Rule engine implementation in Golang
This release is a security fix for a RCE vulnerability in the go-git dependency.
Overview Affected versions of this package are vulnerable to Path Traversal via malicious server replies. An attacker can create and amend files across the filesystem and potentially achieve remote code execution by sending crafted responses to the client.
Notes This is only exploitable if the client is using ChrootOS, which is the default for certain functions such as PlainClone. Applications using BoundOS or in-memory filesystems are not affected by this issue.
Users loading rules from remote Git servers are encouraged to upgrade to v1.15.0 as soon as possible.
grule-rule-engine
to `github.com/hyperjumptech/grule-rule-engine'After a quite long time, I've finally manage to find some time on recontributing on Grule Rule Engine. Thank you very-very much for all contributors. The following are some collection of changes we did since the last release.
golangci-lint
, Its there but no yet integrated to the CI yet.Cheers
MatchString
as built in string function.Note on the Zap Logger :
By default, grule-rule-engine and its subpackages use the logrus logger, which is initialized in the logger subpackage.
The ability to pass a logger (zap or logrus) to subpackages that is initialized in your applications (usually in main.go) has been added.
In each subpackage antlr, ast, builder, engine, the SetLogger (externalLog interface{}) function was added. It can be passed a logger instance (zap or logrus) to be used by the subpackage.
The SetLogLevel()
function from the logger package has been changed.
Now it is not tied to logrus levels, but uses the levels defined in the logger subpackage of the current library.
MatchString
for matching a string to regular expression. fixes issue #281