[Bug]Lack of type judgment on the input string, resulting in authentication failure

[zj611]

We found in testing that an input of unusual string type would cause the Enforce function to fail completely, as shown in the code block below. When calling the enforcer.Enforce function, an error of invalid policy size will be thrown, resulting in a failure to judge the permission.
//exception error: false invalid policy size: expected 3, got 1, pvals: [role::35046358490550272]

import (
    "fmt"
    "github.com/casbin/casbin/v2"
    redisAdapter "github.com/casbin/redis-adapter/v2"
    "testing"
)
func TestRedisAdapter(t *testing.T)  {

adapter := redisAdapter.NewAdapterWithPassword("tcp","localhost:6379","123")
enforcer, err := casbin.NewEnforcer("model.conf", adapter)
if err != nil{
	panic(err)
}
enforcer.EnableAutoSave(true)

// Load policy from redis
enforcer.LoadPolicy()


// normal case
_, _ = enforcer.AddNamedPolicy("p", []string{"sub1", "obj1", "on"})
fmt.Println(enforcer.Enforce("sub1", "obj1","on"))

// exception case with newline character
sub2 := `role::35046358490550272
expr 855534449 + 870448142`
//it can be successfully inserted into redis list
_, _ = enforcer.AddNamedPolicy("p", []string{sub2, "obj2", "on"})

fmt.Println(enforcer.Enforce("sub1", "obj1", "on"))
//exception error: false invalid policy size: expected 3, got 1, pvals: [role::35046358490550272]
}

model.conf

[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj, act

[role_definition]
g = _, _
g2 = _, _

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = g(r.sub, p.sub) && g2(r.obj, p.obj) && r.act == p.act

[casbin-bot]

@tangyang9464 @closetool @sagilio

[fabian4]

It works just fine as I run the same code you give up there. 😦
Could you give us more detail so that we can recreate the situation you met.
Thanks a lot !

[zj611]

You can run the above code repeatedly, and you will find that after inserting the sub2 string, the enforcer Enforce function completely failed. @fabian4

sub2 := `role::35046358490550272
 expr 855534449 + 870448142`

or

 sub2 := "role::35046358490550272 \n expr 855534449 + 870448142"

[fabian4]

@zj611 still nothing

[fabian4]

You may solve this by updating to latest release version of casbin

[zj611]

After initial communication with the author, I found that the problem was caused by casbin version. The current latest version v2.40.6 will not have above problem, but the version v2.37.4 does.

github.com/casbin/casbin/v2 v2.37.4
github.com/casbin/casbin/v2 v2.40.6

update:
Even if the casbin is updated to version v2.40.6, when passing the existing policy data to the Enforce function, it will return true and nil, while the nonexistent policy data will return false and error. Therefore, the version v2.40.6 still has this problem. Specifically, there is a problem with the redis adapter, it does not write or read the policy data correctly.

reference repo: https://github.com/zj611/casbin_demo.git