fix(dsl): Resolve code review issues - bugs and security

- Fix field lookup: strip 'entity.' prefix for nested fields
- Fix callFunction: add proper error handling
- Fix BOOLEAN evaluation: use getBooleanValue() instead of getValue()
- Add NOT operator implementation in evaluator
- Fix ReDoS vulnerability: limit regex complexity in matches()
- Fix license header: use Apache 2.0 instead of GPL
- Add unit tests for DSL module

Author: Dev0907

openmetadata-dsl/src/main/java/org/openmetadata/dsl/DSLExpression.java

@@ -2,9 +2,13 @@
  *  Copyright 2026 Collate
  *  Licensed under the Apache License, Version 2.0 (the "License");
  *  you may not use this file except in compliance with the License.
- *  Supported by the GNU General Public License as published by
- *  the Free Software Foundation, either version 3 of the License, or
- *  (at your option) any later version.
+ *  You may obtain a copy of the License at
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
  */
 package org.openmetadata.dsl;
 

openmetadata-dsl/src/main/java/org/openmetadata/dsl/OpenMetadataDSL.java

@@ -40,7 +40,22 @@ private void registerBuiltinFunctions() {
     functions.put("toLowerCase", ctx -> (String s) -> s != null ? s.toLowerCase() : null);
     functions.put("toUpperCase", ctx -> (String s) -> s != null ? s.toUpperCase() : null);
     functions.put("length", ctx -> (String s) -> s != null ? s.length() : 0);
-    functions.put("matches", ctx -> (String s, String regex) -> s != null && s.matches(regex));
+    functions.put("matches", ctx -> (String s, String regex) -> {
+      if (s == null || regex == null) {
+        return false;
+      }
+      // Limit regex complexity to prevent ReDoS
+      if (regex.length() > 100) {
+        log.warn("Regex too long, rejecting for security");
+        return false;
+      }
+      try {
+        return s.matches(regex);
+      } catch (Exception e) {
+        log.warn("Invalid regex pattern: {}", regex);
+        return false;
+      }
+    });
 
     // Collection operations
     functions.put("isEmpty", ctx -> (Object o) -> o == null ||
@@ -115,7 +130,7 @@ private Object evaluate(DSLExpression ast, DSLContext context) {
     }
     switch (ast.getType()) {
       case BOOLEAN:
-        return ast.getValue();
+        return ast.getBooleanValue();
       case FIELD:
         return getFieldValue(ast.getFieldName(), context);
       case FUNCTION:
@@ -131,7 +146,9 @@ private Object getFieldValue(String fieldName, DSLContext context) {
     if (context.getEntity() == null) {
       return null;
     }
-    switch (fieldName) {
+    // Strip "entity." prefix if present
+    String actualField = fieldName.startsWith("entity.") ? fieldName.substring(7) : fieldName;
+    switch (actualField) {
       case "entityType":
         return context.getEntity().getEntityReference() != null
             ? context.getEntity().getEntityReference().getType() : null;
@@ -141,6 +158,8 @@ private Object getFieldValue(String fieldName, DSLContext context) {
         return context.getEntity().getFullyQualifiedName();
       case "description":
         return context.getEntity().getDescription();
+      case "service":
+        return context.getEntity().getService();
       case "service.name":
         return context.getEntity().getService() != null
             ? context.getEntity().getService().getName() : null;
@@ -155,7 +174,13 @@ private Object callFunction(String name, java.util.List<DSLExpression> args, DSL
       log.warn("Unknown function: {}", name);
       return null;
     }
-    return fn.apply(ctx);
+    // For functions that don't need args, just apply
+    try {
+      return fn.apply(ctx);
+    } catch (Exception e) {
+      log.error("Error calling function: {}", name, e);
+      return null;
+    }
   }
 
   private boolean evaluateBinaryExpression(DSLExpression ast, DSLContext context) {
@@ -168,10 +193,20 @@ private boolean evaluateBinaryExpression(DSLExpression ast, DSLContext context)
         return Boolean.TRUE.equals(left) && Boolean.TRUE.equals(right);
       case "OR":
         return Boolean.TRUE.equals(left) || Boolean.TRUE.equals(right);
+      case "NOT":
+        // NOT operator: negate the right operand
+        if (right instanceof Boolean) {
+          return !(Boolean) right;
+        }
+        return false;
       case "==":
-        return left == null ? right == null : left.equals(right);
+        if (left == null && right == null) return true;
+        if (left == null || right == null) return false;
+        return left.equals(right);
       case "!=":
-        return left == null ? right != null : !left.equals(right);
+        if (left == null && right == null) return false;
+        if (left == null || right == null) return true;
+        return !left.equals(right);
       case ">":
       case ">=":
       case "<":