From aefd7d4e4a1d78bb5ef8af0584caf5c420e5bd55 Mon Sep 17 00:00:00 2001
From: Maxime Gervais <gervais.maxime@gmail.com>
Date: Sun, 29 Jun 2025 17:04:59 +0200
Subject: [PATCH] Add 'contains' and 'must not contain' operators

Signed-off-by: Maxime Gervais <gervais.maxime@gmail.com>
---
 Source/Checker/Checker.cpp                             | 10 +++++++++-
 Source/Common/generated/PolicyTransformXml.h           | 10 +++++++---
 Source/Resource/html/xslPolicy.html                    |  2 ++
 .../policyset2policytransform2policyresult.xsl         |  8 +++++---
 4 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/Source/Checker/Checker.cpp b/Source/Checker/Checker.cpp
index 722c23f8..e82ebb16 100644
--- a/Source/Checker/Checker.cpp
+++ b/Source/Checker/Checker.cpp
@@ -320,6 +320,14 @@ bool  PolicyChecker::RuleElement::compare(const std::string& v1, const std::stri
     {
         to_return = v2.rfind(v1, 0) != 0;
     }
+    else if (operand=="contains")
+    {
+        to_return = v2.find(v1) != std::string::npos;
+    }
+    else if (operand=="must not contain")
+    {
+        to_return = v2.find(v1) == std::string::npos;
+    }
     else if (operand == "<")
     {
         if (!strlen(val_end) && !strlen(ref_end))
@@ -399,7 +407,7 @@ void PolicyChecker::RuleElement::resolve()
         else // keep old behavior for legacy "*" value
             pass=values.empty();
     }
-    else if (operand=="starts with" || operand=="must not start with" || operand=="<" || operand=="<=" || operand=="="  || operand=="!=" || operand==">=" || operand==">")
+    else if (operand=="starts with" || operand=="must not start with" || operand=="contains" || operand=="must not contain" || operand=="<" || operand=="<=" || operand=="="  || operand=="!=" || operand==">=" || operand==">")
     {
         std::vector<bool> results;
 
diff --git a/Source/Common/generated/PolicyTransformXml.h b/Source/Common/generated/PolicyTransformXml.h
index b06be17c..de92cf9e 100644
--- a/Source/Common/generated/PolicyTransformXml.h
+++ b/Source/Common/generated/PolicyTransformXml.h
@@ -234,7 +234,7 @@ const char policy_transform_xml[] = {
 ,'\x0a'
 ,'\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x3c','\x2f','\x61','\x6c','\x69','\x61','\x73','\x78','\x73','\x6c','\x3a','\x69','\x66','\x3e','\x0d'
 ,'\x0a'
-,'\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x3c','\x61','\x6c','\x69','\x61','\x73','\x78','\x73','\x6c','\x3a','\x69','\x66','\x20','\x74','\x65','\x73','\x74','\x3d','\x22','\x24','\x70','\x6f','\x6c','\x69','\x63','\x79','\x5f','\x76','\x65','\x72','\x62','\x6f','\x73','\x69','\x74','\x79','\x3e','\x30','\x20','\x6f','\x72','\x20','\x24','\x6f','\x75','\x74','\x63','\x6f','\x6d','\x65','\x21','\x3d','\x27','\x70','\x61','\x73','\x73','\x27','\x20','\x6f','\x72','\x20','\x73','\x74','\x72','\x69','\x6e','\x67','\x2d','\x6c','\x65','\x6e','\x67','\x74','\x68','\x28','\x24','\x63','\x6f','\x6d','\x70','\x61','\x72','\x65','\x64','\x5f','\x74','\x6f','\x29','\x3e','\x30','\x20','\x6f','\x72','\x20','\x24','\x6f','\x70','\x65','\x72','\x61','\x74','\x6f','\x72','\x3d','\x27','\x73','\x74','\x61','\x72','\x74','\x73','\x20','\x77','\x69','\x74','\x68','\x27','\x20','\x6f','\x72','\x20','\x24','\x6f','\x70','\x65','\x72','\x61','\x74','\x6f','\x72','\x3d','\x27','\x6d','\x75','\x73','\x74','\x20','\x6e','\x6f','\x74','\x20','\x73','\x74','\x61','\x72','\x74','\x20','\x77','\x69','\x74','\x68','\x27','\x22','\x3e','\x0d'
+,'\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x3c','\x61','\x6c','\x69','\x61','\x73','\x78','\x73','\x6c','\x3a','\x69','\x66','\x20','\x74','\x65','\x73','\x74','\x3d','\x22','\x24','\x70','\x6f','\x6c','\x69','\x63','\x79','\x5f','\x76','\x65','\x72','\x62','\x6f','\x73','\x69','\x74','\x79','\x3e','\x30','\x20','\x6f','\x72','\x20','\x24','\x6f','\x75','\x74','\x63','\x6f','\x6d','\x65','\x21','\x3d','\x27','\x70','\x61','\x73','\x73','\x27','\x20','\x6f','\x72','\x20','\x73','\x74','\x72','\x69','\x6e','\x67','\x2d','\x6c','\x65','\x6e','\x67','\x74','\x68','\x28','\x24','\x63','\x6f','\x6d','\x70','\x61','\x72','\x65','\x64','\x5f','\x74','\x6f','\x29','\x3e','\x30','\x20','\x6f','\x72','\x20','\x24','\x6f','\x70','\x65','\x72','\x61','\x74','\x6f','\x72','\x3d','\x27','\x73','\x74','\x61','\x72','\x74','\x73','\x20','\x77','\x69','\x74','\x68','\x27','\x20','\x6f','\x72','\x20','\x24','\x6f','\x70','\x65','\x72','\x61','\x74','\x6f','\x72','\x3d','\x27','\x6d','\x75','\x73','\x74','\x20','\x6e','\x6f','\x74','\x20','\x73','\x74','\x61','\x72','\x74','\x20','\x77','\x69','\x74','\x68','\x27','\x20','\x6f','\x72','\x20','\x24','\x6f','\x70','\x65','\x72','\x61','\x74','\x6f','\x72','\x3d','\x27','\x63','\x6f','\x6e','\x74','\x61','\x69','\x6e','\x73','\x27','\x20','\x6f','\x72','\x20','\x24','\x6f','\x70','\x65','\x72','\x61','\x74','\x6f','\x72','\x3d','\x27','\x6d','\x75','\x73','\x74','\x20','\x6e','\x6f','\x74','\x20','\x63','\x6f','\x6e','\x74','\x61','\x69','\x6e','\x27','\x22','\x3e','\x0d'
 ,'\x0a'
 ,'\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x3c','\x61','\x6c','\x69','\x61','\x73','\x78','\x73','\x6c','\x3a','\x69','\x66','\x20','\x74','\x65','\x73','\x74','\x3d','\x22','\x24','\x72','\x65','\x71','\x75','\x65','\x73','\x74','\x65','\x64','\x22','\x3e','\x0d'
 ,'\x0a'
@@ -610,6 +610,10 @@ const char policy_transform_xml[] = {
 ,'\x0a'
 ,'\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x3c','\x78','\x73','\x6c','\x3a','\x77','\x68','\x65','\x6e','\x20','\x74','\x65','\x73','\x74','\x3d','\x22','\x40','\x6f','\x70','\x65','\x72','\x61','\x74','\x6f','\x72','\x3d','\x27','\x6d','\x75','\x73','\x74','\x20','\x6e','\x6f','\x74','\x20','\x73','\x74','\x61','\x72','\x74','\x20','\x77','\x69','\x74','\x68','\x27','\x22','\x3e','\x6e','\x6f','\x74','\x28','\x73','\x74','\x61','\x72','\x74','\x73','\x2d','\x77','\x69','\x74','\x68','\x28','\x3c','\x2f','\x78','\x73','\x6c','\x3a','\x77','\x68','\x65','\x6e','\x3e','\x0d'
 ,'\x0a'
+,'\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x3c','\x78','\x73','\x6c','\x3a','\x77','\x68','\x65','\x6e','\x20','\x74','\x65','\x73','\x74','\x3d','\x22','\x40','\x6f','\x70','\x65','\x72','\x61','\x74','\x6f','\x72','\x3d','\x27','\x63','\x6f','\x6e','\x74','\x61','\x69','\x6e','\x73','\x27','\x22','\x3e','\x63','\x6f','\x6e','\x74','\x61','\x69','\x6e','\x73','\x28','\x3c','\x2f','\x78','\x73','\x6c','\x3a','\x77','\x68','\x65','\x6e','\x3e','\x0d'
+,'\x0a'
+,'\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x3c','\x78','\x73','\x6c','\x3a','\x77','\x68','\x65','\x6e','\x20','\x74','\x65','\x73','\x74','\x3d','\x22','\x40','\x6f','\x70','\x65','\x72','\x61','\x74','\x6f','\x72','\x3d','\x27','\x6d','\x75','\x73','\x74','\x20','\x6e','\x6f','\x74','\x20','\x63','\x6f','\x6e','\x74','\x61','\x69','\x6e','\x27','\x22','\x3e','\x6e','\x6f','\x74','\x28','\x63','\x6f','\x6e','\x74','\x61','\x69','\x6e','\x73','\x28','\x3c','\x2f','\x78','\x73','\x6c','\x3a','\x77','\x68','\x65','\x6e','\x3e','\x0d'
+,'\x0a'
 ,'\x20','\x20','\x20','\x20','\x20','\x20','\x3c','\x2f','\x78','\x73','\x6c','\x3a','\x63','\x68','\x6f','\x6f','\x73','\x65','\x3e','\x0d'
 ,'\x0a'
 ,'\x20','\x20','\x20','\x20','\x20','\x20','\x3c','\x78','\x73','\x6c','\x3a','\x76','\x61','\x6c','\x75','\x65','\x2d','\x6f','\x66','\x20','\x73','\x65','\x6c','\x65','\x63','\x74','\x3d','\x22','\x24','\x65','\x71','\x75','\x61','\x74','\x69','\x6f','\x6e','\x62','\x61','\x73','\x65','\x22','\x2f','\x3e','\x0d'
@@ -620,7 +624,7 @@ const char policy_transform_xml[] = {
 ,'\x0a'
 ,'\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x3c','\x78','\x73','\x6c','\x3a','\x77','\x68','\x65','\x6e','\x20','\x74','\x65','\x73','\x74','\x3d','\x22','\x40','\x6f','\x70','\x65','\x72','\x61','\x74','\x6f','\x72','\x3d','\x27','\x6d','\x75','\x73','\x74','\x20','\x6e','\x6f','\x74','\x20','\x65','\x78','\x69','\x73','\x74','\x27','\x22','\x3e','\x29','\x3c','\x2f','\x78','\x73','\x6c','\x3a','\x77','\x68','\x65','\x6e','\x3e','\x0d'
 ,'\x0a'
-,'\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x3c','\x78','\x73','\x6c','\x3a','\x77','\x68','\x65','\x6e','\x20','\x74','\x65','\x73','\x74','\x3d','\x22','\x40','\x6f','\x70','\x65','\x72','\x61','\x74','\x6f','\x72','\x3d','\x27','\x73','\x74','\x61','\x72','\x74','\x73','\x20','\x77','\x69','\x74','\x68','\x27','\x20','\x6f','\x72','\x20','\x40','\x6f','\x70','\x65','\x72','\x61','\x74','\x6f','\x72','\x3d','\x27','\x6d','\x75','\x73','\x74','\x20','\x6e','\x6f','\x74','\x20','\x73','\x74','\x61','\x72','\x74','\x20','\x77','\x69','\x74','\x68','\x27','\x22','\x3e','\x0d'
+,'\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x3c','\x78','\x73','\x6c','\x3a','\x77','\x68','\x65','\x6e','\x20','\x74','\x65','\x73','\x74','\x3d','\x22','\x40','\x6f','\x70','\x65','\x72','\x61','\x74','\x6f','\x72','\x3d','\x27','\x73','\x74','\x61','\x72','\x74','\x73','\x20','\x77','\x69','\x74','\x68','\x27','\x20','\x6f','\x72','\x20','\x40','\x6f','\x70','\x65','\x72','\x61','\x74','\x6f','\x72','\x3d','\x27','\x6d','\x75','\x73','\x74','\x20','\x6e','\x6f','\x74','\x20','\x73','\x74','\x61','\x72','\x74','\x20','\x77','\x69','\x74','\x68','\x27','\x20','\x6f','\x72','\x20','\x40','\x6f','\x70','\x65','\x72','\x61','\x74','\x6f','\x72','\x3d','\x27','\x63','\x6f','\x6e','\x74','\x61','\x69','\x6e','\x73','\x27','\x20','\x6f','\x72','\x20','\x40','\x6f','\x70','\x65','\x72','\x61','\x74','\x6f','\x72','\x3d','\x27','\x6d','\x75','\x73','\x74','\x20','\x6e','\x6f','\x74','\x20','\x63','\x6f','\x6e','\x74','\x61','\x69','\x6e','\x27','\x22','\x3e','\x0d'
 ,'\x0a'
 ,'\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x3c','\x78','\x73','\x6c','\x3a','\x74','\x65','\x78','\x74','\x3e','\x2c','\x27','\x3c','\x2f','\x78','\x73','\x6c','\x3a','\x74','\x65','\x78','\x74','\x3e','\x0d'
 ,'\x0a'
@@ -628,7 +632,7 @@ const char policy_transform_xml[] = {
 ,'\x0a'
 ,'\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x3c','\x78','\x73','\x6c','\x3a','\x74','\x65','\x78','\x74','\x3e','\x27','\x29','\x3c','\x2f','\x78','\x73','\x6c','\x3a','\x74','\x65','\x78','\x74','\x3e','\x0d'
 ,'\x0a'
-,'\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x3c','\x78','\x73','\x6c','\x3a','\x69','\x66','\x20','\x74','\x65','\x73','\x74','\x3d','\x22','\x40','\x6f','\x70','\x65','\x72','\x61','\x74','\x6f','\x72','\x3d','\x27','\x6d','\x75','\x73','\x74','\x20','\x6e','\x6f','\x74','\x20','\x73','\x74','\x61','\x72','\x74','\x20','\x77','\x69','\x74','\x68','\x27','\x22','\x3e','\x29','\x3c','\x2f','\x78','\x73','\x6c','\x3a','\x69','\x66','\x3e','\x0d'
+,'\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x3c','\x78','\x73','\x6c','\x3a','\x69','\x66','\x20','\x74','\x65','\x73','\x74','\x3d','\x22','\x40','\x6f','\x70','\x65','\x72','\x61','\x74','\x6f','\x72','\x3d','\x27','\x6d','\x75','\x73','\x74','\x20','\x6e','\x6f','\x74','\x20','\x73','\x74','\x61','\x72','\x74','\x20','\x77','\x69','\x74','\x68','\x27','\x20','\x6f','\x72','\x20','\x40','\x6f','\x70','\x65','\x72','\x61','\x74','\x6f','\x72','\x3d','\x27','\x6d','\x75','\x73','\x74','\x20','\x6e','\x6f','\x74','\x20','\x63','\x6f','\x6e','\x74','\x61','\x69','\x6e','\x27','\x22','\x3e','\x29','\x3c','\x2f','\x78','\x73','\x6c','\x3a','\x69','\x66','\x3e','\x0d'
 ,'\x0a'
 ,'\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x20','\x3c','\x2f','\x78','\x73','\x6c','\x3a','\x77','\x68','\x65','\x6e','\x3e','\x0d'
 ,'\x0a'
diff --git a/Source/Resource/html/xslPolicy.html b/Source/Resource/html/xslPolicy.html
index 908b07f1..6c938be3 100644
--- a/Source/Resource/html/xslPolicy.html
+++ b/Source/Resource/html/xslPolicy.html
@@ -208,6 +208,8 @@ <h4>Actions:</h4>
                 <option value="&gt;=">Is greater or equal than (&gt;=)</option>
                 <option value="starts with">Starts with</option>
                 <option value="must not start with">Must not start with</option>
+                <option value="contains">Contains</option>
+                <option value="must not contain">Must not contain</option>
               </select>
             </div>
             <div class="form-group">
diff --git a/Tools/Policies/policyset2policytransform2policyresult.xsl b/Tools/Policies/policyset2policytransform2policyresult.xsl
index 202bff84..a6151fc9 100644
--- a/Tools/Policies/policyset2policytransform2policyresult.xsl
+++ b/Tools/Policies/policyset2policytransform2policyresult.xsl
@@ -110,7 +110,7 @@
               <aliasxsl:value-of select="$level"/>
             </aliasxsl:attribute>
           </aliasxsl:if>
-          <aliasxsl:if test="$policy_verbosity>0 or $outcome!='pass' or string-length($compared_to)>0 or $operator='starts with' or $operator='must not start with'">
+          <aliasxsl:if test="$policy_verbosity>0 or $outcome!='pass' or string-length($compared_to)>0 or $operator='starts with' or $operator='must not start with' or $operator='contains' or $operator='must not contain'">
             <aliasxsl:if test="$requested">
               <aliasxsl:attribute name="requested">
                 <aliasxsl:value-of select="$requested"/>
@@ -298,16 +298,18 @@
         <xsl:when test="@operator='must not exist'">not(</xsl:when>
         <xsl:when test="@operator='starts with'">starts-with(</xsl:when>
         <xsl:when test="@operator='must not start with'">not(starts-with(</xsl:when>
+        <xsl:when test="@operator='contains'">contains(</xsl:when>
+        <xsl:when test="@operator='must not contain'">not(contains(</xsl:when>
       </xsl:choose>
       <xsl:value-of select="$equationbase"/>
       <xsl:choose>
         <xsl:when test="not(@operator) or @operator='exists'"></xsl:when>
         <xsl:when test="@operator='must not exist'">)</xsl:when>
-        <xsl:when test="@operator='starts with' or @operator='must not start with'">
+        <xsl:when test="@operator='starts with' or @operator='must not start with' or @operator='contains' or @operator='must not contain'">
           <xsl:text>,'</xsl:text>
           <xsl:value-of select="."/>
           <xsl:text>')</xsl:text>
-          <xsl:if test="@operator='must not start with'">)</xsl:if>
+          <xsl:if test="@operator='must not start with' or @operator='must not contain'">)</xsl:if>
         </xsl:when>
         <xsl:when test="@operator">
           <xsl:value-of select="@operator"/>