Closed ups1decyber closed 5 months ago
Hi! Good catch, thanks for that finding: negated filters introduced some inconsistencies in matching logic.
I've tried to rethink the matches_filters
logic to match the expected semantics and have come with this PR: https://github.com/CERT-Polska/karton/pull/247 I also included your test cases.
Hi,
I think there is a problem with this line in the Task's
matches_filters
function: https://github.com/CERT-Polska/karton/blob/master/karton/core/task.py#L238I think the idea behind this line is that filters such as
don't make the Task's
matches_filters
function match for any arbitrary value ofplatform
.But I think this is a problem. Let's look at these example filters:
For the following three tasks, I would expect that the first one matches, the second one does not, and the third one does. But the first one does not:
The problem is that the match of
platform: win32
causes the referenced line to returnFalse
regardless of other filters.But I think the core problem here is that the current task header matching does not allow for exclusion of multiple values for a specified field using a single filter. If this is addressed, then there would be no need for the return statement in line 238. This could be one of the issues with header matching that could be addressed by #245.
Please consider adding the following test case to tests/test_task_filters.py: