diff --git a/biscuit-datalog/src/expression.zig b/biscuit-datalog/src/expression.zig index 9cc24db..74ee6ea 100644 --- a/biscuit-datalog/src/expression.zig +++ b/biscuit-datalog/src/expression.zig @@ -174,12 +174,17 @@ const Unary = enum { length, pub fn evaluate(expr: Unary, value: Term, symbols: *SymbolTable) !Term { - _ = symbols; // Different type instead of SymbolTable - // return switch (expr) { .negate => if (value == .bool) .{ .bool = !value.bool } else return error.UnexpectedTermInUnaryNegate, .parens => value, - else => error.UnexpectedUnaryTermCombination, + .length => .{ + .integer = switch (value) { + .string => |index| std.math.cast(i64, (try symbols.getString(index)).len) orelse return error.FailedToCaseInt, + .bytes => |b| std.math.cast(i64, b.len) orelse return error.FailedToCaseInt, + .set => |s| std.math.cast(i64, s.count()) orelse return error.FailedToCaseInt, + else => return error.LengthNotSupportedOnValue, + }, + }, }; } }; diff --git a/biscuit-samples/src/sample.zig b/biscuit-samples/src/sample.zig index f603edb..256b021 100644 --- a/biscuit-samples/src/sample.zig +++ b/biscuit-samples/src/sample.zig @@ -60,8 +60,11 @@ pub const Result = union(enum) { }; const World = struct { - facts: [][]const u8, - rules: [][]const u8, + facts: []FactOrigin, + rules: []RuleOrigin, checks: [][]const u8, policies: [][]const u8, }; + +const FactOrigin = struct { []const u8, []?usize }; +const RuleOrigin = struct { []const u8, usize }; diff --git a/biscuit-samples/src/samples/samples.json b/biscuit-samples/src/samples/samples.json index 86011e9..6e9a4bb 100644 --- a/biscuit-samples/src/samples/samples.json +++ b/biscuit-samples/src/samples/samples.json @@ -1,19 +1,24 @@ { - "root_private_key": "12aca40167fbdd1a11037e9fd440e3d510d9d9dea70a6646aa4aaf84d718d75a", - "root_public_key": "acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189", + "root_private_key": "99e87b0e9158531eeeb503ff15266e2b23c2a2507b138c9d1b1f2ab458df2d61", + "root_public_key": "1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284", "testcases": [ { "title": "basic token", "filename": "test001_basic.bc", "token": [ { - "symbols": ["file1", "file2"], + "symbols": [ + "file1", + "file2" + ], "public_keys": [], "external_key": null, "code": "right(\"file1\", \"read\");\nright(\"file2\", \"read\");\nright(\"file1\", \"write\");\n" }, { - "symbols": ["0"], + "symbols": [ + "0" + ], "public_keys": [], "external_key": null, "code": "check if resource($0), operation(\"read\"), right($0, \"read\");\n" @@ -23,16 +28,38 @@ "": { "world": { "facts": [ - "resource(\"file1\")", - "right(\"file1\", \"read\")", - "right(\"file1\", \"write\")", - "right(\"file2\", \"read\")" + [ + "resource(\"file1\")", + [ + null + ] + ], + [ + "right(\"file1\", \"read\")", + [ + 0 + ] + ], + [ + "right(\"file1\", \"write\")", + [ + 0 + ] + ], + [ + "right(\"file2\", \"read\")", + [ + 0 + ] + ] ], "rules": [], "checks": [ "check if resource($0), operation(\"read\"), right($0, \"read\")" ], - "policies": ["allow if true"] + "policies": [ + "allow if true" + ] }, "result": { "Err": { @@ -56,8 +83,8 @@ }, "authorizer_code": "resource(\"file1\");\n\nallow if true;\n", "revocation_ids": [ - "3ee1c0f42ba69ec63b1f39a6b3c57d25a4ccec452233ca6d40530ecfe83af4918fa78d9346f8b7c498545b54663960342b9ed298b2c8bbe2085b80c237b56f09", - "e16ccf0820b02092adb531e36c2e82884c6c6c647b1c85184007f2ace601648afb71faa261b11f9ab352093c96187870f868588b664579c8018864b306bd5007" + "7595a112a1eb5b81a6e398852e6118b7f5b8cbbff452778e655100e5fb4faa8d3a2af52fe2c4f9524879605675fae26adbc4783e0cafc43522fa82385f396c03", + "45f4c14f9d9e8fa044d68be7a2ec8cddb835f575c7b913ec59bd636c70acae9a90db9064ba0b3084290ed0c422bbb7170092a884f5e0202b31e9235bbcc1650d" ] } } @@ -67,13 +94,17 @@ "filename": "test002_different_root_key.bc", "token": [ { - "symbols": ["file1"], + "symbols": [ + "file1" + ], "public_keys": [], "external_key": null, "code": "right(\"file1\", \"read\");\n" }, { - "symbols": ["0"], + "symbols": [ + "0" + ], "public_keys": [], "external_key": null, "code": "check if resource($0), operation(\"read\"), right($0, \"read\");\n" @@ -101,13 +132,18 @@ "filename": "test003_invalid_signature_format.bc", "token": [ { - "symbols": ["file1", "file2"], + "symbols": [ + "file1", + "file2" + ], "public_keys": [], "external_key": null, "code": "right(\"file1\", \"read\");\nright(\"file2\", \"read\");\nright(\"file1\", \"write\");\n" }, { - "symbols": ["0"], + "symbols": [ + "0" + ], "public_keys": [], "external_key": null, "code": "check if resource($0), operation(\"read\"), right($0, \"read\");\n" @@ -133,13 +169,18 @@ "filename": "test004_random_block.bc", "token": [ { - "symbols": ["file1", "file2"], + "symbols": [ + "file1", + "file2" + ], "public_keys": [], "external_key": null, "code": "right(\"file1\", \"read\");\nright(\"file2\", \"read\");\nright(\"file1\", \"write\");\n" }, { - "symbols": ["0"], + "symbols": [ + "0" + ], "public_keys": [], "external_key": null, "code": "check if resource($0), operation(\"read\"), right($0, \"read\");\n" @@ -167,13 +208,18 @@ "filename": "test005_invalid_signature.bc", "token": [ { - "symbols": ["file1", "file2"], + "symbols": [ + "file1", + "file2" + ], "public_keys": [], "external_key": null, "code": "right(\"file1\", \"read\");\nright(\"file2\", \"read\");\nright(\"file1\", \"write\");\n" }, { - "symbols": ["0"], + "symbols": [ + "0" + ], "public_keys": [], "external_key": null, "code": "check if resource($0), operation(\"read\"), right($0, \"read\");\n" @@ -201,13 +247,18 @@ "filename": "test006_reordered_blocks.bc", "token": [ { - "symbols": ["file1", "file2"], + "symbols": [ + "file1", + "file2" + ], "public_keys": [], "external_key": null, "code": "right(\"file1\", \"read\");\nright(\"file2\", \"read\");\nright(\"file1\", \"write\");\n" }, { - "symbols": ["0"], + "symbols": [ + "0" + ], "public_keys": [], "external_key": null, "code": "check if resource($0), operation(\"read\"), right($0, \"read\");\n" @@ -241,19 +292,28 @@ "filename": "test007_scoped_rules.bc", "token": [ { - "symbols": ["user_id", "alice", "file1"], + "symbols": [ + "user_id", + "alice", + "file1" + ], "public_keys": [], "external_key": null, "code": "user_id(\"alice\");\nowner(\"alice\", \"file1\");\n" }, { - "symbols": ["0", "1"], + "symbols": [ + "0", + "1" + ], "public_keys": [], "external_key": null, "code": "right($0, \"read\") <- resource($0), user_id($1), owner($1, $0);\ncheck if resource($0), operation(\"read\"), right($0, \"read\");\n" }, { - "symbols": ["file2"], + "symbols": [ + "file2" + ], "public_keys": [], "external_key": null, "code": "owner(\"alice\", \"file2\");\n" @@ -263,19 +323,49 @@ "": { "world": { "facts": [ - "operation(\"read\")", - "owner(\"alice\", \"file1\")", - "owner(\"alice\", \"file2\")", - "resource(\"file2\")", - "user_id(\"alice\")" + [ + "operation(\"read\")", + [ + null + ] + ], + [ + "owner(\"alice\", \"file1\")", + [ + 0 + ] + ], + [ + "owner(\"alice\", \"file2\")", + [ + 2 + ] + ], + [ + "resource(\"file2\")", + [ + null + ] + ], + [ + "user_id(\"alice\")", + [ + 0 + ] + ] ], "rules": [ - "right($0, \"read\") <- resource($0), user_id($1), owner($1, $0)" + [ + "right($0, \"read\") <- resource($0), user_id($1), owner($1, $0)", + 1 + ] ], "checks": [ "check if resource($0), operation(\"read\"), right($0, \"read\")" ], - "policies": ["allow if true"] + "policies": [ + "allow if true" + ] }, "result": { "Err": { @@ -299,9 +389,9 @@ }, "authorizer_code": "resource(\"file2\");\noperation(\"read\");\n\nallow if true;\n", "revocation_ids": [ - "02d287b0e5b22780192f8351538583c17f7d0200e064b32a1fcf07899e64ffb10e4de324f5c5ebc72c89a63e424317226cf555eb42dae81b2fd4639cf7591108", - "22e75ea200cf7b2b62b389298fe0dec973b7f9c7e54e76c3c41811d72ea82c68227bc9079b7d05986de17ef9301cccdc08f5023455386987d1e6ee4391b19f06", - "140a3631fecae550b51e50b9b822b947fb485c80070b34482fa116cdea560140164a1d0a959b40fed8a727e2f62c0b57635760c488c8bf0eda80ee591558c409" + "4d86c9af808dc2e0583f47282e6f5df3e09dc264d5231ec360b4519e15ddaeec60b25a9bbcb22e8d192f4d36a0da3f9243711e30535b00ee55c53cb1395f230a", + "63208c668c66f3ba6927140ba37533593b25e03459447805d4b2a8b75adeef45794c3d7249afe506ed77ccee276160bb4052a4009302bd34871a440f070b4509", + "d8da982888eae8c038e4894a8c06fc57d8e5f06ad2e972b9cf4bde49ad60804558a0d1938192596c702d8e4f7f12ec19201d7c33d0cd77774a0d879a33880d02" ] } } @@ -311,19 +401,25 @@ "filename": "test008_scoped_checks.bc", "token": [ { - "symbols": ["file1"], + "symbols": [ + "file1" + ], "public_keys": [], "external_key": null, "code": "right(\"file1\", \"read\");\n" }, { - "symbols": ["0"], + "symbols": [ + "0" + ], "public_keys": [], "external_key": null, "code": "check if resource($0), operation(\"read\"), right($0, \"read\");\n" }, { - "symbols": ["file2"], + "symbols": [ + "file2" + ], "public_keys": [], "external_key": null, "code": "right(\"file2\", \"read\");\n" @@ -333,16 +429,38 @@ "": { "world": { "facts": [ - "operation(\"read\")", - "resource(\"file2\")", - "right(\"file1\", \"read\")", - "right(\"file2\", \"read\")" + [ + "operation(\"read\")", + [ + null + ] + ], + [ + "resource(\"file2\")", + [ + null + ] + ], + [ + "right(\"file1\", \"read\")", + [ + 0 + ] + ], + [ + "right(\"file2\", \"read\")", + [ + 2 + ] + ] ], "rules": [], "checks": [ "check if resource($0), operation(\"read\"), right($0, \"read\")" ], - "policies": ["allow if true"] + "policies": [ + "allow if true" + ] }, "result": { "Err": { @@ -366,9 +484,9 @@ }, "authorizer_code": "resource(\"file2\");\noperation(\"read\");\n\nallow if true;\n", "revocation_ids": [ - "567682495bf002eb84c46491e40fad8c55943d918c65e2c110b1b88511bf393072c0305a243e3d632ca5f1e9b0ace3e3582de84838c3a258480657087c267f02", - "71f0010b1034dbc62c53f67a23947b92ccba46495088567ac7ad5c4d7d65476964bee42053a6a35088110c5918f9c9606057689271fef89d84253cf98e6d4407", - "6d00d5f2a5d25dbfaa19152a81b44328b368e8fb8300b25e36754cfe8b2ce1eb2d1452ce9b1502e6f377a23aa87098fb05b5b073541624a8815ba0610f793005" + "a80c985ddef895518c216f64c65dcd50a5d97d012a94453d79159aed2981654b1fe9748c686c5667604026a94fb8db8a1d02de747df61e99fa9a63ff2878ad00", + "77df45442be86a416aa02fd9d98d6d4703c634a9e3b1d293b41f5dc97849afbe7faeec8c22a210574888acc008fb64fe691ec9e8d2655586f970d9a6b6577000", + "b31398aefe97d3db41ebc445760f216fb3aa7bf7439adcfc3a07489bfcc163970af3f4e20f5460aa24cf841101a5ab114d21acc0ee8d442bae7793b121284900" ] } } @@ -384,7 +502,9 @@ "code": "" }, { - "symbols": ["file1", "expiration"], + "symbols": [ + "file1" + ], "public_keys": [], "external_key": null, "code": "check if resource(\"file1\");\ncheck if time($time), $time <= 2018-12-20T00:00:00Z;\n" @@ -394,16 +514,33 @@ "": { "world": { "facts": [ - "operation(\"read\")", - "resource(\"file1\")", - "time(2020-12-21T09:23:12Z)" + [ + "operation(\"read\")", + [ + null + ] + ], + [ + "resource(\"file1\")", + [ + null + ] + ], + [ + "time(2020-12-21T09:23:12Z)", + [ + null + ] + ] ], "rules": [], "checks": [ "check if resource(\"file1\")", "check if time($time), $time <= 2018-12-20T00:00:00Z" ], - "policies": ["allow if true"] + "policies": [ + "allow if true" + ] }, "result": { "Err": { @@ -427,8 +564,8 @@ }, "authorizer_code": "resource(\"file1\");\noperation(\"read\");\ntime(2020-12-21T09:23:12Z);\n\nallow if true;\n", "revocation_ids": [ - "b2474f3e0a5788cdeff811f2599497a04d1ad71ca48dbafb90f20a950d565dda0b86bd6c9072a727c19b6b20a1ae10d8cb88155186550b77016ffd1dca9a6203", - "0d12152670cbefe2fa504af9a92b513f1a48ae460ae5e66aaac4ed9f7dc3cc1c4c510693312b351465062169a2169fc520ce4e17e548d21982c81a74c66a3c0c" + "c248907bb6e5f433bbb5edf6367b399ebefca0d321d0b2ea9fc67f66dc1064ce926adb0c05d90c3e8a2833328b3578f79c4e1bca43583d9bcfb2ba6c37303d00", + "a4edf7aaea8658bb9ae19b3ffe2adcc77cc9f16c249aeb0a85a584b5362f89f27f7c67ac0af16d7170673d6d1fb1563d1934b25ec5a461f6c01fa49805cd5e07" ] } } @@ -438,13 +575,17 @@ "filename": "test010_authorizer_scope.bc", "token": [ { - "symbols": ["file1"], + "symbols": [ + "file1" + ], "public_keys": [], "external_key": null, "code": "right(\"file1\", \"read\");\n" }, { - "symbols": ["file2"], + "symbols": [ + "file2" + ], "public_keys": [], "external_key": null, "code": "right(\"file2\", \"read\");\n" @@ -454,14 +595,38 @@ "": { "world": { "facts": [ - "operation(\"read\")", - "resource(\"file2\")", - "right(\"file1\", \"read\")", - "right(\"file2\", \"read\")" + [ + "operation(\"read\")", + [ + null + ] + ], + [ + "resource(\"file2\")", + [ + null + ] + ], + [ + "right(\"file1\", \"read\")", + [ + 0 + ] + ], + [ + "right(\"file2\", \"read\")", + [ + 1 + ] + ] ], "rules": [], - "checks": ["check if right($0, $1), resource($0), operation($1)"], - "policies": ["allow if true"] + "checks": [ + "check if right($0, $1), resource($0), operation($1)" + ], + "policies": [ + "allow if true" + ] }, "result": { "Err": { @@ -484,8 +649,8 @@ }, "authorizer_code": "resource(\"file2\");\noperation(\"read\");\n\ncheck if right($0, $1), resource($0), operation($1);\n\nallow if true;\n", "revocation_ids": [ - "b9ecf192ecb1bbb10e45320c1c86661f0c6b6bd28e89fdd8fa838fe0ab3f754229f7fbbf92ad978d36f744c345c69bc156a2a91a2979a3c235a9d936d401b404", - "839728735701e589c2612e655afa2b53f573480e6a0477ae68ed71587987d1af398a31296bdec0b6eccee9348f4b4c23ca1031e809991626c579fef80b1d380d" + "a80c985ddef895518c216f64c65dcd50a5d97d012a94453d79159aed2981654b1fe9748c686c5667604026a94fb8db8a1d02de747df61e99fa9a63ff2878ad00", + "966eceb2aa937c41b25368808bab6e0698c02a4038de669d007c9c3d43602638a640083558d1576ac80cf3eb2ac6a7585527e0f6c1a65402f0935cf7f4df8005" ] } } @@ -495,7 +660,9 @@ "filename": "test011_authorizer_authority_caveats.bc", "token": [ { - "symbols": ["file1"], + "symbols": [ + "file1" + ], "public_keys": [], "external_key": null, "code": "right(\"file1\", \"read\");\n" @@ -505,13 +672,32 @@ "": { "world": { "facts": [ - "operation(\"read\")", - "resource(\"file2\")", - "right(\"file1\", \"read\")" + [ + "operation(\"read\")", + [ + null + ] + ], + [ + "resource(\"file2\")", + [ + null + ] + ], + [ + "right(\"file1\", \"read\")", + [ + 0 + ] + ] ], "rules": [], - "checks": ["check if right($0, $1), resource($0), operation($1)"], - "policies": ["allow if true"] + "checks": [ + "check if right($0, $1), resource($0), operation($1)" + ], + "policies": [ + "allow if true" + ] }, "result": { "Err": { @@ -534,7 +720,7 @@ }, "authorizer_code": "resource(\"file2\");\noperation(\"read\");\n\ncheck if right($0, $1), resource($0), operation($1);\n\nallow if true;\n", "revocation_ids": [ - "593d273d141bf23a3e89b55fffe1b3f96f683a022bb763e78f4e49f31a7cf47668c3fd5e0f580727ac9113ede302d34264597f6f1e6c6dd4167836d57aedf504" + "a80c985ddef895518c216f64c65dcd50a5d97d012a94453d79159aed2981654b1fe9748c686c5667604026a94fb8db8a1d02de747df61e99fa9a63ff2878ad00" ] } } @@ -544,7 +730,9 @@ "filename": "test012_authority_caveats.bc", "token": [ { - "symbols": ["file1"], + "symbols": [ + "file1" + ], "public_keys": [], "external_key": null, "code": "check if resource(\"file1\");\n" @@ -553,25 +741,59 @@ "validations": { "file1": { "world": { - "facts": ["operation(\"read\")", "resource(\"file1\")"], + "facts": [ + [ + "operation(\"read\")", + [ + null + ] + ], + [ + "resource(\"file1\")", + [ + null + ] + ] + ], "rules": [], - "checks": ["check if resource(\"file1\")"], - "policies": ["allow if true"] + "checks": [ + "check if resource(\"file1\")" + ], + "policies": [ + "allow if true" + ] }, "result": { "Ok": 0 }, "authorizer_code": "resource(\"file1\");\noperation(\"read\");\n\nallow if true;\n", "revocation_ids": [ - "0a1d14a145debbb0a2f4ce0631d3a0a48a2e0eddabefda7fabb0414879ec6be24b9ae7295c434609ada3f8cc47b8845bbd5a0d4fba3d96748ff1b824496e0405" + "6a8f90dad67ae2ac188460463914ae7326fda431c80785755f4edcc15f1a53911f7366e606ad80cbbeba94672e42713e88632a932128f1d796ce9ba7d7a0b80a" ] }, "file2": { "world": { - "facts": ["operation(\"read\")", "resource(\"file2\")"], + "facts": [ + [ + "operation(\"read\")", + [ + null + ] + ], + [ + "resource(\"file2\")", + [ + null + ] + ] + ], "rules": [], - "checks": ["check if resource(\"file1\")"], - "policies": ["allow if true"] + "checks": [ + "check if resource(\"file1\")" + ], + "policies": [ + "allow if true" + ] }, "result": { "Err": { @@ -595,7 +817,7 @@ }, "authorizer_code": "resource(\"file2\");\noperation(\"read\");\n\nallow if true;\n", "revocation_ids": [ - "0a1d14a145debbb0a2f4ce0631d3a0a48a2e0eddabefda7fabb0414879ec6be24b9ae7295c434609ada3f8cc47b8845bbd5a0d4fba3d96748ff1b824496e0405" + "6a8f90dad67ae2ac188460463914ae7326fda431c80785755f4edcc15f1a53911f7366e606ad80cbbeba94672e42713e88632a932128f1d796ce9ba7d7a0b80a" ] } } @@ -605,13 +827,20 @@ "filename": "test013_block_rules.bc", "token": [ { - "symbols": ["file1", "file2"], + "symbols": [ + "file1", + "file2" + ], "public_keys": [], "external_key": null, "code": "right(\"file1\", \"read\");\nright(\"file2\", \"read\");\n" }, { - "symbols": ["valid_date", "0", "1"], + "symbols": [ + "valid_date", + "0", + "1" + ], "public_keys": [], "external_key": null, "code": "valid_date(\"file1\") <- time($0), resource(\"file1\"), $0 <= 2030-12-31T12:59:59Z;\nvalid_date($1) <- time($0), resource($1), $0 <= 1999-12-31T12:59:59Z, ![\"file1\"].contains($1);\ncheck if valid_date($0), resource($0);\n" @@ -621,42 +850,108 @@ "file1": { "world": { "facts": [ - "resource(\"file1\")", - "right(\"file1\", \"read\")", - "right(\"file2\", \"read\")", - "time(2020-12-21T09:23:12Z)", - "valid_date(\"file1\")" + [ + "resource(\"file1\")", + [ + null + ] + ], + [ + "right(\"file1\", \"read\")", + [ + 0 + ] + ], + [ + "right(\"file2\", \"read\")", + [ + 0 + ] + ], + [ + "time(2020-12-21T09:23:12Z)", + [ + null + ] + ], + [ + "valid_date(\"file1\")", + [ + null, + 1 + ] + ] ], "rules": [ - "valid_date(\"file1\") <- time($0), resource(\"file1\"), $0 <= 2030-12-31T12:59:59Z", - "valid_date($1) <- time($0), resource($1), $0 <= 1999-12-31T12:59:59Z, ![\"file1\"].contains($1)" + [ + "valid_date(\"file1\") <- time($0), resource(\"file1\"), $0 <= 2030-12-31T12:59:59Z", + 1 + ], + [ + "valid_date($1) <- time($0), resource($1), $0 <= 1999-12-31T12:59:59Z, ![\"file1\"].contains($1)", + 1 + ] ], - "checks": ["check if valid_date($0), resource($0)"], - "policies": ["allow if true"] + "checks": [ + "check if valid_date($0), resource($0)" + ], + "policies": [ + "allow if true" + ] }, "result": { "Ok": 0 }, "authorizer_code": "resource(\"file1\");\ntime(2020-12-21T09:23:12Z);\n\nallow if true;\n", "revocation_ids": [ - "d251352efd4e4c72e8a1609fce002f558f1a0bb5e36cd3d8b3a6c6599e3960880f21bea6fe1857f4ecbc2c399dd77829b154e75f1323e9dec413aad70f97650d", - "9de4f51e6019540598a957515dad52f5403e5c6cd8d2adbca1bff42a4fbc0eb8c6adab499da2fe894a8a9c9c581276bfb0fdc3d35ab2ff9f920a2c4690739903" + "c46d071ff3f33434223c8305fdad529f62bf78bb5d9cbfc2a345d4bca6bf314014840e18ba353f86fdb9073d58b12b8c872ac1f8e593c2e9064b90f6c2ede006", + "a0c4c163a0b3ca406df4ece3d1371356190df04208eccef72f77e875ed0531b5d37e243d6f388b1967776a5dfd16ef228f19c5bdd6d2820f145c5ed3c3dcdc00" ] }, "file2": { "world": { "facts": [ - "resource(\"file2\")", - "right(\"file1\", \"read\")", - "right(\"file2\", \"read\")", - "time(2020-12-21T09:23:12Z)" + [ + "resource(\"file2\")", + [ + null + ] + ], + [ + "right(\"file1\", \"read\")", + [ + 0 + ] + ], + [ + "right(\"file2\", \"read\")", + [ + 0 + ] + ], + [ + "time(2020-12-21T09:23:12Z)", + [ + null + ] + ] ], "rules": [ - "valid_date(\"file1\") <- time($0), resource(\"file1\"), $0 <= 2030-12-31T12:59:59Z", - "valid_date($1) <- time($0), resource($1), $0 <= 1999-12-31T12:59:59Z, ![\"file1\"].contains($1)" + [ + "valid_date(\"file1\") <- time($0), resource(\"file1\"), $0 <= 2030-12-31T12:59:59Z", + 1 + ], + [ + "valid_date($1) <- time($0), resource($1), $0 <= 1999-12-31T12:59:59Z, ![\"file1\"].contains($1)", + 1 + ] + ], + "checks": [ + "check if valid_date($0), resource($0)" ], - "checks": ["check if valid_date($0), resource($0)"], - "policies": ["allow if true"] + "policies": [ + "allow if true" + ] }, "result": { "Err": { @@ -680,8 +975,8 @@ }, "authorizer_code": "resource(\"file2\");\ntime(2020-12-21T09:23:12Z);\n\nallow if true;\n", "revocation_ids": [ - "d251352efd4e4c72e8a1609fce002f558f1a0bb5e36cd3d8b3a6c6599e3960880f21bea6fe1857f4ecbc2c399dd77829b154e75f1323e9dec413aad70f97650d", - "9de4f51e6019540598a957515dad52f5403e5c6cd8d2adbca1bff42a4fbc0eb8c6adab499da2fe894a8a9c9c581276bfb0fdc3d35ab2ff9f920a2c4690739903" + "c46d071ff3f33434223c8305fdad529f62bf78bb5d9cbfc2a345d4bca6bf314014840e18ba353f86fdb9073d58b12b8c872ac1f8e593c2e9064b90f6c2ede006", + "a0c4c163a0b3ca406df4ece3d1371356190df04208eccef72f77e875ed0531b5d37e243d6f388b1967776a5dfd16ef228f19c5bdd6d2820f145c5ed3c3dcdc00" ] } } @@ -691,7 +986,10 @@ "filename": "test014_regex_constraint.bc", "token": [ { - "symbols": ["0", "file[0-9]+.txt"], + "symbols": [ + "0", + "file[0-9]+.txt" + ], "public_keys": [], "external_key": null, "code": "check if resource($0), $0.matches(\"file[0-9]+.txt\");\n" @@ -700,10 +998,21 @@ "validations": { "file1": { "world": { - "facts": ["resource(\"file1\")"], + "facts": [ + [ + "resource(\"file1\")", + [ + null + ] + ] + ], "rules": [], - "checks": ["check if resource($0), $0.matches(\"file[0-9]+.txt\")"], - "policies": ["allow if true"] + "checks": [ + "check if resource($0), $0.matches(\"file[0-9]+.txt\")" + ], + "policies": [ + "allow if true" + ] }, "result": { "Err": { @@ -727,22 +1036,33 @@ }, "authorizer_code": "resource(\"file1\");\n\nallow if true;\n", "revocation_ids": [ - "1c158e1e12c8670d3f4411597276fe1caab17b7728adb7f7e9c44eeec3e3d85676e6ebe2d28c287e285a45912386cfa53e1752997630bd7a4ca6c2cd9f143500" + "da42718ad2631c12d3a44b7710dcc76c6c7809c6bc3a2d7eb0378c4154eae10e0884a8d54a2cd25ca3dfe01091d816ebbb9d246227baf7a359a787cb2344ad07" ] }, "file123": { "world": { - "facts": ["resource(\"file123.txt\")"], + "facts": [ + [ + "resource(\"file123.txt\")", + [ + null + ] + ] + ], "rules": [], - "checks": ["check if resource($0), $0.matches(\"file[0-9]+.txt\")"], - "policies": ["allow if true"] + "checks": [ + "check if resource($0), $0.matches(\"file[0-9]+.txt\")" + ], + "policies": [ + "allow if true" + ] }, "result": { "Ok": 0 }, "authorizer_code": "resource(\"file123.txt\");\n\nallow if true;\n", "revocation_ids": [ - "1c158e1e12c8670d3f4411597276fe1caab17b7728adb7f7e9c44eeec3e3d85676e6ebe2d28c287e285a45912386cfa53e1752997630bd7a4ca6c2cd9f143500" + "da42718ad2631c12d3a44b7710dcc76c6c7809c6bc3a2d7eb0378c4154eae10e0884a8d54a2cd25ca3dfe01091d816ebbb9d246227baf7a359a787cb2344ad07" ] } } @@ -752,7 +1072,10 @@ "filename": "test015_multi_queries_caveats.bc", "token": [ { - "symbols": ["must_be_present", "hello"], + "symbols": [ + "must_be_present", + "hello" + ], "public_keys": [], "external_key": null, "code": "must_be_present(\"hello\");\n" @@ -761,17 +1084,28 @@ "validations": { "": { "world": { - "facts": ["must_be_present(\"hello\")"], + "facts": [ + [ + "must_be_present(\"hello\")", + [ + 0 + ] + ] + ], "rules": [], - "checks": ["check if must_be_present($0) or must_be_present($0)"], - "policies": ["allow if true"] + "checks": [ + "check if must_be_present($0) or must_be_present($0)" + ], + "policies": [ + "allow if true" + ] }, "result": { "Ok": 0 }, "authorizer_code": "check if must_be_present($0) or must_be_present($0);\n\nallow if true;\n", "revocation_ids": [ - "d3eee8a74eacec9c51d4d1eb29b479727dfaafa9df7d4c651d07c493c56f3a5f037a51139ebd036f50d1159d12bccec3e377bbd32db90a39dd52c4776757ad0b" + "b0d466d31e015fa85a075fa875f7e1c9017edd503fee9f62a5f033e1fcfa811074b6e39dfe5af2f452043db97a3f98650592a370f5685b62c5d6abf9dd10b603" ] } } @@ -781,13 +1115,17 @@ "filename": "test016_caveat_head_name.bc", "token": [ { - "symbols": ["hello"], + "symbols": [ + "hello" + ], "public_keys": [], "external_key": null, "code": "check if resource(\"hello\");\n" }, { - "symbols": ["test"], + "symbols": [ + "test" + ], "public_keys": [], "external_key": null, "code": "query(\"test\");\n" @@ -796,10 +1134,21 @@ "validations": { "": { "world": { - "facts": ["query(\"test\")"], + "facts": [ + [ + "query(\"test\")", + [ + 1 + ] + ] + ], "rules": [], - "checks": ["check if resource(\"hello\")"], - "policies": ["allow if true"] + "checks": [ + "check if resource(\"hello\")" + ], + "policies": [ + "allow if true" + ] }, "result": { "Err": { @@ -823,8 +1172,8 @@ }, "authorizer_code": "allow if true;\n", "revocation_ids": [ - "e79679e019f1d7d3a9f9a309673aceadc7b2b2d67c0df3e7a1dccec25218e9b5935b9c8f8249243446406e3cdd86c1b35601a21cf1b119df48ca5e897cc6cd0d", - "2042ea2dca41ba3eb31196f49b211e615dcba46067be126e6035b8549bb57cdfeb24d07f2b44241bc0f70cc8ddc31e30772116d785b82bc91be8440dfdab500f" + "ce6f804f4390e693a8853d9a4a10bd4f3c94b86b7c6d671993a6e19346bc4d20bbb52cc945e5d0d02e4e75fa5da2caa99764050190353564a0a0b4b276809402", + "916d566cc724e0773046fc5266e9d0d804311435b8d6955b332f823ab296be9a78dfea190447732ac9f6217234cf5726becf88f65169c6de56a766af55451b0f" ] } } @@ -845,13 +1194,12 @@ "b", "de", "abcD12", - "abcD12x", "abc", "def" ], "public_keys": [], "external_key": null, - "code": "check if true;\ncheck if !false;\ncheck if !false && true;\ncheck if false or true;\ncheck if (true || false) && true;\ncheck if 1 < 2;\ncheck if 2 > 1;\ncheck if 1 <= 2;\ncheck if 1 <= 1;\ncheck if 2 >= 1;\ncheck if 2 >= 2;\ncheck if 3 == 3;\ncheck if 1 != 3;\ncheck if 1 + 2 * 3 - 4 / 2 == 5;\ncheck if 1 | 2 ^ 3 == 0;\ncheck if \"hello world\".starts_with(\"hello\") && \"hello world\".ends_with(\"world\");\ncheck if \"aaabde\".matches(\"a*c?.e\");\ncheck if \"aaabde\".contains(\"abd\");\ncheck if \"aaabde\" == \"aaa\" + \"b\" + \"de\";\ncheck if \"abcD12\" == \"abcD12\";\ncheck if \"abcD12x\" != \"abcD12\";\ncheck if 2019-12-04T09:46:41Z < 2020-12-04T09:46:41Z;\ncheck if 2020-12-04T09:46:41Z > 2019-12-04T09:46:41Z;\ncheck if 2019-12-04T09:46:41Z <= 2020-12-04T09:46:41Z;\ncheck if 2020-12-04T09:46:41Z >= 2020-12-04T09:46:41Z;\ncheck if 2020-12-04T09:46:41Z >= 2019-12-04T09:46:41Z;\ncheck if 2020-12-04T09:46:41Z >= 2020-12-04T09:46:41Z;\ncheck if 2020-12-04T09:46:41Z == 2020-12-04T09:46:41Z;\ncheck if 2022-12-04T09:46:41Z != 2020-12-04T09:46:41Z;\ncheck if hex:12ab == hex:12ab;\ncheck if hex:12abcd != hex:12ab;\ncheck if [1, 2].contains(2);\ncheck if [2019-12-04T09:46:41Z, 2020-12-04T09:46:41Z].contains(2020-12-04T09:46:41Z);\ncheck if [false, true].contains(true);\ncheck if [\"abc\", \"def\"].contains(\"abc\");\ncheck if [hex:12ab, hex:34de].contains(hex:34de);\ncheck if [1, 2] == [1, 2];\ncheck if [1, 4] != [1, 2];\n" + "code": "check if true;\ncheck if !false;\ncheck if !false && true;\ncheck if false || true;\ncheck if (true || false) && true;\ncheck if true == true;\ncheck if false == false;\ncheck if 1 < 2;\ncheck if 2 > 1;\ncheck if 1 <= 2;\ncheck if 1 <= 1;\ncheck if 2 >= 1;\ncheck if 2 >= 2;\ncheck if 3 == 3;\ncheck if 1 + 2 * 3 - 4 / 2 == 5;\ncheck if \"hello world\".starts_with(\"hello\") && \"hello world\".ends_with(\"world\");\ncheck if \"aaabde\".matches(\"a*c?.e\");\ncheck if \"aaabde\".contains(\"abd\");\ncheck if \"aaabde\" == \"aaa\" + \"b\" + \"de\";\ncheck if \"abcD12\" == \"abcD12\";\ncheck if 2019-12-04T09:46:41Z < 2020-12-04T09:46:41Z;\ncheck if 2020-12-04T09:46:41Z > 2019-12-04T09:46:41Z;\ncheck if 2019-12-04T09:46:41Z <= 2020-12-04T09:46:41Z;\ncheck if 2020-12-04T09:46:41Z >= 2020-12-04T09:46:41Z;\ncheck if 2020-12-04T09:46:41Z >= 2019-12-04T09:46:41Z;\ncheck if 2020-12-04T09:46:41Z >= 2020-12-04T09:46:41Z;\ncheck if 2020-12-04T09:46:41Z == 2020-12-04T09:46:41Z;\ncheck if hex:12ab == hex:12ab;\ncheck if [1, 2].contains(2);\ncheck if [2019-12-04T09:46:41Z, 2020-12-04T09:46:41Z].contains(2020-12-04T09:46:41Z);\ncheck if [false, true].contains(true);\ncheck if [\"abc\", \"def\"].contains(\"abc\");\ncheck if [hex:12ab, hex:34de].contains(hex:34de);\ncheck if [1, 2].contains([2]);\ncheck if [1, 2] == [1, 2];\ncheck if [1, 2].intersection([2, 3]) == [2];\ncheck if [1, 2].union([2, 3]) == [1, 2, 3];\ncheck if [1, 2, 3].intersection([1, 2]).contains(1);\ncheck if [1, 2, 3].intersection([1, 2]).length() == 2;\n" } ], "validations": { @@ -866,15 +1214,12 @@ "check if \"aaabde\".contains(\"abd\")", "check if \"aaabde\".matches(\"a*c?.e\")", "check if \"abcD12\" == \"abcD12\"", - "check if \"abcD12x\" != \"abcD12\"", "check if \"hello world\".starts_with(\"hello\") && \"hello world\".ends_with(\"world\")", "check if (true || false) && true", - "check if 1 != 3", "check if 1 + 2 * 3 - 4 / 2 == 5", "check if 1 < 2", "check if 1 <= 1", "check if 1 <= 2", - "check if 1 | 2 ^ 3 == 0", "check if 2 > 1", "check if 2 >= 1", "check if 2 >= 2", @@ -884,28 +1229,34 @@ "check if 2020-12-04T09:46:41Z > 2019-12-04T09:46:41Z", "check if 2020-12-04T09:46:41Z >= 2019-12-04T09:46:41Z", "check if 2020-12-04T09:46:41Z >= 2020-12-04T09:46:41Z", - "check if 2022-12-04T09:46:41Z != 2020-12-04T09:46:41Z", "check if 3 == 3", "check if [\"abc\", \"def\"].contains(\"abc\")", + "check if [1, 2, 3].intersection([1, 2]).contains(1)", + "check if [1, 2, 3].intersection([1, 2]).length() == 2", "check if [1, 2] == [1, 2]", "check if [1, 2].contains(2)", - "check if [1, 4] != [1, 2]", + "check if [1, 2].contains([2])", + "check if [1, 2].intersection([2, 3]) == [2]", + "check if [1, 2].union([2, 3]) == [1, 2, 3]", "check if [2019-12-04T09:46:41Z, 2020-12-04T09:46:41Z].contains(2020-12-04T09:46:41Z)", "check if [false, true].contains(true)", "check if [hex:12ab, hex:34de].contains(hex:34de)", - "check if false or true", + "check if false == false", + "check if false || true", "check if hex:12ab == hex:12ab", - "check if hex:12abcd != hex:12ab", - "check if true" + "check if true", + "check if true == true" ], - "policies": ["allow if true"] + "policies": [ + "allow if true" + ] }, "result": { "Ok": 0 }, "authorizer_code": "allow if true;\n", "revocation_ids": [ - "3e51db5f0453929a596485b59e89bf628a301a33d476132c48a1c0a208805809f15bdf99593733c1b5f30e8c1f473ee2f78042f81fd0557081bafb5370e65d0c" + "f61b4cb4fc58777fec6c8d39fe62259dc3c78511868236c391e9f67ffd03a3a8b8e3042d4bacce0d5756d053f5afccd4c5e4df0597af44b36bdfab492e5fe50e" ] } } @@ -921,7 +1272,11 @@ "code": "check if operation(\"read\");\n" }, { - "symbols": ["unbound", "any1", "any2"], + "symbols": [ + "unbound", + "any1", + "any2" + ], "public_keys": [], "external_key": null, "code": "operation($unbound, \"read\") <- operation($any1, $any2);\n" @@ -942,8 +1297,8 @@ }, "authorizer_code": "", "revocation_ids": [ - "c536d07f08f6f73da69a2f49310045168e059b8c07e3ddf25afd524df358a0397744b31a139eced043cb5f7a29dacbe3a510ce449fc792e53623186767cefc0c", - "8588c74c3701e8d4be770769b4e1054dbb5ea5f231a89d205000802b8718859ea1d596af207a41b1b0f7d05959180c227ea8954e903f13ade3ce3384d1e6a70a" + "a44210c6a01e55eadefc7d8540c2e6eff80ab6eeedde4751de734f9d780435780680d3f42d826b7e0f0dcf4a5ba303fd4c116984bb30978813d46ed867924307", + "b0a33e3f4cd0994c0766c196c4d11c15e5a0f9bfba79a3a2b35ddd04ddb890282a7c63336ada5c680b9f9c940c1fa7127d2699754cbc77c21e1a2d85c5ef700c" ] } } @@ -959,7 +1314,9 @@ "code": "check if operation(\"read\");\n" }, { - "symbols": ["any"], + "symbols": [ + "any" + ], "public_keys": [], "external_key": null, "code": "operation(\"read\") <- operation($any);\n" @@ -968,10 +1325,33 @@ "validations": { "": { "world": { - "facts": ["operation(\"read\")", "operation(\"write\")"], - "rules": ["operation(\"read\") <- operation($any)"], - "checks": ["check if operation(\"read\")"], - "policies": ["allow if true"] + "facts": [ + [ + "operation(\"read\")", + [ + null, + 1 + ] + ], + [ + "operation(\"write\")", + [ + null + ] + ] + ], + "rules": [ + [ + "operation(\"read\") <- operation($any)", + 1 + ] + ], + "checks": [ + "check if operation(\"read\")" + ], + "policies": [ + "allow if true" + ] }, "result": { "Err": { @@ -995,8 +1375,8 @@ }, "authorizer_code": "operation(\"write\");\n\nallow if true;\n", "revocation_ids": [ - "4819e7360fdb840e54e94afcbc110e9b0652894dba2b8bf3b8b8f2254aaf00272bba7eb603c153c7e50cca0e5bb8e20449d70a1b24e7192e902c64f94848a703", - "4a4c59354354d2f91b3a2d1e7afa2c5eeaf8be9f7b163c6b9091817551cc8661f0f3e0523b525ef9a5e597c0dd1f32e09e97ace531c150dba335bb3e1d329d00" + "a44210c6a01e55eadefc7d8540c2e6eff80ab6eeedde4751de734f9d780435780680d3f42d826b7e0f0dcf4a5ba303fd4c116984bb30978813d46ed867924307", + "d3f8822a9b9bc0ee3933283c493ca9e711be5dd8339b5fe2eba1de3805aad4e84d3e2fb4affb4a743f1289915c167582b9425343635e45b70573ea1ee7a1ea03" ] } } @@ -1006,13 +1386,18 @@ "filename": "test020_sealed.bc", "token": [ { - "symbols": ["file1", "file2"], + "symbols": [ + "file1", + "file2" + ], "public_keys": [], "external_key": null, "code": "right(\"file1\", \"read\");\nright(\"file2\", \"read\");\nright(\"file1\", \"write\");\n" }, { - "symbols": ["0"], + "symbols": [ + "0" + ], "public_keys": [], "external_key": null, "code": "check if resource($0), operation(\"read\"), right($0, \"read\");\n" @@ -1022,25 +1407,52 @@ "": { "world": { "facts": [ - "operation(\"read\")", - "resource(\"file1\")", - "right(\"file1\", \"read\")", - "right(\"file1\", \"write\")", - "right(\"file2\", \"read\")" + [ + "operation(\"read\")", + [ + null + ] + ], + [ + "resource(\"file1\")", + [ + null + ] + ], + [ + "right(\"file1\", \"read\")", + [ + 0 + ] + ], + [ + "right(\"file1\", \"write\")", + [ + 0 + ] + ], + [ + "right(\"file2\", \"read\")", + [ + 0 + ] + ] ], "rules": [], "checks": [ "check if resource($0), operation(\"read\"), right($0, \"read\")" ], - "policies": ["allow if true"] + "policies": [ + "allow if true" + ] }, "result": { "Ok": 0 }, "authorizer_code": "resource(\"file1\");\noperation(\"read\");\n\nallow if true;\n", "revocation_ids": [ - "b279f8c6fee5ea3c3fcb5109d8c6b35ba3fecea64d83a4dc387102b9401633a1558ac6ac50ddd7fd9e9877f936f9f4064abd467faeca2bef3114b9695eb0580e", - "e1f0aca12704c1a3b9bb6292504ca6070462d9e043756dd209e625084e7d4053078bd4e55b6eebebbeb771d26d7794aa95f6b39ff949431548b32585a7379f0c" + "7595a112a1eb5b81a6e398852e6118b7f5b8cbbff452778e655100e5fb4faa8d3a2af52fe2c4f9524879605675fae26adbc4783e0cafc43522fa82385f396c03", + "45f4c14f9d9e8fa044d68be7a2ec8cddb835f575c7b913ec59bd636c70acae9a90db9064ba0b3084290ed0c422bbb7170092a884f5e0202b31e9235bbcc1650d" ] } } @@ -1050,7 +1462,10 @@ "filename": "test021_parsing.bc", "token": [ { - "symbols": ["ns::fact_123", "hello é\t😁"], + "symbols": [ + "ns::fact_123", + "hello é\t😁" + ], "public_keys": [], "external_key": null, "code": "ns::fact_123(\"hello é\t😁\");\n" @@ -1059,17 +1474,28 @@ "validations": { "": { "world": { - "facts": ["ns::fact_123(\"hello é\t😁\")"], + "facts": [ + [ + "ns::fact_123(\"hello é\t😁\")", + [ + 0 + ] + ] + ], "rules": [], - "checks": ["check if ns::fact_123(\"hello é\t😁\")"], - "policies": ["allow if true"] + "checks": [ + "check if ns::fact_123(\"hello é\t😁\")" + ], + "policies": [ + "allow if true" + ] }, "result": { "Ok": 0 }, "authorizer_code": "check if ns::fact_123(\"hello é\t😁\");\n\nallow if true;\n", "revocation_ids": [ - "4797a528328c8b5fb7939cc8956d8cda2513f552466eee501e26ea13a6cf6b4a381fd74ae547a9b50b627825142287d899b9d7bd1b5cfb18664a1be78320ea06" + "d4b2f417b6e906434fdf5058afcabfcb98d3628f814f1c9dd7e64250d9beec4465aff51bd0cb2e85d0e67dc9f613c2a42af6158c678bc6f8b4684cd3a2d0d302" ] } } @@ -1089,47 +1515,189 @@ "": { "world": { "facts": [ - "admin(13)", - "client(18)", - "client_ip(19)", - "cluster(23)", - "domain(20)", - "email(14)", - "group(15)", - "hostname(25)", - "ip_address(17)", - "member(16)", - "namespace(9)", - "node(24)", - "nonce(26)", - "operation(3)", - "owner(7)", - "path(21)", - "query(27)", - "read(0)", - "resource(2)", - "right(4)", - "role(6)", - "service(12)", - "team(11)", - "tenant(8)", - "time(5)", - "user(10)", - "version(22)", - "write(1)" + [ + "admin(13)", + [ + 0 + ] + ], + [ + "client(18)", + [ + 0 + ] + ], + [ + "client_ip(19)", + [ + 0 + ] + ], + [ + "cluster(23)", + [ + 0 + ] + ], + [ + "domain(20)", + [ + 0 + ] + ], + [ + "email(14)", + [ + 0 + ] + ], + [ + "group(15)", + [ + 0 + ] + ], + [ + "hostname(25)", + [ + 0 + ] + ], + [ + "ip_address(17)", + [ + 0 + ] + ], + [ + "member(16)", + [ + 0 + ] + ], + [ + "namespace(9)", + [ + 0 + ] + ], + [ + "node(24)", + [ + 0 + ] + ], + [ + "nonce(26)", + [ + 0 + ] + ], + [ + "operation(3)", + [ + 0 + ] + ], + [ + "owner(7)", + [ + 0 + ] + ], + [ + "path(21)", + [ + 0 + ] + ], + [ + "query(27)", + [ + 0 + ] + ], + [ + "read(0)", + [ + 0 + ] + ], + [ + "resource(2)", + [ + 0 + ] + ], + [ + "right(4)", + [ + 0 + ] + ], + [ + "role(6)", + [ + 0 + ] + ], + [ + "service(12)", + [ + 0 + ] + ], + [ + "team(11)", + [ + 0 + ] + ], + [ + "tenant(8)", + [ + 0 + ] + ], + [ + "time(5)", + [ + 0 + ] + ], + [ + "user(10)", + [ + 0 + ] + ], + [ + "version(22)", + [ + 0 + ] + ], + [ + "write(1)", + [ + 0 + ] + ] ], "rules": [], "checks": [ "check if read(0), write(1), resource(2), operation(3), right(4), time(5), role(6), owner(7), tenant(8), namespace(9), user(10), team(11), service(12), admin(13), email(14), group(15), member(16), ip_address(17), client(18), client_ip(19), domain(20), path(21), version(22), cluster(23), node(24), hostname(25), nonce(26), query(27)" ], - "policies": ["allow if true"] + "policies": [ + "allow if true" + ] }, "result": { "Ok": 0 }, "authorizer_code": "check if read(0), write(1), resource(2), operation(3), right(4), time(5), role(6), owner(7), tenant(8), namespace(9), user(10), team(11), service(12), admin(13), email(14), group(15), member(16), ip_address(17), client(18), client_ip(19), domain(20), path(21), version(22), cluster(23), node(24), hostname(25), nonce(26), query(27);\n\nallow if true;\n", "revocation_ids": [ - "38094260b324eff92db2ef79e715d88c18503c0dafa400bff900399f2ab0840cedc5ac25bdd3e97860b3f9e78ca5e0df67a113eb87be50265d49278efb13210f" + "75ce48d496fd28f99905901783a1ba46d7ff8d69f9d364d1546fd73006026eae51849ad1190a4ae521a0a1269f9c6951e226afba8fcd24fa50f679162439ae09" ] } } @@ -1139,19 +1707,25 @@ "filename": "test023_execution_scope.bc", "token": [ { - "symbols": ["authority_fact"], + "symbols": [ + "authority_fact" + ], "public_keys": [], "external_key": null, "code": "authority_fact(1);\n" }, { - "symbols": ["block1_fact"], + "symbols": [ + "block1_fact" + ], "public_keys": [], "external_key": null, "code": "block1_fact(1);\n" }, { - "symbols": ["var"], + "symbols": [ + "var" + ], "public_keys": [], "external_key": null, "code": "check if authority_fact($var);\ncheck if block1_fact($var);\n" @@ -1160,13 +1734,28 @@ "validations": { "": { "world": { - "facts": ["authority_fact(1)", "block1_fact(1)"], + "facts": [ + [ + "authority_fact(1)", + [ + 0 + ] + ], + [ + "block1_fact(1)", + [ + 1 + ] + ] + ], "rules": [], "checks": [ "check if authority_fact($var)", "check if block1_fact($var)" ], - "policies": ["allow if true"] + "policies": [ + "allow if true" + ] }, "result": { "Err": { @@ -1190,9 +1779,9 @@ }, "authorizer_code": "allow if true;\n", "revocation_ids": [ - "6a3606836bc63b858f96ce5000c9bead8eda139ab54679a2a8d7a9984c2e5d864b93280acc1b728bed0be42b5b1c3be10f48a13a4dbd05fd5763de5be3855108", - "5f1468fc60999f22c4f87fa088a83961188b4e654686c5b04bdc977b9ff4666d51a3d8be5594f4cef08054d100f31d1637b50bb394de7cccafc643c9b650390b", - "3eda05ddb65ee90d715cefc046837c01de944d8c4a7ff67e3d9a9d8470b5e214a20a8b9866bfe5e0d385e530b75ec8fcfde46b7dd6d4d6647d1e955c9d2fb90d" + "f9b49866caef5ece7be14ec5a9b36d98ca81d06b306eb0b4c57cd7436af176f40ee972f40903f87ec4460ab8b1adfcbfa9b19b20a6955a1e8dae7d88b2076005", + "889054b9119e4440e54da1b63266a98d0f6646cde195fef206efd8b133cfb2ee7be49b32a9a5925ece452e64f9e6f6d80dab422e916c599675dd68cdea053802", + "0a85ffbf27e08aa23665ba0d96a985b274d747556c9f016fd7f590c641ed0e4133291521aa442b320ee9ce80f5ad701b914a0c87b3dfa0cc92629dce94201806" ] } } @@ -1204,36 +1793,51 @@ { "symbols": [], "public_keys": [ - "ed25519/a424157b8c00c25214ea39894bf395650d88426147679a9dd43a64d65ae5bc25" + "ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189" ], "external_key": null, - "code": "right(\"read\");\ncheck if group(\"admin\") trusting ed25519/a424157b8c00c25214ea39894bf395650d88426147679a9dd43a64d65ae5bc25;\n" + "code": "right(\"read\");\ncheck if group(\"admin\") trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189;\n" }, { "symbols": [], "public_keys": [], - "external_key": "ed25519/a424157b8c00c25214ea39894bf395650d88426147679a9dd43a64d65ae5bc25", + "external_key": "ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189", "code": "group(\"admin\");\ncheck if right(\"read\");\n" } ], "validations": { "": { "world": { - "facts": ["group(\"admin\")", "right(\"read\")"], + "facts": [ + [ + "group(\"admin\")", + [ + 1 + ] + ], + [ + "right(\"read\")", + [ + 0 + ] + ] + ], "rules": [], "checks": [ - "check if group(\"admin\") trusting ed25519/a424157b8c00c25214ea39894bf395650d88426147679a9dd43a64d65ae5bc25", + "check if group(\"admin\") trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189", "check if right(\"read\")" ], - "policies": ["allow if true"] + "policies": [ + "allow if true" + ] }, "result": { "Ok": 0 }, "authorizer_code": "allow if true;\n", "revocation_ids": [ - "4f61f2f2f9cefdcad03a82803638e459bef70d6fd72dbdf2bdcab78fbd23f33146e4ff9700e23acb547b820b871fa9b9fd3bb6d7a1a755afce47e9907c65600c", - "683b23943b73f53f57f473571ba266f79f1fca0633be249bc135054371a11ffb101c57150ab2f1b9a6a160b45d09567a314b7dbc84224edf6188afd5b86d9305" + "470e4bf7aa2a01ab39c98150bd06aa15b4aa5d86509044a8809a8634cd8cf2b42269a51a774b65d10bac9369d013070b00187925196a8e680108473f11cf8f03", + "93a7315ab1272da9eeef015f6fecbc9ac96fe4660e6204bf64ea2105ebe309e9c9cadc0a26c5604f13910fae3f2cd0800756afb6b6b208bf77adeb1ab2f42405" ] } } @@ -1243,7 +1847,13 @@ "filename": "test025_check_all.bc", "token": [ { - "symbols": ["allowed_operations", "A", "B", "op", "allowed"], + "symbols": [ + "allowed_operations", + "A", + "B", + "op", + "allowed" + ], "public_keys": [], "external_key": null, "code": "allowed_operations([\"A\", \"B\"]);\ncheck all operation($op), allowed_operations($allowed), $allowed.contains($op);\n" @@ -1253,36 +1863,70 @@ "A, B": { "world": { "facts": [ - "allowed_operations([ \"A\", \"B\"])", - "operation(\"A\")", - "operation(\"B\")" + [ + "allowed_operations([\"A\", \"B\"])", + [ + 0 + ] + ], + [ + "operation(\"A\")", + [ + null + ] + ], + [ + "operation(\"B\")", + [ + null + ] + ] ], "rules": [], "checks": [ "check all operation($op), allowed_operations($allowed), $allowed.contains($op)" ], - "policies": ["allow if true"] + "policies": [ + "allow if true" + ] }, "result": { "Ok": 0 }, "authorizer_code": "operation(\"A\");\noperation(\"B\");\n\nallow if true;\n", "revocation_ids": [ - "b4ee591001e4068a7ee8efb7a0586c3ca3a785558f34d1fa8dbfa21b41ace70de0b670ac49222c7413066d0d83e6d9edee94fb0fda4b27ea11e837304dfb4b0b" + "c456817012e1d523c6d145b6d6a3475d9f7dd4383c535454ff3f745ecf4234984ce09b9dec0551f3d783abe850f826ce43b12f1fd91999a4753a56ecf4c56d0d" ] }, "A, invalid": { "world": { "facts": [ - "allowed_operations([ \"A\", \"B\"])", - "operation(\"A\")", - "operation(\"invalid\")" + [ + "allowed_operations([\"A\", \"B\"])", + [ + 0 + ] + ], + [ + "operation(\"A\")", + [ + null + ] + ], + [ + "operation(\"invalid\")", + [ + null + ] + ] ], "rules": [], "checks": [ "check all operation($op), allowed_operations($allowed), $allowed.contains($op)" ], - "policies": ["allow if true"] + "policies": [ + "allow if true" + ] }, "result": { "Err": { @@ -1306,7 +1950,7 @@ }, "authorizer_code": "operation(\"A\");\noperation(\"invalid\");\n\nallow if true;\n", "revocation_ids": [ - "b4ee591001e4068a7ee8efb7a0586c3ca3a785558f34d1fa8dbfa21b41ace70de0b670ac49222c7413066d0d83e6d9edee94fb0fda4b27ea11e837304dfb4b0b" + "c456817012e1d523c6d145b6d6a3475d9f7dd4383c535454ff3f745ecf4234984ce09b9dec0551f3d783abe850f826ce43b12f1fd91999a4753a56ecf4c56d0d" ] } } @@ -1318,65 +1962,99 @@ { "symbols": [], "public_keys": [ - "ed25519/3c8aeced6363b8a862552fb2b0b4b8b0f8244e8cef3c11c3e55fd553f3a90f59" + "ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189" ], "external_key": null, - "code": "query(0);\ncheck if true trusting previous, ed25519/3c8aeced6363b8a862552fb2b0b4b8b0f8244e8cef3c11c3e55fd553f3a90f59;\n" + "code": "query(0);\ncheck if true trusting previous, ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189;\n" }, { "symbols": [], "public_keys": [ - "ed25519/ecfb8ed11fd9e6be133ca4dd8d229d39c7dcb2d659704c39e82fd7acf0d12dee" + "ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463" ], - "external_key": "ed25519/3c8aeced6363b8a862552fb2b0b4b8b0f8244e8cef3c11c3e55fd553f3a90f59", - "code": "query(1);\nquery(1, 2) <- query(1), query(2) trusting ed25519/ecfb8ed11fd9e6be133ca4dd8d229d39c7dcb2d659704c39e82fd7acf0d12dee;\ncheck if query(2), query(3) trusting ed25519/ecfb8ed11fd9e6be133ca4dd8d229d39c7dcb2d659704c39e82fd7acf0d12dee;\ncheck if query(1) trusting ed25519/3c8aeced6363b8a862552fb2b0b4b8b0f8244e8cef3c11c3e55fd553f3a90f59;\n" + "external_key": "ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189", + "code": "query(1);\nquery(1, 2) <- query(1), query(2) trusting ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463;\ncheck if query(2), query(3) trusting ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463;\ncheck if query(1) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189;\n" }, { "symbols": [], "public_keys": [], - "external_key": "ed25519/ecfb8ed11fd9e6be133ca4dd8d229d39c7dcb2d659704c39e82fd7acf0d12dee", - "code": "query(2);\ncheck if query(2), query(3) trusting ed25519/ecfb8ed11fd9e6be133ca4dd8d229d39c7dcb2d659704c39e82fd7acf0d12dee;\ncheck if query(1) trusting ed25519/3c8aeced6363b8a862552fb2b0b4b8b0f8244e8cef3c11c3e55fd553f3a90f59;\n" + "external_key": "ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463", + "code": "query(2);\ncheck if query(2), query(3) trusting ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463;\ncheck if query(1) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189;\n" }, { "symbols": [], "public_keys": [], - "external_key": "ed25519/ecfb8ed11fd9e6be133ca4dd8d229d39c7dcb2d659704c39e82fd7acf0d12dee", - "code": "query(3);\ncheck if query(2), query(3) trusting ed25519/ecfb8ed11fd9e6be133ca4dd8d229d39c7dcb2d659704c39e82fd7acf0d12dee;\ncheck if query(1) trusting ed25519/3c8aeced6363b8a862552fb2b0b4b8b0f8244e8cef3c11c3e55fd553f3a90f59;\n" + "external_key": "ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463", + "code": "query(3);\ncheck if query(2), query(3) trusting ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463;\ncheck if query(1) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189;\n" }, { "symbols": [], "public_keys": [ - "ed25519/2e0118e63beb7731dab5119280ddb117234d0cdc41b7dd5dc4241bcbbb585d14" + "ed25519/f98da8c1cf907856431bfc3dc87531e0eaadba90f919edc232405b85877ef136" ], "external_key": null, - "code": "query(4);\ncheck if query(2) trusting ed25519/ecfb8ed11fd9e6be133ca4dd8d229d39c7dcb2d659704c39e82fd7acf0d12dee;\ncheck if query(4) trusting ed25519/2e0118e63beb7731dab5119280ddb117234d0cdc41b7dd5dc4241bcbbb585d14;\n" + "code": "query(4);\ncheck if query(2) trusting ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463;\ncheck if query(4) trusting ed25519/f98da8c1cf907856431bfc3dc87531e0eaadba90f919edc232405b85877ef136;\n" } ], "validations": { "": { "world": { "facts": [ - "query(0)", - "query(1)", - "query(1, 2)", - "query(2)", - "query(3)", - "query(4)" + [ + "query(0)", + [ + 0 + ] + ], + [ + "query(1)", + [ + 1 + ] + ], + [ + "query(1, 2)", + [ + 1, + 2 + ] + ], + [ + "query(2)", + [ + 2 + ] + ], + [ + "query(3)", + [ + 3 + ] + ], + [ + "query(4)", + [ + 4 + ] + ] ], "rules": [ - "query(1, 2) <- query(1), query(2) trusting ed25519/ecfb8ed11fd9e6be133ca4dd8d229d39c7dcb2d659704c39e82fd7acf0d12dee" + [ + "query(1, 2) <- query(1), query(2) trusting ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463", + 1 + ] ], "checks": [ - "check if query(1) trusting ed25519/3c8aeced6363b8a862552fb2b0b4b8b0f8244e8cef3c11c3e55fd553f3a90f59", - "check if query(1, 2) trusting ed25519/3c8aeced6363b8a862552fb2b0b4b8b0f8244e8cef3c11c3e55fd553f3a90f59, ed25519/ecfb8ed11fd9e6be133ca4dd8d229d39c7dcb2d659704c39e82fd7acf0d12dee", - "check if query(2) trusting ed25519/ecfb8ed11fd9e6be133ca4dd8d229d39c7dcb2d659704c39e82fd7acf0d12dee", - "check if query(2), query(3) trusting ed25519/ecfb8ed11fd9e6be133ca4dd8d229d39c7dcb2d659704c39e82fd7acf0d12dee", - "check if query(4) trusting ed25519/2e0118e63beb7731dab5119280ddb117234d0cdc41b7dd5dc4241bcbbb585d14", - "check if true trusting previous, ed25519/3c8aeced6363b8a862552fb2b0b4b8b0f8244e8cef3c11c3e55fd553f3a90f59" + "check if query(1) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189", + "check if query(1, 2) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189, ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463", + "check if query(2) trusting ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463", + "check if query(2), query(3) trusting ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463", + "check if query(4) trusting ed25519/f98da8c1cf907856431bfc3dc87531e0eaadba90f919edc232405b85877ef136", + "check if true trusting previous, ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189" ], "policies": [ "allow if true", - "deny if query(0) trusting ed25519/3c8aeced6363b8a862552fb2b0b4b8b0f8244e8cef3c11c3e55fd553f3a90f59", + "deny if query(0) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189", "deny if query(1, 2)", "deny if query(3)" ] @@ -1384,13 +2062,13 @@ "result": { "Ok": 3 }, - "authorizer_code": "check if query(1, 2) trusting ed25519/3c8aeced6363b8a862552fb2b0b4b8b0f8244e8cef3c11c3e55fd553f3a90f59, ed25519/ecfb8ed11fd9e6be133ca4dd8d229d39c7dcb2d659704c39e82fd7acf0d12dee;\n\ndeny if query(3);\ndeny if query(1, 2);\ndeny if query(0) trusting ed25519/3c8aeced6363b8a862552fb2b0b4b8b0f8244e8cef3c11c3e55fd553f3a90f59;\nallow if true;\n", + "authorizer_code": "check if query(1, 2) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189, ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463;\n\ndeny if query(3);\ndeny if query(1, 2);\ndeny if query(0) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189;\nallow if true;\n", "revocation_ids": [ - "bc144fef824b7ba4b266eac53e9b4f3f2d3cd443c6963833f2f8d4073bef9553f92034c2350fdd50966a9f0c09db35b142d61e0476b0133429885c787052060b", - "aba1631f8d0bea1c81447e73269f560973d03287c2b44325d1b42d10a496156dc8e78648b946bc7db7a3111d787a10c1a9da8d53fc066b1f207de7415a2e9b0b", - "539cff0f5c311dcac843a9e6c8bb445aff0d6510bfa9b17d5350747be92dc365217e89e1d733f3ead1ecc05f287f312c41831338708e788503b55517af3ad000", - "5b10f7a7b4487f4421cf7f7f6d00b24a7a71939037b65b2e44241909564082a3e1e70cf7d866eb96f0a5119b9ea395adb772faaa33252fa62a579eb15a108a0b", - "3905351588cdfc4433b510cc1ed9c11ca5c1a7bd7d9cef338bcd3f6d374c711f34edd83dd0d53c25b63bf05b49fc78addceb47905d5495580c2fd36c11bc1e0a" + "3771cefe71beb21ead35a59c8116ee82627a5717c0295f35980662abccb159fe1b37848cb1818e548656bd4fd882d0094a2daab631c76b2b72e3a093914bfe04", + "45133b90f228a81fe4d3042a79f6c6b7608e656e903d6b1f4db32cd774b09b8315af360879a5f210ad7be37ff55e3eb34f237bcc9711407b6329ac6018bfb400", + "179f054f3c572646aba5013159ae192ac42f5666dbdd984129955f4652b6829e59f54aa251e451f96329d42a2524ce569c3e1ec52e708b642dd8994af51dd703", + "edab54789d6656936fcd28200b9c61643434842d531f09f209fad555e11ff53174db174dafba126e6de448983a56f78d2042bc5782d71a45799c022fe69fb30d", + "6a62306831e9dbe83e7b33db96b758c77dd690930f2d2d87e239b210b1944c5582bf6d7e1bfea8e7f928c27f2fff0e2ee2e0adc41e11e0c3abe8d7b96b9ede07" ] } } @@ -1416,7 +2094,9 @@ "check if true || 10000000000 * 10000000000 != 0", "check if true || 9223372036854775807 + 1 != 0" ], - "policies": ["allow if true"] + "policies": [ + "allow if true" + ] }, "result": { "Err": { @@ -1425,7 +2105,48 @@ }, "authorizer_code": "allow if true;\n", "revocation_ids": [ - "70d8941198ab5daa445a11357994d93278876ee95b6500f4c4a265ad668a0111440942b762e02513e471d40265d586ea76209921068524f588dc46eb4260db07" + "3346a22aae0abfc1ffa526f02f7650e90af909e5e519989026441e78cdc245b7fd126503cfdc8831325fc04307edc65238db319724477915f7040a2f6a719a05" + ] + } + } + }, + { + "title": "test expression syntax and all available operations (v4 blocks)", + "filename": "test028_expressions_v4.bc", + "token": [ + { + "symbols": [ + "abcD12x", + "abcD12" + ], + "public_keys": [], + "external_key": null, + "code": "check if 1 != 3;\ncheck if 1 | 2 ^ 3 == 0;\ncheck if \"abcD12x\" != \"abcD12\";\ncheck if 2022-12-04T09:46:41Z != 2020-12-04T09:46:41Z;\ncheck if hex:12abcd != hex:12ab;\ncheck if [1, 4] != [1, 2];\n" + } + ], + "validations": { + "": { + "world": { + "facts": [], + "rules": [], + "checks": [ + "check if \"abcD12x\" != \"abcD12\"", + "check if 1 != 3", + "check if 1 | 2 ^ 3 == 0", + "check if 2022-12-04T09:46:41Z != 2020-12-04T09:46:41Z", + "check if [1, 4] != [1, 2]", + "check if hex:12abcd != hex:12ab" + ], + "policies": [ + "allow if true" + ] + }, + "result": { + "Ok": 0 + }, + "authorizer_code": "allow if true;\n", + "revocation_ids": [ + "117fa653744c859561555e6a6f5990e3a8e7817f91b87aa6991b6d64297158b4e884c92d10f49f74c96069df722aa676839b72751ca9d1fe83a7025b591de00b" ] } } diff --git a/biscuit-samples/src/samples/test001_basic.bc b/biscuit-samples/src/samples/test001_basic.bc index c28905d..f45e91b 100644 Binary files a/biscuit-samples/src/samples/test001_basic.bc and b/biscuit-samples/src/samples/test001_basic.bc differ diff --git a/biscuit-samples/src/samples/test002_different_root_key.bc b/biscuit-samples/src/samples/test002_different_root_key.bc index cf6d960..edf2dd7 100644 Binary files a/biscuit-samples/src/samples/test002_different_root_key.bc and b/biscuit-samples/src/samples/test002_different_root_key.bc differ diff --git a/biscuit-samples/src/samples/test003_invalid_signature_format.bc b/biscuit-samples/src/samples/test003_invalid_signature_format.bc index d8aff84..8c683a6 100644 Binary files a/biscuit-samples/src/samples/test003_invalid_signature_format.bc and b/biscuit-samples/src/samples/test003_invalid_signature_format.bc differ diff --git a/biscuit-samples/src/samples/test004_random_block.bc b/biscuit-samples/src/samples/test004_random_block.bc index bd0ba4a..e8882d3 100644 Binary files a/biscuit-samples/src/samples/test004_random_block.bc and b/biscuit-samples/src/samples/test004_random_block.bc differ diff --git a/biscuit-samples/src/samples/test005_invalid_signature.bc b/biscuit-samples/src/samples/test005_invalid_signature.bc index d8133b5..b33c6ab 100644 Binary files a/biscuit-samples/src/samples/test005_invalid_signature.bc and b/biscuit-samples/src/samples/test005_invalid_signature.bc differ diff --git a/biscuit-samples/src/samples/test006_reordered_blocks.bc b/biscuit-samples/src/samples/test006_reordered_blocks.bc index 20fc406..486981c 100644 Binary files a/biscuit-samples/src/samples/test006_reordered_blocks.bc and b/biscuit-samples/src/samples/test006_reordered_blocks.bc differ diff --git a/biscuit-samples/src/samples/test007_scoped_rules.bc b/biscuit-samples/src/samples/test007_scoped_rules.bc index 19d98ef..905f935 100644 Binary files a/biscuit-samples/src/samples/test007_scoped_rules.bc and b/biscuit-samples/src/samples/test007_scoped_rules.bc differ diff --git a/biscuit-samples/src/samples/test008_scoped_checks.bc b/biscuit-samples/src/samples/test008_scoped_checks.bc index ef87553..82e4527 100644 Binary files a/biscuit-samples/src/samples/test008_scoped_checks.bc and b/biscuit-samples/src/samples/test008_scoped_checks.bc differ diff --git a/biscuit-samples/src/samples/test009_expired_token.bc b/biscuit-samples/src/samples/test009_expired_token.bc index 599a420..1ae9e59 100644 Binary files a/biscuit-samples/src/samples/test009_expired_token.bc and b/biscuit-samples/src/samples/test009_expired_token.bc differ diff --git a/biscuit-samples/src/samples/test010_authorizer_scope.bc b/biscuit-samples/src/samples/test010_authorizer_scope.bc index e6664f2..b0188a7 100644 Binary files a/biscuit-samples/src/samples/test010_authorizer_scope.bc and b/biscuit-samples/src/samples/test010_authorizer_scope.bc differ diff --git a/biscuit-samples/src/samples/test011_authorizer_authority_caveats.bc b/biscuit-samples/src/samples/test011_authorizer_authority_caveats.bc index 46e1f8a..a368cf3 100644 Binary files a/biscuit-samples/src/samples/test011_authorizer_authority_caveats.bc and b/biscuit-samples/src/samples/test011_authorizer_authority_caveats.bc differ diff --git a/biscuit-samples/src/samples/test012_authority_caveats.bc b/biscuit-samples/src/samples/test012_authority_caveats.bc index 3a7c850..6d852ec 100644 Binary files a/biscuit-samples/src/samples/test012_authority_caveats.bc and b/biscuit-samples/src/samples/test012_authority_caveats.bc differ diff --git a/biscuit-samples/src/samples/test013_block_rules.bc b/biscuit-samples/src/samples/test013_block_rules.bc index cdf4957..149b4ee 100644 Binary files a/biscuit-samples/src/samples/test013_block_rules.bc and b/biscuit-samples/src/samples/test013_block_rules.bc differ diff --git a/biscuit-samples/src/samples/test014_regex_constraint.bc b/biscuit-samples/src/samples/test014_regex_constraint.bc index 92193c9..6c3c87e 100644 Binary files a/biscuit-samples/src/samples/test014_regex_constraint.bc and b/biscuit-samples/src/samples/test014_regex_constraint.bc differ diff --git a/biscuit-samples/src/samples/test015_multi_queries_caveats.bc b/biscuit-samples/src/samples/test015_multi_queries_caveats.bc index 55f5072..7c775b7 100644 Binary files a/biscuit-samples/src/samples/test015_multi_queries_caveats.bc and b/biscuit-samples/src/samples/test015_multi_queries_caveats.bc differ diff --git a/biscuit-samples/src/samples/test016_caveat_head_name.bc b/biscuit-samples/src/samples/test016_caveat_head_name.bc index 5923f40..c506641 100644 Binary files a/biscuit-samples/src/samples/test016_caveat_head_name.bc and b/biscuit-samples/src/samples/test016_caveat_head_name.bc differ diff --git a/biscuit-samples/src/samples/test017_expressions.bc b/biscuit-samples/src/samples/test017_expressions.bc index 8992f91..10f5024 100644 Binary files a/biscuit-samples/src/samples/test017_expressions.bc and b/biscuit-samples/src/samples/test017_expressions.bc differ diff --git a/biscuit-samples/src/samples/test018_unbound_variables_in_rule.bc b/biscuit-samples/src/samples/test018_unbound_variables_in_rule.bc index dc26cc7..3679959 100644 Binary files a/biscuit-samples/src/samples/test018_unbound_variables_in_rule.bc and b/biscuit-samples/src/samples/test018_unbound_variables_in_rule.bc differ diff --git a/biscuit-samples/src/samples/test019_generating_ambient_from_variables.bc b/biscuit-samples/src/samples/test019_generating_ambient_from_variables.bc index b31ab8e..f486a3c 100644 Binary files a/biscuit-samples/src/samples/test019_generating_ambient_from_variables.bc and b/biscuit-samples/src/samples/test019_generating_ambient_from_variables.bc differ diff --git a/biscuit-samples/src/samples/test020_sealed.bc b/biscuit-samples/src/samples/test020_sealed.bc index 04186fa..6ce2207 100644 Binary files a/biscuit-samples/src/samples/test020_sealed.bc and b/biscuit-samples/src/samples/test020_sealed.bc differ diff --git a/biscuit-samples/src/samples/test021_parsing.bc b/biscuit-samples/src/samples/test021_parsing.bc index 1d8de24..3f92636 100644 Binary files a/biscuit-samples/src/samples/test021_parsing.bc and b/biscuit-samples/src/samples/test021_parsing.bc differ diff --git a/biscuit-samples/src/samples/test022_default_symbols.bc b/biscuit-samples/src/samples/test022_default_symbols.bc index 7560afd..c12449d 100644 Binary files a/biscuit-samples/src/samples/test022_default_symbols.bc and b/biscuit-samples/src/samples/test022_default_symbols.bc differ diff --git a/biscuit-samples/src/samples/test023_execution_scope.bc b/biscuit-samples/src/samples/test023_execution_scope.bc index 24691b8..b10a686 100644 Binary files a/biscuit-samples/src/samples/test023_execution_scope.bc and b/biscuit-samples/src/samples/test023_execution_scope.bc differ diff --git a/biscuit-samples/src/samples/test024_third_party.bc b/biscuit-samples/src/samples/test024_third_party.bc index 78f1602..7bca415 100644 Binary files a/biscuit-samples/src/samples/test024_third_party.bc and b/biscuit-samples/src/samples/test024_third_party.bc differ diff --git a/biscuit-samples/src/samples/test025_check_all.bc b/biscuit-samples/src/samples/test025_check_all.bc index 6b76c3e..221df2c 100644 Binary files a/biscuit-samples/src/samples/test025_check_all.bc and b/biscuit-samples/src/samples/test025_check_all.bc differ diff --git a/biscuit-samples/src/samples/test026_public_keys_interning.bc b/biscuit-samples/src/samples/test026_public_keys_interning.bc index 0016c7a..49e417b 100644 Binary files a/biscuit-samples/src/samples/test026_public_keys_interning.bc and b/biscuit-samples/src/samples/test026_public_keys_interning.bc differ diff --git a/biscuit-samples/src/samples/test027_integer_wraparound.bc b/biscuit-samples/src/samples/test027_integer_wraparound.bc index fc3a585..50aa63b 100644 Binary files a/biscuit-samples/src/samples/test027_integer_wraparound.bc and b/biscuit-samples/src/samples/test027_integer_wraparound.bc differ diff --git a/biscuit-samples/src/samples/test028_expressions_v4.bc b/biscuit-samples/src/samples/test028_expressions_v4.bc new file mode 100644 index 0000000..c34d7a1 Binary files /dev/null and b/biscuit-samples/src/samples/test028_expressions_v4.bc differ