Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: detect free variables in rule expressions #179

Merged
merged 1 commit into from
May 24, 2024
Merged

feat: detect free variables in rule expressions #179

merged 1 commit into from
May 24, 2024

Conversation

divarvel
Copy link
Collaborator

@divarvel divarvel commented Aug 3, 2023

Free variables are already forbidden in rule heads, but not in rule expressions.

Open questions

The reported error span was the rule head when we were looking for free variables in the rule head. Now free variables can be found in the whole expression, so for now the whole expression is reported as the error span, which is not perfect.
The ideal solution would be to have multiple errors, one per free variable instance, with the span being only the variable itself. That may be hard to achieve, so maybe just being able to keep the expression span (or the rule head span) would be good, but that's still quite a bit of work.

I noticed a fair amount of duplication between the builder module in biscuit-parser and the one in biscuit-auth. For instance, validate_variables from biscuit-auth is not used anywhere, only the one from biscuit-parser. Could the biscuit-auth builder module be significantly reduced to use types and functions from biscuit-parser?

ToDo

  • checks
  • policies
  • queries

@Geal
Copy link
Contributor

Geal commented Aug 7, 2023

It would be nice to merge the implementations, but there might be issues with trait implementation? Maybe if keeping the trait implementations in biscuit-auth

@divarvel
Copy link
Collaborator Author

divarvel commented Aug 7, 2023 via email
edited
Loading

@divarvel
Copy link
Collaborator Author

divarvel commented Aug 8, 2023

Are you ok with the error span being on the whole rule instead of just the head for head variables? Also for checks & policies, it will require a bit of work to collect scope errors in all rule bodies without aborting on the first rule with free variables.

@divarvel divarvel marked this pull request as draft August 28, 2023 09:50
divarvel
divarvel commented Aug 29, 2023
View reviewed changes
biscuit-parser/src/builder.rs
@@ -328,33 +328,38 @@ impl Rule {
}

pub fn validate_variables(&self) -> Result<(), String> {
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this would need to return a 3-valued enum (Head, Body, Both) to signal where the free variables were found, in order to only return the relevant span in the parsing error.

divarvel added a commit that referenced this pull request May 24, 2024
@divarvel
fix: detect shadowed variables in closure parameters
ac30afa 
This only happens during evaluation. Earlier checks depend on changes from #179
@divarvel divarvel mentioned this pull request May 24, 2024
Merged
9 tasks
@divarvel
feat: detect free variables in rule expressions
b64cbab 
Free variables are already forbidden in rule heads, but not in rule expressions.
@divarvel divarvel marked this pull request as ready for review May 24, 2024 17:55
@Geal
Copy link
Contributor

Geal commented May 24, 2024

Are you ok with the error span being on the whole rule instead of just the head for head variables
yep, it's ok

@Geal Geal merged commit 79e3381 into main May 24, 2024
2 checks passed
@Geal Geal mentioned this pull request Jun 6, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Geal Geal Geal approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@divarvel @Geal