Skip to content

Updates for cedar#725 #253

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Mar 14, 2024
Merged

Updates for cedar#725 #253

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
8aa6ea3
first pass
khieta Mar 14, 2024
c9488f9
updates
khieta Mar 14, 2024
bb47ca5
fix build
khieta Mar 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion cedar
Open in desktop
Submodule cedar updated 35 files
+0 −3 .github/PULL_REQUEST_TEMPLATE.md
+1 −1 NOTICE
+12 −0 cedar-policy-cli/CHANGELOG.md
+1 −1 cedar-policy-core/src/entities/json/entities.rs
+329 −2 cedar-policy-core/src/est.rs
+122 −46 cedar-policy-core/src/est/expr.rs
+1 −1 cedar-policy-core/src/parser/cst_to_ast.rs
+1 −1 cedar-policy-validator/src/human_schema/grammar.lalrpop
+10 −5 cedar-policy-validator/src/human_schema/parser.rs
+14 −0 cedar-policy-validator/src/human_schema/to_json_schema.rs
+8 −1 cedar-policy-validator/src/typecheck.rs
+154 −1 cedar-policy-validator/src/typecheck/test_namespace.rs
+95 −153 cedar-policy-validator/src/types.rs
+54 −18 cedar-policy/CHANGELOG.md
+152 −99 cedar-policy/src/api.rs
+4 −1 cedar-policy/src/frontend/is_authorized.rs
+40 −0 cedar-policy/src/tests.rs
+43 −13 cedar-testing/src/cedar_test_impl.rs
+9 −4 cedar-testing/src/integration_testing.rs
+3 −0 cedar-testing/tests/cedar-policy-cli/main.rs
+2 −2 cedar-testing/tests/cedar-policy/corpus_tests.rs
+1 −3 cedar-testing/tests/cedar-policy/decimal.rs
+1 −1 cedar-testing/tests/cedar-policy/example_use_cases.rs
+1 −4 cedar-testing/tests/cedar-policy/ip.rs
+28 −0 cedar-testing/tests/cedar-policy/main.rs
+1 −1 cedar-testing/tests/cedar-policy/multi.rs
+4 −0 cedar-wasm/.cargo/config.toml
+2 −0 cedar-wasm/CHANGELOG.md
+1 −5 cedar-wasm/Cargo.toml
+1 −0 cedar-wasm/build-wasm.sh
+1 −1 cedar-wasm/build.rs
+68 −0 cedar-wasm/src/formatter.rs
+7 −1 cedar-wasm/src/lib.rs
+68 −11 cedar-wasm/src/policies_and_templates.rs
+251 −0 cedar-wasm/src/schema_and_entities_and_context.rs
71 changes: 37 additions & 34 deletions cedar-drt/fuzz/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ use cedar_policy_core::extensions::Extensions;
pub use cedar_policy_validator::{ValidationErrorKind, ValidationMode, Validator, ValidatorSchema};
pub use cedar_testing::cedar_test_impl::{
time_function, CedarTestImplementation, ErrorComparisonMode, TestResult,
ValidationComparisonMode,
};
use libfuzzer_sys::arbitrary::{self, Unstructured};
use log::info;
Expand Down Expand Up @@ -193,37 +194,27 @@ pub fn run_val_test(

let definitional_res = custom_impl.validate(&schema, policies, mode);

// If `cedar-policy` does not return an error, then the spec should not return an error.
// This implies type soundness of the `cedar-policy` validator since type soundness of the
// spec is formally proven.
//
// In particular, we have proven that if the spec validator does not return an error (B),
// then there are no authorization-time errors modulo some restrictions (C). So (B) ==> (C).
// DRT checks that if the `cedar-policy` validator does not return an error (A), then neither
// does the spec validator (B). So (A) ==> (B). By transitivity then, (A) ==> (C).

if rust_res.validation_passed() {
match definitional_res {
TestResult::Failure(err) => {
// TODO(#175): For now, ignore cases where the Lean code returned an error due to
// an unknown extension function.
if !err.contains("jsonToExtFun: unknown extension function") {
panic!(
"Unexpected error\nPolicies:\n{}\nSchema:\n{:?}\nError: {err}",
&policies, schema
);
}
match definitional_res {
TestResult::Failure(err) => {
// TODO(#175): For now, ignore cases where the Lean code returned an error due to
// an unknown extension function.
if !err.contains("jsonToExtFun: unknown extension function") {
panic!(
"Unexpected error\nPolicies:\n{}\nSchema:\n{:?}\nError: {err}",
&policies, schema
);
}
TestResult::Success(definitional_res) => {
// Even if the Rust validator succeeds, the definitional validator may
// return "impossiblePolicy" due to greater precision. In this case, the
// input policy is well-typed, although it is guaranteed to always evaluate
// to false.
if definitional_res.errors == vec!["impossiblePolicy".to_string()] {
return;
}

// But the definitional validator should not return any other error.
}
TestResult::Success(definitional_res) => {
if rust_res.validation_passed() {
// If `cedar-policy` does not return an error, then the spec should not return an error.
// This implies type soundness of the `cedar-policy` validator since type soundness of the
// spec is formally proven.
//
// In particular, we have proven that if the spec validator does not return an error (B),
// then there are no authorization-time errors modulo some restrictions (C). So (B) ==> (C).
// DRT checks that if the `cedar-policy` validator does not return an error (A), then neither
// does the spec validator (B). So (A) ==> (B). By transitivity then, (A) ==> (C).
assert!(
definitional_res.validation_passed(),
"Mismatch for Policies:\n{}\nSchema:\n{:?}\ncedar-policy response: {:?}\nTest engine response: {:?}\n",
Expand All @@ -232,10 +223,22 @@ pub fn run_val_test(
rust_res,
definitional_res,
);

// TODO(#69): We currently don't check for a relationship between validation errors.
// E.g., the error reported by the definitional validator should be in the list
// of errors reported by the production validator, but we don't check this.
} else {
// If `cedar-policy` returns an error, then only check the spec response
// if the validation comparison mode is `AgreeOnAll`.
match custom_impl.validation_comparison_mode() {
ValidationComparisonMode::AgreeOnAll => {
assert!(
!definitional_res.validation_passed(),
"Mismatch for Policies:\n{}\nSchema:\n{:?}\ncedar-policy response: {:?}\nTest engine response: {:?}\n",
&policies,
schema,
rust_res,
definitional_res,
);
}
ValidationComparisonMode::AgreeOnValid => {} // ignore
};
}
}
}
Expand Down
17 changes: 16 additions & 1 deletion cedar-drt/src/lean_impl.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -333,10 +333,25 @@ impl CedarTestImplementation for LeanDefinitionalEngine {
ValidationMode::Strict,
"Lean definitional validator only supports `Strict` mode"
);
self.validate(schema, policies)
let result = self.validate(schema, policies);
result.map(|res| {
// `impossiblePolicy` is considered a warning rather than an error,
// so it's safe to drop here (although this means it can't be used
// for differential testing, see #254)
let errors = res
.errors
.into_iter()
.filter(|x| x != "impossiblePolicy")
.collect();
TestValidationResult { errors, ..res }
})
}

fn error_comparison_mode(&self) -> ErrorComparisonMode {
ErrorComparisonMode::PolicyIds
}

fn validation_comparison_mode(&self) -> ValidationComparisonMode {
ValidationComparisonMode::AgreeOnValid
}
}
4 changes: 1 addition & 3 deletions cedar-drt/tests/integration_tests.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,5 @@ fn run_corpus_tests(custom_impl: &impl CedarTestImplementation) {
fn integration_tests_on_def_impl() {
let lean_def_impl = LeanDefinitionalEngine::new();
run_integration_tests(&lean_def_impl);

// This test may fail due to differences in precision between the Rust & Lean validators (#226)
// run_corpus_tests(&lean_def_impl);
run_corpus_tests(&lean_def_impl);
}