-
Notifications
You must be signed in to change notification settings - Fork 57
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Not does not apply to all operators #58
Comments
A good (though not great) reason to restrict them is that the use of I agree that, as written, the spec does not prohibit Since this is an open repository, we can't change/influence the specs here; we just need to implement what is specified. |
I would disagree that we should restrict the use of Which is to say that it's not(not(not))) two different ways of doing the same thing. ;-) |
I'd say boolean logic allows multiple ways of doing the same thing. E.g. A=>B <=> !A | B, A <=> !!A <=> !!!!A, !(A|B) <=> !A & !B, etc, etc... I'd be all for allowing the full range of propositional logic expression. But let's face it, In this case, we have lots of custom operators (i.e. beyond those of propositional logic), and inserting So yeah, it's not consistent across all operators, but I guess it made more sense to me to be inconsistent. I guess we gotta be totally spec-compliant, but I do think the spec allows some weird patterns :) |
Unless I'm misunderstanding/misremembering the spec, NOT really (pun intended 😁 ). The spec doesn't allow That does raise the issue (which I thought we resolved but now can't find in the spec) of whether a object that is missing property will ever match a comparison expression using that property. Thus, given a Regardless of the answers to the above questions, I agree that the grammar needs to be updated to support what's in the spec (and the matcher updated accordingly), and if we want to discourage diabolical uses of |
While I agree that NOT != is not friendly, as is pointed out, you can do similar things in many languages, even python allows not (a == b). We do have a bit more context due to where we put the NOT though than other languages. This is correct that NOT only applies to the results of the comparison. We have not defined what NOT would result in, and is invalid. Re missing properties. I'm pretty sure we had text in the document, but I do not see it. IIRC, not present is somewhat like the empty set, so it's never be equal, but always !=. and in that case NOT = and != I would expect to return the same. It is known that we do not have a function to test the presence of a missing property. The real question is, does missingprop MATCHES '.*' return true or false? (and what happens when missingprop is present but not a string?) And we do not have this defined in the spec. I thought we had resolved this too and added text, but it is not present. |
Actually, I was thinking of the customary unary prefix As far as missing properties, the philosophy embodied in the matcher is that an object path is basically a selector of values from cyber observable objects, which will participate in the comparison. Having a non-existent property means that no values are selected, which means that no comparison can happen. There is nothing to compare. Therefore, there are no "root" cyber observable objects, and the ramifications flow from that. E.g. if that was the only comparison expression within the observation expression (e.g. within the square brackets), then it won't match the observation; the comparison operator is irrelevant (even if it was '!='). If the spec were to say the result was true when the operator was '!=' and the property was not found, it would effectively be saying there is a match without a matching cyber observable object. How do you resolve that idea against the common root cyber observable constraint? It seems contradictory. Consider a compound comparison expression:
The first evals to true, and let's say the second does too, because the prop exists with the given value. Since they're ANDed, one might think the whole thing must eval to true, and match. But what is the common root cyber observable here? The first comparison expression didn't match any. So there can't be a common cyber observable. That suggests that there can be no match. So is it a match or not? If a match, then what do you do with the common root cyber observable constraint? As far as type mismatches, 4.2.1 does state that if the types are incompatible, '!=' results in true, all other operators result in false. The matcher follows this: if the selected value isn't a string, the |
Fixed by #59 |
https://github.com/oasis-open/cti-stix2-json-schemas/blob/master/pattern_grammar/STIXPattern.g4#L45
Not should apply to = and != as well as the ordering operators.
Though their use here does not make sense, there is nothing in the spec that prevents their use. I don't see a good reason to restrict them either.
The text was updated successfully, but these errors were encountered: