in pkg/skoop/network/aliyun/assertion.go [801:859]
func sortSecurityGroupRules(sgs []*ecs.DescribeSecurityGroupAttributeResponseBodyPermissionsPermission) {
slices.SortStableFunc(sgs, func(a, b *ecs.DescribeSecurityGroupAttributeResponseBodyPermissionsPermission) bool {
portRangeA := strings.Split(*a.PortRange, "/")
pStartA, _ := strconv.Atoi(portRangeA[0])
pEndA, _ := strconv.Atoi(portRangeA[1])
if pStartA == -1 && pEndA == -1 {
pStartA, pEndA = 0, 65535
}
portRangeB := strings.Split(*b.PortRange, "/")
pStartB, _ := strconv.Atoi(portRangeB[0])
pEndB, _ := strconv.Atoi(portRangeB[1])
if pStartB == -1 && pEndB == -1 {
pStartB, pEndB = 0, 65535
}
if *a.Priority != *b.Priority {
return *a.Priority < *b.Priority
}
if (a.SourceCidrIp != nil && *a.SourceCidrIp != "") || (b.SourceCidrIp != nil && *b.SourceCidrIp != "") {
if (a.SourceCidrIp == nil || *a.SourceCidrIp == "") || (b.SourceCidrIp == nil || *b.SourceCidrIp == "") {
return a.SourceCidrIp != nil && *a.SourceCidrIp != ""
}
_, netA, _ := parseIPOrCIDR(*a.SourceCidrIp)
onesA, _ := netA.Mask.Size()
_, netB, _ := parseIPOrCIDR(*a.SourceCidrIp)
onesB, _ := netB.Mask.Size()
if onesA != onesB {
return onesA > onesB
}
}
if (a.DestCidrIp != nil && *a.DestCidrIp != "") || (b.DestCidrIp != nil && *b.DestCidrIp != "") {
if (a.DestCidrIp == nil || *a.DestCidrIp == "") || (b.DestCidrIp == nil || *b.DestCidrIp == "") {
return a.DestCidrIp != nil && *a.DestCidrIp != ""
}
_, netA, _ := parseIPOrCIDR(*a.DestCidrIp)
onesA, _ := netA.Mask.Size()
_, netB, _ := parseIPOrCIDR(*a.DestCidrIp)
onesB, _ := netB.Mask.Size()
if onesA != onesB {
return onesA > onesB
}
}
if *a.Policy != *b.Policy {
return *a.Policy == string(securityPolicyVerdictDrop)
}
return (pEndA - pStartA) < (pEndB - pStartB)
})
}