Operators

Overview

An operator is a symbol that performs a specific mathematical, relational, or logical function. The Security Policy Scripting Language supports the types of operators that are listed in the following table.

Every operator has an intrinsic precedence order associated with it. The precedence order determines the evaluation order for expressions containing more than one operator. The operator with the highest precedence evaluates first. In most cases, operators of the same precedence are evaluated left to right. The following table lists the operator precedence.

Example

Following the rules of operator precedence, the statement

5 + 6 - 3 * 4 + 8 / 4

is resolved as:

Step 1: 3*4 = 12
Step 2: 8/4 = 2
Step 3: 5 + 6 - (12) + (2)
Result: 1

Modifying the operator precedence order as shown here can change the result produced in the example above.

(5 + 6 - 3) * (4 + 8) / 4

The statement is resolved as follows:

Step 1: 5 + 6 -3 = 8
Step 2: (4 + 8) = 12
Step 3: 8 * 12 / 4
Result: 24

Arithmetic operators

The Security Policy Scripting Language supports the arithmetic operators shown in the following table.

The subtraction, addition, multiplication and division operators perform arithmetic operations. The default evaluation order for arithmetic operators is:

• Multiplication, division, and modulus division, left to right
• Addition and subtraction, left to right

Example

result = 6 * 4 / 2 - 4 + 2;

result contains the integer value 10.

Prefix autoincrement

The prefix autoincrement operator (++) adds one to a variable and returns the result.

Example

a = 3;
b = ++a;

In this example, both a and b are equal to 4.

Prefix autodecrement

The prefix autodecrement operator (--) subtracts one from a variable and returns the result.

Example

a = 3;
b = --a;

In this example, both a and b are equal to 2.

Postfix autoincrement

The postfix autoincrement operator (++) returns the value of a variable and adds one to the variable.

Example

a = 3;
b = a++;

In this example, a is equal to 4 and b is equal to 3.

Postfix autodecrement

The postfix autodecrement operator (--) returns the value of a variable and subtracts one from the variable.

Example

a = 3;
b = a--;

In this example, a is equal to 2 and b is equal to 3.

Addition

The addition operator ( + ) adds two numbers.

Example

result = 5 + 3;

Subtraction

The subtraction operator ( - ) subtracts two numbers.

Example

result = 5 - 3;

Multiplication

The multiplication operator ( * ) multiplies two numbers.

Example

result = 5 * 3;

Division

The division operator ( / ) divides two numbers.

Example

result = 5 / 3;

Modulus

The modulus operator ( % ) returns the remainder of integer division.

Example

result = 5 % 3;

In this example, result contains the integer value 2. Dividing 5 by 3 yields a result of 1 and a remainder of 2. The reminder portion of the answer, in this case 2, becomes the result of the modulus division operation.

Addition self-assignment

The addition self-assignment operator (+=) adds a value to a variable and stores the result in the variable.

Example

a += 3;

In this example, 3 is added to a and the result is stored in a.

Subtraction self-assignment

The subtraction self-assignment operator (-=) subtracts a value from a variable and stores the result in the variable.

Example

a -= 4;

In this example, 4 is subtracted from a and the result is stored in a.

Multiplication self-assignment

The multiplication self-assignment operator (*=) multiplies a variable by a value and stores the result in the variable.

Example

a *= 5;

In this example, a is multiplied by 5 and the result is stored in a.

Division self-assignment

The division self-assignment operator (/=) divides a variable by a value and stores the result in the variable.

Example

a /= 6;

In this example, a is divided by 6 and the result is stored in a.

Modulus self-assignment

The modulus self-assignment operator (%=) divides a variable by a value and stores the modulus in the variable.

Example

a %= 5;

In this example, a is divided by 5 and the remainder is stored in a.

Logical operators

The Security Policy Scripting Language supports a standard set of logical operators.

AND

The AND operator ( && ) considers the relationship between two values. Both values must be true for a true result to be returned. If both values are true, an integer value of 1 (true) is returned. Otherwise, an integer value of 0 (false) is returned.

Logical expressions containing && operators are evaluated from left to right until their truth can be determined (like in the C language).

Example

if (UserOkay && Bkup) accept;

If both UserOkay and Bkup are non-zero, the current task request is accepted.

OR

The OR operator ( || ) considers the relationship between two values. At minimum, one of the two values must be true for a true result to be returned. If either the first or second value is true, an integer value of 1 (true) is returned. Otherwise, an integer value of 0 (false) is returned.

Logical expressions that contain || operators are evaluated from left to right until their truth can be determined (like in the C language).

Example

if (UserOkay || Bkup) accept;

If either UserOkay or Bkup are non-zero, the current task request is accepted.

NOT

The NOT operator ( ! ) takes the inverse of a value. If a value is false, an integer value of 1 (true) is returned. Otherwise, an integer value of 0 (false) is returned.

Example

if (!UserOkay) reject;

If UserOkay is equal to 0, the current task request is rejected.

Relational operators

The Security Policy Scripting Language supports a standard set of relational operators.

Equal To

The Equal operator ( == ) compares two values. If the first value is equal to the second value, an integer value of 1 (true) is returned. Otherwise, an integer value of 0 (false) is returned.

Example

if (UserCount == 10) reject;

If UserCount is equal to 10, the current task request is rejected.

Greater Than

The Greater Than ( > ) operator compares two values. If the first value is greater than the second value, an integer value of 1 (true) is returned. Otherwise, an integer value of 0 (false) is returned.

Example

if (UserCount > 10) reject;

If UserCount is greater than 10, the current task request is rejected.

Greater Than or Equal To

The Greater Than or Equal To ( >= ) operator compares two values. If the first value is greater than or equal to the second value, then an integer value of 1 (true) is returned. Otherwise, an integer value of 0 (false) is returned.

Example

In this example, if UserCount is greater than or equal to 10, then the current task request is rejected.

if (UserCount >= 10) reject;

Less Than

The Less Than operator ( < ) compares two values. If the first value is less than the second value, an integer value of 1 (true) is returned. Otherwise, an integer value of 0 (false) is returned.

Example

if (UserCount < 10) reject;

If UserCount is less than 10, the current task request is rejected.

Less Than or Equal To

The Less Than or Equal operator ( <= ) compares two values. If the first value is less than or equal to the second value, an integer value of 1 (true) is returned. Otherwise, an integer value of 0 (false) is returned.

Example

if (UserCount <= 10) accept;

If UserCount is less than or equal to 10, the current task request is accepted.

Not Equal To

The Not Equal To operator ( != ) compares two values. If the first value is not equal to the second value, an integer value of 1 (true) is returned. Otherwise, an integer value of 0 (false) is returned.

Example

if (UserCount != 10) reject;

If UserCount is not equal to 10, the current task request is rejected.

Special operators

The Security Policy Scripting Language supports the special operators.

Concatenation

The Concatenation operator + is used to concatenate a series of one or more strings. It should not be confused with the Addition operator used in arithmetic expressions. Although both of these operators are represented by the + symbol, the Addition operator works only on integer values.

The Concatenation operator concatenates, or appends, one item to another item. If a series of strings are concatenated, they are returned in a newly created string.

Example

FirstName = "Sandy";
LastName = "White";
UserName = FirstName + " " + LastName;

UserName would contain the character string "Sandy White".

List Index

The List Index operator [ ], also referred to as square brackets, is used to specify a list element index number. The value of a specific list element is returned.

The first element in a list always has an index number of 0, and the second list element has an index of 1, etc. The general formula for calculating an index number is index number = element number - 1.

Example

UserList = {"Adm1", "Adm2", "Adm3", "Adm4", "Adm5"};
CurrentUser = UserList[3];

CurrentUser contains the character string "Adm4".

Example

UserList[1] = "Adm10";
Userlist[1] is set to "Adm10".

List Member

This list member operator, in, searches the specified list for the given string. If the string is present in the list, the result is true (1). If the string is not present, it returns false (0). Shell-style wildcards can be used in the string argument. The syntax for using this operator is result = string in list;

Example

AdminList = {"Adm1", "Adm2", "Adm3", "root", "sys"};
runuser = (user == "sysadmin")? "root" : "sys";
test1 = "Adm1" in AdminList; # True
test2 = "sys" in AdminList; # True – matches sys in AdminList
test3 = "system" in AdminList; # False
test4 = "Adm" in AdminList; # False – only a partial match
# single character

Each string is tested to see if it is a member of a list.

Precedence

The Precedence operator ( ), also referred to as parentheses, is used to modify the default operator precedence. In other words, parenthesis characters force a specific expression evaluation order.

Example

result = (6 + 4) * 2 - 4;

result contains the integer value 16.

Example

result = 6 + 4 * 2 - 4;

The Precedence operators are removed, and the result contains the integer value 10.

Ternary conditional

The Ternary operator, represented by ?:;, is a special operator that provides a compact alternative to if statements where only an expression is required.

The Ternary operator has the syntax:

result = condition ? if-true-expression : if-false-expression;

The ternary operator works as follows:

• If condition evaluates to true, then the if-true-expression is returned.
• If condition evaluates to false, then the if-false-expression is returned.

The Ternary operator can be used as an alternative to simple if statements. The condition corresponds to the if condition. The if-true-expression corresponds to the assignment in the true part of the if statement, and the if-false-expression corresponds to the else part of the if statement.

Example

runuser = (user == "sysadmin") ? "root" : "sys";

If user is equal to sysadmin, then root is returned. Otherwise, sys is returned.

Another way to accomplish the same thing would be to use the following if statement:

if (user == "sysadmin")
runuser = "root";
else
runuser = "sys";

Comma

The Comma operator (,) causes expressions to be evaluated from left to right and returns the value of the last expression. This operator is primarily used in loops.

Example

for (a=0, b=1, c=2; a < 0 ; a++) <any statement>;

The Comma ( , ) operator causes the assignment of the three variables a, b, and c at a spot which looks for a single expression.