Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix entity manifests bug caused by aliasing between entity literal and var #1429

Merged
merged 5 commits into from
Jan 21, 2025
Merged

Fix entity manifests bug caused by aliasing between entity literal and var #1429

merged 5 commits into from
Jan 21, 2025

Conversation

john-h-kastner-aws
Copy link
Contributor

@john-h-kastner-aws john-h-kastner-aws commented Jan 16, 2025
edited
Loading

Description of changes

Given a policy like

    permit(
      principal is a in a::"",
      action in [Action::"action"],
      resource
    ) when {
      (true && ((a::"" has "A") == false)) && (a::"" in [a::""])
    };

and a request where the principal is a::"", the slicing algorithm failed to select take the attribute A because it did not correctly account for principal and a::"" referencing the same entity.

Issue #, if available

Checklist for requesting a review

The change in this PR is (choose one, and delete the other options):

  • A breaking change requiring a major version bump to cedar-policy (e.g., changes to the signature of an existing API).
  • A backwards-compatible change requiring a minor version bump to cedar-policy (e.g., addition of a new API).
  • A bug fix or other functionality change requiring a patch to cedar-policy.
  • A change "invisible" to users (e.g., documentation, changes to "internal" crates like cedar-policy-core, cedar-validator, etc.)
  • A change (breaking or otherwise) that only impacts unreleased or experimental code.

I confirm that this PR (choose one, and delete the other options):

  • Updates the "Unreleased" section of the CHANGELOG with a description of my change (required for major/minor version bumps).
  • Does not update the CHANGELOG because my change does not significantly impact released code.

I confirm that cedar-spec (choose one, and delete the other options):

  • Does not require updates because my change does not impact the Cedar formal model or DRT infrastructure.
  • Requires updates, and I have made / will make these updates myself. (Please include in your description a timeline or link to the relevant PR in cedar-spec, and how you have tested that your updates are correct.)
  • Requires updates, but I do not plan to make them in the near future. (Make sure that your changes are hidden behind a feature flag to mark them as experimental.)
  • I'm not sure how my change impacts cedar-spec. (Post your PR anyways, and we'll discuss in the comments.)

I confirm that docs.cedarpolicy.com (choose one, and delete the other options):

  • Does not require updates because my change does not impact the Cedar language specification.
  • Requires updates, and I have made / will make these updates myself. (Please include in your description a timeline or link to the relevant PR in cedar-docs. PRs should be targeted at a staging-X.Y branch, not main.)
  • I'm not sure how my change impacts the documentation. (Post your PR anyways, and we'll discuss in the comments.)

cdisselkoen
cdisselkoen approved these changes Jan 17, 2025
View reviewed changes
cedar-policy-validator/src/entity_manifest/loader.rs
Comment on lines +323 to +334
assert_eq!(
uid1, uid2,
"attempting to merge entities with different uids!"
);
assert_eq!(
ancestors1, ancestors2,
"attempting to merge entities with different ancestors!"
);
assert!(
tags1.is_empty() && tags2.is_empty(),
"attempting to merge entities with tags!"
);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

consider debug_assert instead of assert, since these might have nontrivial runtime cost?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm actually closer to lifting this to an Err result for invariant violation

@john-h-kastner-aws
more tests and move test
23a12e2 
Signed-off-by: John Kastner <[email protected]>
@john-h-kastner-aws
test merging with ancestors
6c19607 
Signed-off-by: John Kastner <[email protected]>
@john-h-kastner-aws
remove clone
039ad7d 
Signed-off-by: John Kastner <[email protected]>
@john-h-kastner-aws john-h-kastner-aws merged commit 1423877 into main Jan 21, 2025
19 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shaobo-he-aws shaobo-he-aws shaobo-he-aws approved these changes

@cdisselkoen cdisselkoen cdisselkoen approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@john-h-kastner-aws @cdisselkoen @shaobo-he-aws