From 05a9d27952fea5d1758d19a409df02c31564873b Mon Sep 17 00:00:00 2001 From: Demolus13 Date: Sun, 28 Sep 2025 19:28:52 +0530 Subject: [PATCH 1/2] feat: add --policy flag in verify-policy command for example policies Signed-off-by: Demolus13 --- src/macaron/__main__.py | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/src/macaron/__main__.py b/src/macaron/__main__.py index d1180d9bb..0b6638381 100644 --- a/src/macaron/__main__.py +++ b/src/macaron/__main__.py @@ -197,6 +197,7 @@ def verify_policy(verify_policy_args: argparse.Namespace) -> int: show_prelude(verify_policy_args.database) return os.EX_OK + policy_content = None if verify_policy_args.file: if not os.path.isfile(verify_policy_args.file): logger.critical('The policy file "%s" does not exist.', verify_policy_args.file) @@ -204,7 +205,21 @@ def verify_policy(verify_policy_args: argparse.Namespace) -> int: with open(verify_policy_args.file, encoding="utf-8") as file: policy_content = file.read() + elif verify_policy_args.policy: + policy_dir = os.path.join(macaron.MACARON_PATH, "resources/policies/datalog") + available_policies = [policy[:-3] for policy in os.listdir(policy_dir) if policy.endswith(".dl")] + if verify_policy_args.policy not in available_policies: + logger.error( + "The policy %s is not available. Available policies are: %s", + verify_policy_args.policy, + available_policies, + ) + return os.EX_USAGE + policy_path = os.path.join(policy_dir, f"{verify_policy_args.policy}.dl") + with open(policy_path, encoding="utf-8") as file: + policy_content = file.read() + if policy_content: result = run_policy_engine(verify_policy_args.database, policy_content) vsa = generate_vsa(policy_content=policy_content, policy_result=result) if vsa is not None: @@ -539,6 +554,7 @@ def main(argv: list[str] | None = None) -> None: vp_parser.add_argument("-d", "--database", required=True, type=str, help="Path to the database.") vp_group.add_argument("-f", "--file", type=str, help="Path to the Datalog policy.") + vp_group.add_argument("-p", "--policy", help="Example policy to run.") vp_group.add_argument("-s", "--show-prelude", action="store_true", help="Show policy prelude.") # Find the repo and commit of a passed PURL, or the commit of a passed PURL and repo. From d781d85ee0df8bb6cc78ef90382df5b93ee384a3 Mon Sep 17 00:00:00 2001 From: Demolus13 Date: Mon, 29 Sep 2025 21:26:08 +0530 Subject: [PATCH 2/2] feat: add policy template modification for standardization Signed-off-by: Demolus13 --- src/macaron/__main__.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/macaron/__main__.py b/src/macaron/__main__.py index 0b6638381..ee78d6acd 100644 --- a/src/macaron/__main__.py +++ b/src/macaron/__main__.py @@ -207,7 +207,7 @@ def verify_policy(verify_policy_args: argparse.Namespace) -> int: policy_content = file.read() elif verify_policy_args.policy: policy_dir = os.path.join(macaron.MACARON_PATH, "resources/policies/datalog") - available_policies = [policy[:-3] for policy in os.listdir(policy_dir) if policy.endswith(".dl")] + available_policies = [policy[:-12] for policy in os.listdir(policy_dir) if policy.endswith(".dl.template")] if verify_policy_args.policy not in available_policies: logger.error( "The policy %s is not available. Available policies are: %s", @@ -215,9 +215,11 @@ def verify_policy(verify_policy_args: argparse.Namespace) -> int: available_policies, ) return os.EX_USAGE - policy_path = os.path.join(policy_dir, f"{verify_policy_args.policy}.dl") + policy_path = os.path.join(policy_dir, f"{verify_policy_args.policy}.dl.template") with open(policy_path, encoding="utf-8") as file: policy_content = file.read() + if verify_policy_args.package_url: + policy_content = policy_content.replace("", verify_policy_args.package_url) if policy_content: result = run_policy_engine(verify_policy_args.database, policy_content) @@ -553,6 +555,7 @@ def main(argv: list[str] | None = None) -> None: vp_group = vp_parser.add_mutually_exclusive_group(required=True) vp_parser.add_argument("-d", "--database", required=True, type=str, help="Path to the database.") + vp_parser.add_argument("-purl", "--package-url", help="PackageURL for policy template.") vp_group.add_argument("-f", "--file", type=str, help="Path to the Datalog policy.") vp_group.add_argument("-p", "--policy", help="Example policy to run.") vp_group.add_argument("-s", "--show-prelude", action="store_true", help="Show policy prelude.")