You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There's really one unsafe reference here, which is that to x. The way we report this however is cascading — i.e. all references following the first failure are included as well:
3 errors occurred:
policy.rego:4: rego_unsafe_var_error: var my_string is unsafe
policy.rego:4: rego_unsafe_var_error: var x is unsafe
policy.rego:8: rego_unsafe_var_error: var substr is unsafe
That my_string and substr are unsafe is simply a consequence of x being so, and reporting that does not help with debugging — it rather makes it harder. We who have worked with Rego for a long time have just come to mentally filter these errors, but there's no reason we should. For anyone else, this likely contributes to a bad debugging experience.
(That the list of errors reported isn't ordered — and changes randomly at re-evaluation does nothing to help with this, but that's an issue that would fix itself by not reporting multiple unsafe vars in the first place.)
The text was updated successfully, but these errors were encountered:
The way we currently report
rego_unsafe_var_error
s is really confusing, and reasonably more so for people new to Rego. Given a policy like this:Rego Playground
There's really one unsafe reference here, which is that to
x
. The way we report this however is cascading — i.e. all references following the first failure are included as well:That
my_string
andsubstr
are unsafe is simply a consequence ofx
being so, and reporting that does not help with debugging — it rather makes it harder. We who have worked with Rego for a long time have just come to mentally filter these errors, but there's no reason we should. For anyone else, this likely contributes to a bad debugging experience.(That the list of errors reported isn't ordered — and changes randomly at re-evaluation does nothing to help with this, but that's an issue that would fix itself by not reporting multiple unsafe vars in the first place.)
The text was updated successfully, but these errors were encountered: