Merge pull request #92 from biscuit-auth/string-length-fix

fix: use byte length for strings
biscuit-auth · Jul 5, 2024 · 741dfa2 · 741dfa2
2 parents 51943fa + 4dc314c
commit 741dfa2
Show file tree

Hide file tree

Showing 6 changed files with 27 additions and 20 deletions.
diff --git a/biscuit/src/Auth/Biscuit/Datalog/Executor.hs b/biscuit/src/Auth/Biscuit/Datalog/Executor.hs
@@ -53,6 +53,7 @@ import           Data.Set                 (Set)
 import qualified Data.Set                 as Set
 import           Data.Text                (Text, isInfixOf, unpack)
 import qualified Data.Text                as Text
+import qualified Data.Text.Encoding       as Text
 import           Data.Void                (absurd)
 import           Numeric.Natural          (Natural)
 import qualified Text.Regex.TDFA          as Regex
@@ -372,7 +373,7 @@ evalUnary :: Unary -> Value -> Either String Value
 evalUnary Parens t = pure t
 evalUnary Negate (LBool b) = pure (LBool $ not b)
 evalUnary Negate _ = Left "Only booleans support negation"
-evalUnary Length (LString t) = pure . LInteger . fromIntegral $ Text.length t
+evalUnary Length (LString t) = pure . LInteger . fromIntegral $ ByteString.length $ Text.encodeUtf8 t
 evalUnary Length (LBytes bs) = pure . LInteger . fromIntegral $ ByteString.length bs
 evalUnary Length (TermSet s) = pure . LInteger . fromIntegral $ Set.size s
 evalUnary Length _ = Left "Only strings, bytes and sets support `.length()`"

diff --git a/biscuit/test/Spec/Executor.hs b/biscuit/test/Spec/Executor.hs
@@ -103,6 +103,7 @@ exprEval = do
     , ("!false", LBool True)
     , ("(true)", LBool True)
     , ("\"test\".length()", LInteger 4)
+    , ("\"é\".length()", LInteger 2)
     , ("hex:ababab.length()", LInteger 3)
     , ("[].length()", LInteger 0)
     , ("[\"test\", \"test\"].length()", LInteger 1)

diff --git a/biscuit/test/Spec/SampleReader.hs b/biscuit/test/Spec/SampleReader.hs
@@ -1,17 +1,15 @@
-{-# LANGUAGE DataKinds                  #-}
-{-# LANGUAGE DeriveAnyClass             #-}
-{-# LANGUAGE DeriveFunctor              #-}
-{-# LANGUAGE DeriveGeneric              #-}
-{-# LANGUAGE DeriveTraversable          #-}
-{-# LANGUAGE DerivingStrategies         #-}
-{-# LANGUAGE DuplicateRecordFields      #-}
-{-# LANGUAGE FlexibleInstances          #-}
-{-# LANGUAGE GeneralizedNewtypeDeriving #-}
-{-# LANGUAGE LambdaCase                 #-}
-{-# LANGUAGE NamedFieldPuns             #-}
-{-# LANGUAGE OverloadedStrings          #-}
-{-# LANGUAGE RecordWildCards            #-}
-{-# LANGUAGE TypeApplications           #-}
+{-# LANGUAGE DataKinds             #-}
+{-# LANGUAGE DeriveAnyClass        #-}
+{-# LANGUAGE DeriveGeneric         #-}
+{-# LANGUAGE DeriveTraversable     #-}
+{-# LANGUAGE DerivingStrategies    #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE FlexibleInstances     #-}
+{-# LANGUAGE LambdaCase            #-}
+{-# LANGUAGE NamedFieldPuns        #-}
+{-# LANGUAGE OverloadedStrings     #-}
+{-# LANGUAGE RecordWildCards       #-}
+{-# LANGUAGE TypeApplications      #-}
 module Spec.SampleReader where
 
 import           Control.Arrow                 ((&&&))
@@ -238,7 +236,7 @@ processTestCase step rootPk TestCase{..} =
 compareParseErrors :: ParseError -> RustError -> Assertion
 compareParseErrors pe re =
   let mustMatch p = assertBool (show (re,pe)) $ isJust $ re ^? p
-      mustMatchEither ps = assertBool (show (re, pe)) $ any isJust $ (re ^?) <$> ps
+      mustMatchEither ps = assertBool (show (re, pe)) $ any (isJust . (re ^?)) ps
    in case pe of
         InvalidHexEncoding ->
           assertFailure $ "InvalidHexEncoding can't appear here " <> show re

diff --git a/biscuit/test/samples/current/README.md b/biscuit/test/samples/current/README.md
@@ -1214,7 +1214,7 @@ result: `Err(FailedLogic(Unauthorized { policy: Allow(0), checks: [Block(FailedB
 ### token
 
 authority:
-symbols: ["hello world", "hello", "world", "aaabde", "a*c?.e", "abd", "aaa", "b", "de", "abcD12", "abc", "def"]
+symbols: ["hello world", "hello", "world", "aaabde", "a*c?.e", "abd", "aaa", "b", "de", "abcD12", "é", "abc", "def"]
 
 public keys: []
 
@@ -1239,6 +1239,8 @@ check if "aaabde".matches("a*c?.e");
 check if "aaabde".contains("abd");
 check if "aaabde" == "aaa" + "b" + "de";
 check if "abcD12" == "abcD12";
+check if "abcD12".length() == 6;
+check if "é".length() == 2;
 check if 2019-12-04T09:46:41Z < 2020-12-04T09:46:41Z;
 check if 2020-12-04T09:46:41Z > 2019-12-04T09:46:41Z;
 check if 2019-12-04T09:46:41Z <= 2020-12-04T09:46:41Z;
@@ -1268,7 +1270,7 @@ allow if true;
 ```
 
 revocation ids:
-- `f61b4cb4fc58777fec6c8d39fe62259dc3c78511868236c391e9f67ffd03a3a8b8e3042d4bacce0d5756d053f5afccd4c5e4df0597af44b36bdfab492e5fe50e`
+- `3d5b23b502b3dd920bfb68b9039164d1563bb8927210166fa5c17f41b76b31bb957bc2ed3318452958f658baa2d398fe4cf25c58a27e6c8bc42c9702c8aa1b0c`
 
 authorizer world:
 ```
@@ -1287,7 +1289,9 @@ World {
             "check if \"aaabde\".contains(\"abd\")",
             "check if \"aaabde\".matches(\"a*c?.e\")",
             "check if \"abcD12\" == \"abcD12\"",
+            "check if \"abcD12\".length() == 6",
             "check if \"hello world\".starts_with(\"hello\") && \"hello world\".ends_with(\"world\")",
+            "check if \"é\".length() == 2",
             "check if (true || false) && true",
             "check if 1 + 2 * 3 - 4 / 2 == 5",
             "check if 1 < 2",

diff --git a/biscuit/test/samples/current/samples.json b/biscuit/test/samples/current/samples.json
@@ -1239,12 +1239,13 @@
             "b",
             "de",
             "abcD12",
+            "é",
             "abc",
             "def"
           ],
           "public_keys": [],
           "external_key": null,
-          "code": "check if true;\ncheck if !false;\ncheck if !false && true;\ncheck if false || true;\ncheck if (true || false) && true;\ncheck if true == true;\ncheck if false == false;\ncheck if 1 < 2;\ncheck if 2 > 1;\ncheck if 1 <= 2;\ncheck if 1 <= 1;\ncheck if 2 >= 1;\ncheck if 2 >= 2;\ncheck if 3 == 3;\ncheck if 1 + 2 * 3 - 4 / 2 == 5;\ncheck if \"hello world\".starts_with(\"hello\") && \"hello world\".ends_with(\"world\");\ncheck if \"aaabde\".matches(\"a*c?.e\");\ncheck if \"aaabde\".contains(\"abd\");\ncheck if \"aaabde\" == \"aaa\" + \"b\" + \"de\";\ncheck if \"abcD12\" == \"abcD12\";\ncheck if 2019-12-04T09:46:41Z < 2020-12-04T09:46:41Z;\ncheck if 2020-12-04T09:46:41Z > 2019-12-04T09:46:41Z;\ncheck if 2019-12-04T09:46:41Z <= 2020-12-04T09:46:41Z;\ncheck if 2020-12-04T09:46:41Z >= 2020-12-04T09:46:41Z;\ncheck if 2020-12-04T09:46:41Z >= 2019-12-04T09:46:41Z;\ncheck if 2020-12-04T09:46:41Z >= 2020-12-04T09:46:41Z;\ncheck if 2020-12-04T09:46:41Z == 2020-12-04T09:46:41Z;\ncheck if hex:12ab == hex:12ab;\ncheck if [1, 2].contains(2);\ncheck if [2019-12-04T09:46:41Z, 2020-12-04T09:46:41Z].contains(2020-12-04T09:46:41Z);\ncheck if [false, true].contains(true);\ncheck if [\"abc\", \"def\"].contains(\"abc\");\ncheck if [hex:12ab, hex:34de].contains(hex:34de);\ncheck if [1, 2].contains([2]);\ncheck if [1, 2] == [1, 2];\ncheck if [1, 2].intersection([2, 3]) == [2];\ncheck if [1, 2].union([2, 3]) == [1, 2, 3];\ncheck if [1, 2, 3].intersection([1, 2]).contains(1);\ncheck if [1, 2, 3].intersection([1, 2]).length() == 2;\n"
+          "code": "check if true;\ncheck if !false;\ncheck if !false && true;\ncheck if false || true;\ncheck if (true || false) && true;\ncheck if true == true;\ncheck if false == false;\ncheck if 1 < 2;\ncheck if 2 > 1;\ncheck if 1 <= 2;\ncheck if 1 <= 1;\ncheck if 2 >= 1;\ncheck if 2 >= 2;\ncheck if 3 == 3;\ncheck if 1 + 2 * 3 - 4 / 2 == 5;\ncheck if \"hello world\".starts_with(\"hello\") && \"hello world\".ends_with(\"world\");\ncheck if \"aaabde\".matches(\"a*c?.e\");\ncheck if \"aaabde\".contains(\"abd\");\ncheck if \"aaabde\" == \"aaa\" + \"b\" + \"de\";\ncheck if \"abcD12\" == \"abcD12\";\ncheck if \"abcD12\".length() == 6;\ncheck if \"é\".length() == 2;\ncheck if 2019-12-04T09:46:41Z < 2020-12-04T09:46:41Z;\ncheck if 2020-12-04T09:46:41Z > 2019-12-04T09:46:41Z;\ncheck if 2019-12-04T09:46:41Z <= 2020-12-04T09:46:41Z;\ncheck if 2020-12-04T09:46:41Z >= 2020-12-04T09:46:41Z;\ncheck if 2020-12-04T09:46:41Z >= 2019-12-04T09:46:41Z;\ncheck if 2020-12-04T09:46:41Z >= 2020-12-04T09:46:41Z;\ncheck if 2020-12-04T09:46:41Z == 2020-12-04T09:46:41Z;\ncheck if hex:12ab == hex:12ab;\ncheck if [1, 2].contains(2);\ncheck if [2019-12-04T09:46:41Z, 2020-12-04T09:46:41Z].contains(2020-12-04T09:46:41Z);\ncheck if [false, true].contains(true);\ncheck if [\"abc\", \"def\"].contains(\"abc\");\ncheck if [hex:12ab, hex:34de].contains(hex:34de);\ncheck if [1, 2].contains([2]);\ncheck if [1, 2] == [1, 2];\ncheck if [1, 2].intersection([2, 3]) == [2];\ncheck if [1, 2].union([2, 3]) == [1, 2, 3];\ncheck if [1, 2, 3].intersection([1, 2]).contains(1);\ncheck if [1, 2, 3].intersection([1, 2]).length() == 2;\n"
         }
       ],
       "validations": {
@@ -1262,7 +1263,9 @@
                   "check if \"aaabde\".contains(\"abd\")",
                   "check if \"aaabde\".matches(\"a*c?.e\")",
                   "check if \"abcD12\" == \"abcD12\"",
+                  "check if \"abcD12\".length() == 6",
                   "check if \"hello world\".starts_with(\"hello\") && \"hello world\".ends_with(\"world\")",
+                  "check if \"é\".length() == 2",
                   "check if (true || false) && true",
                   "check if 1 + 2 * 3 - 4 / 2 == 5",
                   "check if 1 < 2",
@@ -1307,7 +1310,7 @@
           },
           "authorizer_code": "allow if true;\n",
           "revocation_ids": [
-            "f61b4cb4fc58777fec6c8d39fe62259dc3c78511868236c391e9f67ffd03a3a8b8e3042d4bacce0d5756d053f5afccd4c5e4df0597af44b36bdfab492e5fe50e"
+            "3d5b23b502b3dd920bfb68b9039164d1563bb8927210166fa5c17f41b76b31bb957bc2ed3318452958f658baa2d398fe4cf25c58a27e6c8bc42c9702c8aa1b0c"
           ]
         }
       }

diff --git a/biscuit/test/samples/current/test017_expressions.bc b/biscuit/test/samples/current/test017_expressions.bc