{"id":34213058,"url":"https://github.com/cel-expr/cloud-armor-rules","last_synced_at":"2026-03-11T09:01:59.834Z","repository":{"id":278120178,"uuid":"927855524","full_name":"cel-expr/cloud-armor-rules","owner":"cel-expr","description":null,"archived":false,"fork":false,"pushed_at":"2025-10-07T07:16:28.000Z","size":10540,"stargazers_count":3,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-10-07T09:27:15.582Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cel-expr.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-02-05T16:51:13.000Z","updated_at":"2025-10-07T07:16:32.000Z","dependencies_parsed_at":"2025-03-19T23:33:06.593Z","dependency_job_id":null,"html_url":"https://github.com/cel-expr/cloud-armor-rules","commit_stats":null,"previous_names":["cel-expr/cloud-armor-rules"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/cel-expr/cloud-armor-rules","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cel-expr%2Fcloud-armor-rules","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cel-expr%2Fcloud-armor-rules/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cel-expr%2Fcloud-armor-rules/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cel-expr%2Fcloud-armor-rules/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cel-expr","download_url":"https://codeload.github.com/cel-expr/cloud-armor-rules/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cel-expr%2Fcloud-armor-rules/sbom","scorecard":{"id":1238606,"data":{"date":"2025-02-18T04:32:31Z","repo":{"name":"github.com/cel-expr/cloud-armor-rules","commit":"67387c60cc66e8d5ce1fa4c50ffa770b6ed43f92"},"scorecard":{"version":"v4.13.1","commit":"49c0eed3a423f00c872b5c3c9f1bbca9e8aae799"},"score":4.8,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#binary-artifacts"}},{"name":"Branch-Protection","score":6,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'force pushes' disabled on branch 'main'","Info: 'allow deletion' disabled on branch 'main'","Info: 'last push approval' enabled on branch 'main'","Warn: no status checks found to merge onto branch 'main'","Warn: number of required reviewers is only 1 on branch 'main'","Info: stale review dismissal enabled on branch 'main'","Warn: settings do not apply to administrators on branch 'main'","Info: codeowner review is required on branch 'main'","Warn: codeowners branch protection is being ignored - but no codeowners file found in repo"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#branch-protection"}},{"name":"CI-Tests","score":-1,"reason":"no pull request found","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#ci-tests"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#cii-best-practices"}},{"name":"Code-Review","score":0,"reason":"found 4 unreviewed changesets out of 4 -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#code-review"}},{"name":"Contributors","score":0,"reason":"0 different organizations found -- score normalized to 0","details":["Warn: no contributors have an org or company"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#contributors"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#dangerous-workflow"}},{"name":"Dependency-Update-Tool","score":0,"reason":"no update tool detected","details":["Warn: tool 'RenovateBot' is not used: Follow the instructions from https://docs.renovatebot.com/configuration-options/. (Low effort)","Warn: tool 'Dependabot' is not used: Follow the instructions from https://docs.github.com/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates. (Low effort)","Warn: tool 'PyUp' is not used: Follow the instructions from https://docs.pyup.io/docs. (Low effort)","Warn: tool 'Sonatype Lift' is not used: Follow the instructions from https://help.sonatype.com/lift/getting-started. (Low effort)"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#dependency-update-tool"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no OSSFuzz integration found: Follow the steps in https://github.com/google/oss-fuzz to integrate fuzzing for your project.\nOver time, try to add fuzzing for more functionalities of your project. (High effort)","Warn: no OneFuzz integration found: Follow the steps in https://github.com/microsoft/onefuzz to start fuzzing for your project.\nOver time, try to add fuzzing for more functionalities of your project. (High effort)","Warn: no GoBuiltInFuzzer integration found: Follow the steps in https://go.dev/doc/fuzz/ to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)","Warn: no PythonAtherisFuzzer integration found: Follow the steps in https://github.com/google/atheris to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)","Warn: no CLibFuzzer integration found: Follow the steps in https://llvm.org/docs/LibFuzzer.html to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)","Warn: no CppLibFuzzer integration found: Follow the steps in https://llvm.org/docs/LibFuzzer.html to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)","Warn: no SwiftLibFuzzer integration found: Follow the steps in https://google.github.io/oss-fuzz/getting-started/new-project-guide/swift-lang/ to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)","Warn: no RustCargoFuzzer integration found: Follow the steps in https://rust-fuzz.github.io/book/cargo-fuzz.html to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)","Warn: no JavaJazzerFuzzer integration found: Follow the steps in https://github.com/CodeIntelligenceTesting/jazzer to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)","Warn: no ClusterFuzzLite integration found: Follow the steps in https://github.com/google/clusterfuzzlite to integrate fuzzing as part of CI.\nOver time, try to add fuzzing for more functionalities of your project. (High effort)","Warn: no HaskellPropertyBasedTesting integration found: Use one of the following frameworks to fuzz your project:\nQuickCheck: https://hackage.haskell.org/package/QuickCheck\nhedgehog: https://hedgehog.qa/\nvalidity: https://github.com/NorfairKing/validity\nsmallcheck: https://hackage.haskell.org/package/smallcheck\nhspec: https://hspec.github.io/\ntasty: https://hackage.haskell.org/package/tasty (High effort)","Warn: no TypeScriptPropertyBasedTesting integration found: Use fast-check: https://github.com/dubzzz/fast-check (High effort)","Warn: no JavaScriptPropertyBasedTesting integration found: Use fast-check: https://github.com/dubzzz/fast-check (High effort)"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: License file found in expected location: LICENSE:1","Info: FSF or OSI recognized license: LICENSE:1"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#license"}},{"name":"Maintained","score":0,"reason":"repo was created 12 days ago, not enough maintenance history","details":["Warn: repo was created in the last 90 days (Created at: 2025-02-05T16:51:13Z), please review its contents carefully"],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"no published package detected","details":["Warn: no GitHub/GitLab publishing workflow detected"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":8,"reason":"dependency not pinned by hash detected -- score normalized to 8","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/scorecard.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/cel-expr/cloud-armor-rules/scorecard.yml/main?enable=pin","Info:   2 out of   3 GitHub-owned GitHubAction dependencies pinned","Info:   1 out of   1 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch","Warn: CodeQL tool not detected"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#sast"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected: On GitHub:\nEnable private vulnerability disclosure in your repository settings https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository\nAdd a section in your SECURITY.md indicating you have enabled private reporting, and tell them to follow the steps in https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability to report vulnerabilities.\nOn GitLab:\nAdd a section in your SECURITY.md indicating the process to disclose vulnerabilities for your project.\nExamples: https://github.com/ossf/scorecard/blob/main/SECURITY.md, https://github.com/slsa-framework/slsa-github-generator/blob/main/SECURITY.md, https://github.com/sigstore/.github/blob/main/SECURITY.md.\nFor additional information on vulnerability disclosure, see https://github.com/ossf/oss-vulnerability-guide/blob/main/maintainer-guide.md. (Medium effort)","Warn: no security file to analyze: On GitHub:\nEnable private vulnerability disclosure in your repository settings https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository\nAdd a section in your SECURITY.md indicating you have enabled private reporting, and tell them to follow the steps in https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability to report vulnerabilities.\nOn GitLab:\nProvide a point of contact in your SECURITY.md.\nExamples: https://github.com/ossf/scorecard/blob/main/SECURITY.md, https://github.com/slsa-framework/slsa-github-generator/blob/main/SECURITY.md, https://github.com/sigstore/.github/blob/main/SECURITY.md. (Low effort)","Warn: no security file to analyze: On GitHub:\nEnable private vulnerability disclosure in your repository settings https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository\nAdd a section in your SECURITY.md indicating you have enabled private reporting, and tell them to follow the steps in https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability to report vulnerabilities.\nOn GitLab:\nAdd a section in your SECURITY.md indicating the process to disclose vulnerabilities for your project.\nExamples: https://github.com/ossf/scorecard/blob/main/SECURITY.md, https://github.com/slsa-framework/slsa-github-generator/blob/main/SECURITY.md, https://github.com/sigstore/.github/blob/main/SECURITY.md. (Low effort)","Warn: no security file to analyze: On GitHub:\nEnable private vulnerability disclosure in your repository settings https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository\nAdd a section in your SECURITY.md indicating you have enabled private reporting, and tell them to follow the steps in https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability to report vulnerabilities.\nOn GitLab:\nAdd a section in your SECURITY.md indicating the process to disclose vulnerabilities for your project.\nExamples: https://github.com/ossf/scorecard/blob/main/SECURITY.md, https://github.com/slsa-framework/slsa-github-generator/blob/main/SECURITY.md, https://github.com/sigstore/.github/blob/main/SECURITY.md. (Low effort)"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#security-policy"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":["Warn: no GitHub releases found"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#signed-releases"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:18","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#token-permissions"}},{"name":"Vulnerabilities","score":10,"reason":"no vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-10-07T09:27:23.672Z","repository_id":278120178,"created_at":"2025-10-07T09:27:23.672Z","updated_at":"2025-10-07T09:27:23.672Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30376768,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-11T06:09:32.197Z","status":"ssl_error","status_checked_at":"2026-03-11T06:09:17.086Z","response_time":84,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-12-15T21:34:27.072Z","updated_at":"2026-03-11T09:01:59.827Z","avatar_url":"https://github.com/cel-expr.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Cloud Armor Rules CLI\n\nCloud Armor Rules supports [Common Expression Language (CEL)](https://cel.dev)\nexpressions to configure its behavior. The CLI provides support for command-\nline compilation and testing of Cloud Armor expressions in a manner which is\nconsistent with how the service will evaluate these rules.\n\n## Getting Started\n\nFirst, build the CLI:\n\n```\ngo build -o rulescli github.com/cel-expr/cloud-armor-rules/cmd \u0026\u0026 chmod 0755 rulescli\n```\n\nThis will produce a `rulescli` binary in the current directory which can be\nexecuted using `./rulescli` to provide a basic usage message.\n\n## Usage\n\nThe CLI provides four modes `-expr`, `-file`, `-test` and `-textproto`.\n\n\n\n### expr\n\nThe `-expr=\u003cexpr\u003e` flag indicates that the expression provided following the\nflag will be compiled and output into a textproto format. The `-output_format`\nflag can be used with the `-expr` flag to produce either a textproto or binary\nprotocol buffer (binarypb) file as well.\n\nHere's a simple example:\n\n```\nrulescli -expr=\"request.method == 'GET'\"\n```\n\nIf no flag is specified, the default behavior is equivalent to using -expr:\n\n```\nrulescli \"request.method == 'GET'\"\n```\n\nIf used with output_format as textproto:\n\n```\nrulescli \"request.method == 'GET'\" -output_format=textproto\n```\n\nWill produce the following `dev.cel.expr.CheckedExpr` output:\n\n```\n# proto-file: github.com/google/cel-spec/proto/cel/expr/checked.proto\n# proto-message: dev.cel.expr.CheckedExpr\n\nreference_map:  {\n  key:  2\n  value:  {\n    name:  \"request.method\"\n  }\n}\nreference_map:  {\n  key:  3\n  value:  {\n    overload_id:  \"equals_string\"\n  }\n}\ntype_map:  {\n  key:  2\n  value:  {\n    primitive:  STRING\n  }\n}\ntype_map:  {\n  key:  3\n  value:  {\n    primitive:  BOOL\n  }\n}\ntype_map:  {\n  key:  4\n  value:  {\n    primitive:  STRING\n  }\n}\nsource_info:  {\n  location:  \"\u003cinput\u003e\"\n  line_offsets:  24\n  positions:  {\n    key:  1\n    value:  0\n  }\n  positions:  {\n    key:  2\n    value:  7\n  }\n  positions:  {\n    key:  3\n    value:  15\n  }\n  positions:  {\n    key:  4\n    value:  18\n  }\n}\nexpr:  {\n  id:  3\n  call_expr:  {\n    function:  \"_==_\"\n    args:  {\n      id:  2\n      ident_expr:  {\n        name:  \"request.method\"\n      }\n    }\n    args:  {\n      id:  4\n      const_expr:  {\n        string_value:  \"GET\"\n      }\n    }\n  }\n}\n```\n\nTo produce a binary protocol buffer, use the following option:\n\n```\nrulescli -expr=\"request.method == 'GET'\" -output_format=binarypb\n```\n\nAn invalid expression will produce a list of issues to be resolved from the\ninput:\n\n```\n\u003e rulescli -expr \"request.metho == 'GET'\"\nfailed to compile expression: ERROR: \u003cinput\u003e:1:1: undeclared reference to 'request' (in container '')\n | request.metho == 'GET'\n | ^\n```\n\nBy default, these expressions would be able to test the currently exposed\nCloud armor attributes.\nTo test the next versions of attributes, like request.params and request.body,\nset the version of the expressions to VNext as follow:\n\n```\nrulescli -expr=\"request.method == 'GET'\" -version VNext\n```\n\n### file\n\nThe `-file=\u003cfilename\u003e` flag indicates that the expressions contained in the\nprovided file will be compiled.\n\nHere's a simple example:\n\n```\nrulescli -file=\"fileExpr.txt\"\n```\n\nExpressions in the file should be separated by the delimiter ';' and could\nextend to multiline expressions.\n\nContents for file fileExpr.txt:\n\n```\nrequest.method == \"POST\";\nrequest.query.contains('XyZ') \u0026\u0026\nrequest.path.startsWith('path');\nrequest.path1.startsWith('path1') || request.method == \"GET\";\n```\n\nExpected output:\n\n```\nfailed to compile expression: ERROR: \u003cinput\u003e:1:1: undeclared reference to 'request' (in container '')\n | request.path1.startsWith('path1') || request.method == \"GET\"\n | ^\nError processing file: failed to compile expression: request.path1.startsWith('path1') || request.method == \"GET\"\n```\n\nWhereas, additional information could be fetched using -verbose flag as follow:\n\n```\nrulescli -file=\"test/fileExpr.txt\" -verbose\n```\n\nExpected Output:\n\n```\nReading file: fileExpr.txt\n\nProcessing expr at index:  0 , line:  1  expr:  request.method == \"POST\"\nSuccessfully compiled expression: request.method == \"POST\"\n\nProcessing expr at index:  1 , line:  3  expr:  request.query.contains('XyZ') \u0026\u0026\nrequest.path.startsWith('path')\nSuccessfully compiled expression: request.query.contains('XyZ') \u0026\u0026\nrequest.path.startsWith('path')\n\nProcessing expr at index:  2 , line:  4  expr:  request.path1.startsWith('path1') || request.method == \"GET\"\nfailed to compile expression: ERROR: \u003cinput\u003e:1:1: undeclared reference to 'request' (in container '')\n | request.path1.startsWith('path1') || request.method == \"GET\"\n | ^\nError processing file: failed to compile expression: request.path1.startsWith('path1') || request.method == \"GET\"\n```\n\nwhereas, for the following contents for file fileExpr.txt:\n\n```\nrequest.method == \"POST\" \u0026\u0026\nrequest.query.contains('XyZ');\nrequest.path.startsWith('path');;\n\nrequest.path.startsWith('path1') || request.path.startsWith('path2');\nrequest.scheme == 'http'; request.scheme == 'https';\nrequest.headers['User-Agent'].contains('Chrome');\n\nrequest.scheme == 'http' \u0026\u0026 request.method == 'GET' ||\nrequest.path.startsWith('/path');\n```\n\nexpected output:\n\n```\nSuccessfully compiled expression: request.method == \"POST\" \u0026\u0026\nrequest.query.contains('XyZ')\nSuccessfully compiled expression: request.path.startsWith('path')\nSuccessfully compiled expression: request.path.startsWith('path1') || request.path.startsWith('path2')\nSuccessfully compiled expression: request.scheme == 'http'\nSuccessfully compiled expression: request.scheme == 'https'\nSuccessfully compiled expression: request.headers['User-Agent'].contains('Chrome')\nSuccessfully compiled expression: request.scheme == 'http' \u0026\u0026 request.method == 'GET' ||\nrequest.path.startsWith('/path')\n```\n\nTo print the AST expressions of CEL expressions from a file as textproto:\n\n```\nrulescli -file=\"test/fileExpr.txt\" -output_format=textproto\n```\n\nBy default, file flag would allow to test the currently exposed\nCloud armor attributes.\nTo test the next versions of attributes, like request.params and request.body,\nset the version of the expressions to VNext as follow:\n\n```\nrulescli -file=\"test/fileExpr.txt\" -version VNext\n```\n\n### Test\n\nThe `-test` flag may be used to provide a file path to a test suite written as\nYAML which indicates a test `expr` value and a set of test cases whose format\nis indicated below:\n\n```yaml\nname: \"Test Suite Name\"\nexpr: \u003e\n  \u003cmultiline-cel-expression\u003e\ntests:\n  - name: \"\u003ccase-name\u003e\"\n    expect: \u003ctrue|false\u003e\n    error: 'error substring'\n    when: \u003cvariables\u003e\n```\n\nThe `tests` value is a list of `TestCase` objects which have only one of the\n`expect` or `error` values set. A test which omits both of these fields will\nimplicitly expect an evaluation of `false`; however, it is best to explicitly\nset the test expectation.\n\n#### Variables\n\nThe `when: \u003cvariables\u003e` field expects to receive a map of values whose structure\nreflects the\n[documented attributes](https://cloud.google.com/armor/docs/rules-language-reference#attributes)\nin Cloud Armor. In Cloud Armor and in CEL, these attributes are flat, meaning\nthey do not reflect an object hierarchy and instead are treated as namespaced\nvalues. In other words `request.method` is a type `string` field, but the\nvariable `request` is not defined. For convenience, the YAML supports a\nstructured object as input for the sake of simplicity and reducing repetition\nof test code.\n\n#### New Attributes (Proposed for NextVersion)\n\n1.  request.body Represents the entire POST Body as string. e.g. Expression:\n    request.body.contains('bad_data')\n2.  request.params It represents the query_parameters from URL in GET requests\n    as well as key-value parameters from POST Body.\n\n    ```\n    e.g. for request curl \"https://www.example.com/nonauth/random1.cs?dest=/somepath\"\n    ```\n\n    expression would be:\n\n    ```\n    has(request.params.dest) or has(request.params['dest'])\n    ```\n\n    Similarly, it also supports accessing the nested keys as below:\n\n    ```\n    request.params.keys.key1 or request.params['keys']['key1']\n    ```\n\n#### Execution\n\nAn end-to-end example of the file content might look as follows:\n\n```yaml\nname: http-tests\nexpr: \u003e\n  request.method == 'GET'\ntests:\n  - name: 'request-method-matches'\n    expect: true\n    when:\n      request:\n      method: GET\n```\n\nWhen you are ready to run your tests, provide a fully qualified file name or\nreferring to the\n\n```\n./rulescli -test $(pwd)'test/http-tests.yaml'\n```\n\n### Textproto\n\nThe `-textproto=\u003cfilename\u003e` flag is used to validate a file containing a `VendorRulesetCollection` in the text protobuf format. The tool attempts to parse the file and will report any syntactical errors it finds. This is useful for checking the validity of a ruleset collection before it is used.\n\n**Example Usage:**\n\nAssuming you have a file named `my_ruleset.textproto` with content in the `VendorRulesetCollection` format:\n\n```textproto\n# A sample VendorRulesetCollection\nuuid: \"123e4567-e89b-12d3-a456-426614174000\"\nruleset_metadata: {\n  owner: \"Imperva\"\n  description: \"Initial set of rules.\"\n}\nrule_sets: {\n  name: \"sqli-rules\"\n  category: \"sqli\"\n  rules: {\n    id: \"191190\"\n    cel_expression: \"request.headers['user-agent'].contains('sqlmap')\"\n  }\n}\n```\n\nYou can validate this file by running the following command. If the file is valid, the command will exit successfully. If there are syntactical errors, it will print them to the console.\n\n```sh\n./rulescli -textproto=\"my_ruleset.textproto\"\n```\n\nDisclaimer: This is not an official Google project\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcel-expr%2Fcloud-armor-rules","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcel-expr%2Fcloud-armor-rules","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcel-expr%2Fcloud-armor-rules/lists"}