL description for abuse policy (#4078) * Chore: Update ht version (#4080) * Configs to show threat rules corresponding to response schema validation as Disabled (#4076) * Add Config for CSRF (#4071) * AAP-10718: Add config to enable/disable incidents generation (#4077) * AAP-10718: Add config to enable/disable incidents generation * rename config * switch to disabled instead of enabled * NO-TICKET: add max and min metric data type (#4079) * AAP-10284 : Add Config for CSRF (#4083) * Add Config for CSRF * Update api-protect-threat-rule-configs.conf * AAP-10972 : Add Jwt Configs (#4074) * Add Jwt Configs * resolved * Revert "resolved" This reverts commit 93e6d58289f9da0324de341ef1157d1fc1b6693b. * added ssrf * DC-1184: adding ordering based on creation/updation ts for agent action config (#4073) * adding ts field in agent action config * update description * AAP-11177: Confidence Fix (#4085) * Confidence Fix * hypertrace * AAP-11145: Exposing newly added config params for response schema validation based threat rule evaluators on the UI (#4084) * Configs to show threat rules corresponding to response schema validation as Disabled * Cleanup * Added a config param to all the response based schema validation threat rules * Added the param_regexes_to_ignore config param to a couple of other evaluators * Removed the config param of 'param_regexes_to_ignore' for a couple of evaluators * Exposing the options of configParams for newly added threat rules corresponding to response schema validation on the UI * AAP-11053: Addition of CustomSignatureBlockingDetails only for modsec-convertible ScopeExpression (#4063) * Sending info to agents when modsec non-trackable clauses are present * Addition of CustomSignatureBlockingDetails only for modsec-convertible ScopeExpression * Decrease agentPollingFrequency for SecuritySchemeConfig (#4087) * API changes to add filter variables (#4088) Co-authored-by: Suresh Prakash <93120060+suresh-prakash@users.noreply.github.com> * NO-TICKET: Update abuse_policy.proto (#4089) * NO-TICKET : Fix ConcurrentModificationException in Map (#4091) * Fix ConcurrentModificationException in Map * spotless * adding keyvalue mode in dataparsing config(#4086) * ASP-1490 | CHORE : filtervariable extraction impl from saved filter (#4092) * filtervariable extraction impl * nits * nits * nits * nits * nits --------- Co-authored-by: Suresh Prakash <93120060+suresh-prakash@users.noreply.github.com> * AAP-10160: Define event derivation config as a structured config in the proto (#3825) * AAP-10160: Define event derivation config as a structure config in the proto * move/rename files * move around * resolve errors * fix path * fix path * fix imports * address comments * address comments * address comments * Proto changes * Introduce data model event kind * Initial derivation * First draft of the APIs * Use enums to enlist system defined types * Add proto services * Add GQL annotations * Edit proto * Add allowed types * Using primiative arrays * Simplify type identifier * Introducing templates * Update * Update * Refactoring based on review comments * Refactoring based on review comments * Make system types as string as well * Update input kinds * Simplify eventKind id construct * nit * Update protos * Clean naming * Fix mapping * Remove type param field in proto * Remove type param field in proto * Commit * Refactor * Remove stray * Check * Checkin code * Checkin code * AAP-10160: Define EntityDerivationConfig proto and clean up EventDerivationConfigDetails - Fix EventDerivationConfigDetails: flat structure with extraction, pipeline, source, target, sinks - Add new fraud-datamodel-entity-derivation-config-service-api module with EntityDerivationConfig proto - EntityDerivationConfig uses oneof for base vs child entity (parent pointer approach) - Add EntityDerivationConfigService gRPC CRUD operations - Remove ENTITY_TYPE_TENANT and ENTITY_TYPE_ENVIRONMENT from EntityType enum - Rename composite_event_kind.proto to complex_data_model_event_kind.proto Co-authored-by: Cursor <cursoragent@cursor.com> * Move entity derivation protos into existing derivation-config-service-api module Remove separate fraud-datamodel-entity-derivation-config-service-api module and place entity derivation protos under a separate package path within fraud-datamodel-derivation-config-service-api. Co-authored-by: Cursor <cursoragent@cursor.com> * Remove Kafka source/sink config from EventDerivationConfigDetails Strip SourceConfig, SinkConfig, and KafkaConfig — can be added later when needed. Co-authored-by: Cursor <cursoragent@cursor.com> * Add GQL annotations * Add GQL annotations * Add GQL annotations * Refactoring * Refactored fields to better * Nit * Comments update * Nit * Add an internal * Add an mandatory entity type --------- Co-authored-by: Prajwal Krishna <32260838+PrajwalKrishna@users.noreply.github.com> Co-authored-by: Varsha Abhinandan <varsha@traceable.ai> Co-authored-by: Cursor <cursoragent@cursor.com> * NO-TICKET: Add policy validation for group by entitiesies (#4090) * Update gradle locks (#4094) Co-authored-by: DibyojyotiS <49481952+DibyojyotiS@users.noreply.github.com> * AAP-10835: Default audit details for default rules to be set to Traceable (#4081) * NO-TICKET chore: add policy type abuse for abuse fraud policies (#4096) * chore: add policy type abuse for abuse fraud policies * chore: address comments * chore: revert change * AAP-11235: Add support for powering aggregation functions for backend (#4098) * AAP-11235: Add support for powering aggregation functions for backend * Move name --------- Co-authored-by: Varsha Abhinandan <varsha@traceable.ai> * Update gradle locks (#4104) Co-authored-by: soujanyanmbri <54130357+soujanyanmbri@users.noreply.github.com> * DC-981: proto changes for DC-981 (#4064) * proto changes * remove getall * filter based gets * reverting to existing api pattern * changes from review * lint * changes from review * Validations for allow/block types of rules to not have exclude enabled for INLINE_TRACING_AGENT (#4097) * AAP-11218 - chore: basic schema changes for abuse policy detection filters (#4103) * chore-wip: basic schema changes for filters * chore: use filters fields * chore: update references and nit refactoring * chore: update references * chore: add logical and relational filters * chore: add comments * chore: add comments * chore: re-add comparison op --------- Co-authored-by: Varsha Abhinandan <varsha@traceable.ai> * Update gradle locks (#4107) Co-authored-by: DibyojyotiS <49481952+DibyojyotiS@users.noreply.github.com> * Add urlRegex in CSRF Config (#4093) * Add httpMethodRegex in CSRF Config (#4112) * Update gradle locks (#4114) Co-authored-by: soujanyanmbri <54130357+soujanyanmbri@users.noreply.github.com> * AAP-11295: Add support for operator on filter (#4109) * AAP-11156: Entity derivation implementation (#4100) * AAP-11235: Add support for powering aggregation functions for backend * Move name * Add impl * Add unit test * Add integration test * Restore stray change * Fix module * Update GQL annotations * Fix proto * nit * restore * spotless * Restore * Check * Add unit test * fix integration * Add unit test --------- Co-authored-by: Varsha Abhinandan <varsha@traceable.ai> * AAP-11246: Event kind and transformation function proto impl (#4106) * AAP-11246: Event kind and transformation function proto impl * Remove stray impl * Remove all functions * Update YAML parser logic * Throw validation error * Add stronger unit test for checking default files * Add support for hierachy * AAP-11295: Add support for operator on filter * Handle operator * Add operator supports * Nit * AAP-11241 - Handle Custom Modsec Rule Conversion for Header Count Adjustment in Config Service (#4099) * Handle Custom Modsec Rule Conversion for Header Count Adjustment in Config Service * Add souts for debugging unit test * spotless * Try fixing modsec unit test * spotless * Try fixing modsec unit test * Try fixing modsec unit test * Try fixing modsec unit test * Try fixing modsec unit test * Try fixing modsec unit test * spotless * Final unit test changes and cleanup * Modified description to not show count for Count Request Metdata in match expression * address comments * Update confidence score from MEDIUM,LOW,LOW,LOW,LOW,MEDIUM to MEDIUM,LOW,LOW,LOW,LOW,LOW (#4116) * Handle All modsec rule versions for header count adjustment (#4117) * Update gradle locks (#4118) Co-authored-by: keyurdoshi03 <218757170+keyurdoshi03@users.noreply.github.com> * Disable CSRF and Add Url regex for Broken Auth (#4123) * Update gradle locks (#4125) Co-authored-by: keyurdoshi03 <218757170+keyurdoshi03@users.noreply.github.com> * Fix non-modsec-trackable rules losing service mapping in modsec response (#4122) Co-authored-by: Prerana Singhal <singhal.prerana@gmail.com> * Update gradle locks (#4126) Co-authored-by: keyurdoshi03 <218757170+keyurdoshi03@users.noreply.github.com> * Update gradle locks (#4132) Co-authored-by: PrajwalKrishna <32260838+PrajwalKrishna@users.noreply.github.com> * AAP-11407: Abuse Policy Proto changes to use common aggregations and operators (#4129) * Remove duplicate scope * REmove SQL template * Handle operators well * nit * Use common aggregator functions * Filter proto changes * Operator impl change * AAP-11314 chore: add policy labels to abuse policies (#4127) * chore: add policy labels to abuse policies * chore: address comment * Update gradle locks (#4128) Co-authored-by: Adity-Deshmukh <64344005+Adity-Deshmukh@users.noreply.github.com> --------- Co-authored-by: traceable-ci-app[bot] <145809357+traceable-ci-app[bot]@users.noreply.github.com> * Remove values array for GenAI naming rules ID generation (#3788) * AAP-8643: Detailed errors for graphql for custom signature rules (#3774) * Detailed errors for graphql * Need to fix more unit tests * Modified a few unit tests according to the new format in which the exception is thrown * Revert "Validations for allow/block types of rules to not have exclude enable…" (#4135) This reverts commit 1219348. * AAP-0000 chore: make aggregation event kind proto use enum (#4138) * chore: make aggregation event kind proto use enum * Fix missed setId -> setFunctionType in AggregationFunctionServiceImplTest * Fix tests * chore: fix tests --------- Co-authored-by: PrajwalKrishna <32260838+PrajwalKrishna@users.noreply.github.com> * NO-TICKET: Move sql operators to enum (#4140) * chore: make aggregation event kind proto use enum * Fix missed setId -> setFunctionType in AggregationFunctionServiceImplTest * Fix tests * chore: fix tests * Add a unit test * NO-TICKET: Move sql operators to enum * Fix test --------- Co-authored-by: Adity-Deshmukh <aditya.deshmukh@traceable.ai> Co-authored-by: Aditya Deshmukh <64344005+Adity-Deshmukh@users.noreply.github.com> * DC-981:proto-changes (#4137) * proto-changes * ignore breaking changes * remove ignores (#4141) * NO-TICKET: Accept all environment all api policies (#4142) * Update gradle locks (#4143) Co-authored-by: keyurdoshi03 <218757170+keyurdoshi03@users.noreply.github.com> * ASP-1493: Add validation for unique app group rule names (#4124) * Update gradle locks (#4144) Co-authored-by: keyurdoshi03 <218757170+keyurdoshi03@users.noreply.github.com> * Dc-981-Implementation for percentage based sampling api (#4108) * internal changes * agent facing changes * lint * lint-2 * fix tests * correct validators * upgrade submodules to catch up with main branch * upgrade submodules to catch up with main branch * changes from review * missed tests * newer commit * integration test * lint * locks * Revert "locks" This reverts commit ce4e121d4fa6b95c2f2c13db51509c1edbba57e7. * int to float * Update gradle locks (#4134) Co-authored-by: stellarhuman <97425093+stellarhuman@users.noreply.github.com> * Revert "Update gradle locks (#4134)" This reverts commit 81cb9ae8c69a89e46846bd19deab1657c2f432dd. * float check and tests --------- Co-authored-by: Tim Mwangi <timothy.mwangi@harness.io> Co-authored-by: traceable-ci-app[bot] <145809357+traceable-ci-app[bot]@users.noreply.github.com> * Update gradle locks (#4148) Co-authored-by: keyurdoshi03 <218757170+keyurdoshi03@users.noreply.github.com> * AAP-11449: Confidence fix (#4149) * Update gradle locks (#4151) Co-authored-by: TriggerRao <119682555+TriggerRao@users.noreply.github.com> * NO-TICKET: Update catalog version to 0.4.4973 (#4153) * Update catalog version to 0.4.4973 * Update gradle locks (#4154) Co-authored-by: TriggerRao <119682555+TriggerRao@users.noreply.github.com> * added dependencies * Update gradle locks (#4155) Co-authored-by: TriggerRao <119682555+TriggerRao@users.noreply.github.com> --------- Co-authored-by: traceable-ci-app[bot] <145809357+traceable-ci-app[bot]@users.noreply.github.com> Co-authored-by: Tarun Rao <tarun.rao@harness.io> * Chore: Update ht version (#4156) * add support for search in get jira integrations api (#4150) * updates the key prefixes and added the main converter file * changed keys of all converters * Add proto files for custom signature config service * Add proto files for custom signature config service changed name * Add proto files for custom signature config service changed file structure * Add import for edge custom signature config * removed edge directory and moved into a single proto * added the converters for clauses to rule definitions * resolved errors added proto * updates the key prefixes and added the main converter file * changed keys of all converters * added aggregation case and ip. and user. * spotLessApply and some minute changes * minute changes * added string values * sonar changes * spotLessApply * added tests * added more tests * more tests * more tests * more tests * more tests * removed comments and updated attributes * updated tests and corrected match expression * corrected user related converters * used buildAppendablePrefix and some minute changes * minor changes * applied suggested changes * added secruleprocessordetails and changed scope converter according to protection engine * suggested changes * clause group changes and random number added, changed key prefix getter * added grpc logic and changes in traceable edge config service * changed helm values and config change event * changed the zookeeper version in traceable config service * write-locks for traceable-edge-config-service * added config related to custom modsec rule version * feature flag for older version * spotlessapply * removed feature flag from manager * added the change event key class and filter for rule evaluation point and event type while loading * added input validator in manager * added input validator in manager * added input validator in manager * resolved comments * resolved sonar issues and minor changes --------- Co-authored-by: Tarun Rao <tarun.rao@harness.io> Co-authored-by: traceable-ci-app[bot] <145809357+traceable-ci-app[bot]@users.noreply.github.com> Co-authored-by: saxenakshitiz <84707889+saxenakshitiz@users.noreply.github.com> Co-authored-by: Dibyojyoti Sinha <49481952+DibyojyotiS@users.noreply.github.com> Co-authored-by: Deepanshu kumar <114489502+Deepanshu0703@users.noreply.github.com> Co-authored-by: soujanyanmbri <54130357+soujanyanmbri@users.noreply.github.com> Co-authored-by: keyurdoshi03 <218757170+keyurdoshi03@users.noreply.github.com> Co-authored-by: Gaurav Gupta <gaurav.gupta@harness.io> Co-authored-by: Rutvij Menavlikar <rutvij.menavlikar@traceable.ai> Co-authored-by: singh-viikram <120372667+singh-viikram@users.noreply.github.com> Co-authored-by: Donnie <donald.propst@harness.io> Co-authored-by: Donald Propst <donald.prospt@harness.io> Co-authored-by: Keyur Doshi <keyur.doshi@harness.io> Co-authored-by: sidharth-jain23 <32795041+sidharth-jain23@users.noreply.github.com> Co-authored-by: dasariakshay3 <dasari.akshay@harness.io> Co-authored-by: Gg-harness <203631318+Gg-harness@users.noreply.github.com> Co-authored-by: Ohiduz Zaman <67164154+Ohiduz@users.noreply.github.com> Co-authored-by: Rahul Padhy <rahul.padhy@harness.io> Co-authored-by: Prajwal Krishna <32260838+PrajwalKrishna@users.noreply.github.com> Co-authored-by: Sanket Mundra <97032782+sanket-mundra@users.noreply.github.com> Co-authored-by: Bhuvan Jayam <77482898+Bhuvan506@users.noreply.github.com> Co-authored-by: Varkeychan Jacob <53667828+varkey98@users.noreply.github.com> Co-authored-by: Suresh Prakash <93120060+suresh-prakash@users.noreply.github.com> Co-authored-by: Polapragada Yashwant <155515534+thugrock7@users.noreply.github.com> Co-authored-by: Varsha Abhinandan <varsha@traceable.ai> Co-authored-by: Cursor <cursoragent@cursor.com> Co-authored-by: Aditya Deshmukh <64344005+Adity-Deshmukh@users.noreply.github.com> Co-authored-by: Raghav <97425093+stellarhuman@users.noreply.github.com> Co-authored-by: Hardik Vardaan <37293677+AtOM18@users.noreply.github.com> Co-authored-by: Prerana Singhal <singhal.prerana@gmail.com> Co-authored-by: Adity-Deshmukh <aditya.deshmukh@traceable.ai> Co-authored-by: Tim Mwangi <timothy.mwangi@harness.io> Co-authored-by: Sanket Kar <sanket.kar@traceable.ai>
* AAP-11589 - Proto Change Support A addresses * Tests added * Added tests
* AI metadata supplier impl * update locks and added few dependecies * AI Metadata Proto Changes * AI Metadata Proto Changes * AI Metadata Proto Changes * AI metadata supplier impl * AI metadata supplier impl * AI metadata supplier impl
* update proto of waf integration for enable toggle * implementation for enable/disable waf integration * remove comment * refactor * remove comment
* AAP-11680 - The aggregation function bug (SUM/AVG/MIN) * AAP-11594, AAP-11597: Policy validations stricter * Add Aditya as codeowner
* add missing config mapping for mresp rule * add separate config param for mresp
* update akamai waf config with client list id * update protos
We do not want to use the same categories for all entity types (APIs and MCP Tools for now). Create a mapping from entity type to allowed categories and add validation and filtering where needed.
Co-authored-by: Deepanshu0703 <114489502+Deepanshu0703@users.noreply.github.com>
Co-authored-by: Deepanshu0703 <114489502+Deepanshu0703@users.noreply.github.com>
Co-authored-by: Deepanshu0703 <114489502+Deepanshu0703@users.noreply.github.com>
Co-authored-by: Deepanshu0703 <114489502+Deepanshu0703@users.noreply.github.com>
* Config Scope support of web app eval context * Config Scope support of web app eval context * Config Scope support of api eval context * Config Scope support of api eval context
…(#4220) * add missing config mapping for mresp rule * add separate config param for mresp * schema validation response rules: add config to exclude response parts
Co-authored-by: Deepanshu0703 <114489502+Deepanshu0703@users.noreply.github.com>
Co-authored-by: Deepanshu0703 <114489502+Deepanshu0703@users.noreply.github.com>
* chore : add GenAI blocking config * fix
…edge (#4222) * Sending AI Firewall related configs from config-service to edge * Sending AI Firewall related configs from config-service to edge * Sending AI Firewall related configs from config-service to edge * chore: Evalution Details for AI Rules * chore: Evalution Details for AI Rules * fix build issues * fix build issues
…onfig-service (#4479) * AAP-13120: Add GenerateHelmValues gRPC API to cloud-edge-deployment-config-service * Clarify HelmValuesFile file_path comment * Fix formatting in HelmValuesFile message
Co-authored-by: DibyojyotiS <49481952+DibyojyotiS@users.noreply.github.com>
* Config Fix changes for config context * Config Fix changes for config context
…embedding) (#4480) * ASP-2492: Fix GenAI discovery rule collision (Cohere embed vs Google embedding) Cohere's STARTS_WITH "embed" prefixed Google's "embedding", so embedding-gecko and other Google embedding* models were mis-tagged as Cohere by rule order. The same overlap existed in both default rule files served by the merged map: the model-only tier of default-genai-system-discovery-rules.conf and default-genai-system-discovery-server-span-rules.conf. - Tighten Cohere "embed" -> "embed-" in both files so it cannot prefix Google's "embedding" (left command/rerank bare; bare "command" is a real Cohere model). - Order Google before Cohere in the server-span file as defensive depth. - Expand Cohere server-span coverage (Aya, transcribe) collision-safely. - Add a collision-guard test covering both files: a behavioural check that each model value classifies to exactly one vendor, and a structural check that no model-only rule's prefix is a substring-prefix of another vendor's (OpenAI and AzureOpenAI bucketed together as a deliberately shared, host-gated namespace). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> AI-Session-Id: 0d4c56fb-6709-4559-bbb2-8cab3e6c8731 AI-Tool: claude-code AI-Model: unknown * addressing comments
* Added environment in AiAppEvaluationConfigContextSupplier * Added environment in AiAppEvaluationConfigContextSupplier * Adde Severity For Blocking Rules
Co-authored-by: keyurdoshi03 <218757170+keyurdoshi03@users.noreply.github.com>
…fied default rule is updated
This reverts commit 8907bff.
TriggerRao
changed the title
# Conflicts: # hypertrace-config-service
Co-authored-by: TriggerRao <119682555+TriggerRao@users.noreply.github.com>
…m-policies # Conflicts: # agent-action-config-service-api/gradle.lockfile # agent-action-config-service-impl/gradle.lockfile # ai-app-protection-config-service-api/gradle.lockfile # ai-app-protection-config-service-impl/gradle.lockfile # anomaly-config-service-api/gradle.lockfile # anomaly-config-service-impl/gradle.lockfile # anomaly-config-service-registry/gradle.lockfile # anomaly-scoring-config-service-api/gradle.lockfile # anomaly-scoring-config-service-impl/gradle.lockfile # api-attribute-override-service-api/gradle.lockfile # api-attribute-override-service-impl/gradle.lockfile # api-gateway-config-service-api/gradle.lockfile # api-gateway-config-service-cache/gradle.lockfile # api-gateway-config-service-common/gradle.lockfile # api-gateway-config-service-impl/gradle.lockfile # api-spec-config-service-api/gradle.lockfile # api-spec-config-service-impl/gradle.lockfile # application-grouping-config-service-api/gradle.lockfile # application-grouping-config-service-impl/gradle.lockfile # ast-config-service-api/gradle.lockfile # ast-config-service-impl/gradle.lockfile # ast-hooks-config-service-api/gradle.lockfile # ast-hooks-config-service-impl/gradle.lockfile # ast-scan-profile-config-service-api/gradle.lockfile # ast-scan-profile-config-service-impl/gradle.lockfile # attribute-resolution-config-client/gradle.lockfile # attribute-resolution-config-service-api/gradle.lockfile # attribute-resolution-config-service-impl/gradle.lockfile # audit-utils/gradle.lockfile # auth-detection-config-service-api/gradle.lockfile # auth-detection-config-service-impl/gradle.lockfile # azure-devops-integration-config-service-api/gradle.lockfile # azure-devops-integration-config-service-impl/gradle.lockfile # blocking-config-service-api/gradle.lockfile # blocking-config-service-impl/gradle.lockfile # certificate-management-config-service-api/gradle.lockfile # certificate-management-config-service-impl/gradle.lockfile # cloud-bot-deployment-config-service-api/gradle.lockfile # cloud-bot-deployment-config-service-impl/gradle.lockfile # cloud-edge-deployment-config-service-api/gradle.lockfile # cloud-edge-deployment-config-service-impl/gradle.lockfile # config-proto-utils/gradle.lockfile # config-service-commons/gradle.lockfile # config-utils/gradle.lockfile # custom-signature-config-service-api/gradle.lockfile # custom-signature-config-service-impl/gradle.lockfile # dashboard-config-service-api/gradle.lockfile # dashboard-config-service-impl/gradle.lockfile # data-classification-client/gradle.lockfile # data-classification-config-service-api/gradle.lockfile # data-classification-config-service-impl/gradle.lockfile # data-config-service-api/gradle.lockfile # data-config-service-impl/gradle.lockfile # data-exfiltration-config-service-api/gradle.lockfile # data-exfiltration-config-service-impl/gradle.lockfile # data-obfuscation-config-service-api/gradle.lockfile # data-obfuscation-config-service-impl/gradle.lockfile # data-parsing-config-service-api/gradle.lockfile # data-parsing-config-service-impl/gradle.lockfile # data-protection-config-service-api/gradle.lockfile # data-protection-config-service-impl/gradle.lockfile # detection-exclusion-config-service-api/gradle.lockfile # detection-exclusion-config-service-impl/gradle.lockfile # entity-fetcher-cache/gradle.lockfile # external-agent-action-config-service-api/gradle.lockfile # external-agent-action-config-service-impl/gradle.lockfile # external-agent-attribute-config-service-api/gradle.lockfile # external-agent-attribute-config-service-impl/gradle.lockfile # external-data-classification-config-service-api/gradle.lockfile # external-data-classification-config-service-impl/gradle.lockfile # external-user-attribution-config-service-api/gradle.lockfile # external-user-attribution-config-service-impl/gradle.lockfile # external-wasm-config-service-api/gradle.lockfile # feature-caching-client/gradle.lockfile # fraud-datamodel-config-service-api/gradle.lockfile # fraud-datamodel-config-service-impl/gradle.lockfile # fraud-datamodel-derivation-config-service-api/gradle.lockfile # fraud-datamodel-derivation-config-service-impl/gradle.lockfile # fraud-datamodel-event-kind-config-service-api/gradle.lockfile # fraud-datamodel-event-kind-config-service-impl/gradle.lockfile # fraud-policy-config-service-api/gradle.lockfile # fraud-policy-config-service-impl/gradle.lockfile # genai-config-service-api/gradle.lockfile # genai-config-service-impl/gradle.lockfile # genai-system-discovery-client/gradle.lockfile # genai-system-discovery-config-service-api/gradle.lockfile # genai-system-discovery-config-service-impl/gradle.lockfile # github-integration-config-service-api/gradle.lockfile # github-integration-config-service-impl/gradle.lockfile # google-secops-integration-config-service-api/gradle.lockfile # graphql-autogen-schema-annotations/gradle.lockfile # http-event-collector-integration-config-service-api/gradle.lockfile # http-event-collector-integration-config-service-impl/gradle.lockfile # integration-config-service-api/gradle.lockfile # integration-config-service-impl/gradle.lockfile # ip-resolution-config-service-api/gradle.lockfile # ip-resolution-strategy-config-service-api/gradle.lockfile # ip-resolution-strategy-config-service-impl/gradle.lockfile # iprange-config-service-api/gradle.lockfile # iprange-config-service-impl/gradle.lockfile # jira-integration-config-service-api/gradle.lockfile # jira-integration-config-service-impl/gradle.lockfile # jwt-extraction-config-service-api/gradle.lockfile # jwt-extraction-config-service-impl/gradle.lockfile # license-status-config-service-api/gradle.lockfile # license-status-config-service-impl/gradle.lockfile # local-processing-config-service-api/gradle.lockfile # local-processing-config-service-impl/gradle.lockfile # malicious-sources-config-service-api/gradle.lockfile # malicious-sources-config-service-impl/gradle.lockfile # mock-config-service/gradle.lockfile # modsecurity-utils/gradle.lockfile # rate-limiting-config-service-api/gradle.lockfile # rate-limiting-config-service-impl/gradle.lockfile # region-config-service-api/gradle.lockfile # region-config-service-impl/gradle.lockfile # reporting-config-service-api/gradle.lockfile # reporting-config-service-impl/gradle.lockfile # risk-config-service-api/gradle.lockfile # risk-config-service-impl/gradle.lockfile # risk-config-service-v2-impl/gradle.lockfile # runner-logs-config-service-api/gradle.lockfile # runner-logs-config-service-impl/gradle.lockfile # saved-filter-config-service-api/gradle.lockfile # saved-filter-config-service-caching-client/gradle.lockfile # saved-filter-config-service-impl/gradle.lockfile # saved-query-config-service-api/gradle.lockfile # saved-query-config-service-impl/gradle.lockfile # sensitive-data-config-service-api/gradle.lockfile # sensitive-data-config-service-impl/gradle.lockfile # servicenow-itsm-integration-config-service-api/gradle.lockfile # servicenow-itsm-integration-config-service-impl/gradle.lockfile # session-identification-config-service-api/gradle.lockfile # session-identification-config-service-impl/gradle.lockfile # splunk-integration-config-service-api/gradle.lockfile # splunk-integration-config-service-impl/gradle.lockfile # syslog-integration-config-service-api/gradle.lockfile # syslog-integration-config-service-impl/gradle.lockfile # threat-management-config-service-api/gradle.lockfile # threat-management-config-service-impl/gradle.lockfile # threat-scoring-config-service-api/gradle.lockfile # threat-scoring-config-service-impl/gradle.lockfile # traceable-alerting-config-service-api/gradle.lockfile # traceable-alerting-config-service-impl/gradle.lockfile # traceable-bot-config-service-api/gradle.lockfile # traceable-bot-config-service-impl/gradle.lockfile # traceable-config-service-factory/gradle.lockfile # traceable-config-service-rest/gradle.lockfile # traceable-config-service/gradle.lockfile # traceable-datamodel-config-service-api/gradle.lockfile # traceable-edge-bot-config-service-api/gradle.lockfile # traceable-edge-bot-config-service-impl/gradle.lockfile # traceable-edge-config-service-api/gradle.lockfile # traceable-edge-config-service-impl/gradle.lockfile # traceable-edge-decision-config-service-api/gradle.lockfile # traceable-edge-decision-config-service-impl/gradle.lockfile # traceable-edge-decision-converter-utils/gradle.lockfile # traceable-policy-config-service-api/gradle.lockfile # traceable-policy-config-service-impl/gradle.lockfile # traceable-span-processing-config-service-api/gradle.lockfile # traceable-span-processing-config-service-impl/gradle.lockfile # user-attribution-config-service-api/gradle.lockfile # user-attribution-config-service-impl/gradle.lockfile # vulnerability-config-service-api/gradle.lockfile # vulnerability-config-service-impl/gradle.lockfile # waf-provider-integration-service-api/gradle.lockfile # waf-provider-integration-service-impl/gradle.lockfile
| return this.buildValueFromData(data); | ||
| } | ||
|
|
||
| protected Optional<Value> getDefaultPreviousValue(RequestContext requestContext, T data) { |
Contributor
There was a problem hiding this comment.
what does "default previous value" mean?
TriggerRao
force-pushed
the
default-configs-custom-policies
branch
from
acf31d4 to
592e12a
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Please include a summary of the change, motivation and context.
Testing
Please describe the tests that you ran to verify your changes. Please summarize what did you test and what needs to be tested e.g. deployed and tested helm chart locally.
Checklist:
Documentation
Make sure that you have documented corresponding changes in this repository or hypertrace docs repo if required.