Fail fast when the number of request environments hits a limit (#613)

Signed-off-by: Shaobo He <[email protected]>

Author: shaobo-he-aws

cedar-drt/fuzz/fuzz_targets/validation-pbt.rs

@@ -82,6 +82,7 @@ const LOG_FILENAME_ERR_INCORRECT_FORMAT: &str = "./logs/err_incorrect_format.txt
 const LOG_FILENAME_ERR_OTHER: &str = "./logs/err_other.txt";
 const LOG_FILENAME_ENTITIES_ERROR: &str = "./logs/err_entities.txt";
 const LOG_FILENAME_SCHEMA_ERROR: &str = "./logs/err_schema.txt";
+const LOG_FILENAME_TOO_MANY_REQ_ENVS_ERROR: &str = "./logs/err_too_many_req_envs.txt";
 
 // In the below, "vyes" means the schema passed validation, while "vno" means we
 // got to the point of running the validator but validation failed
@@ -155,6 +156,9 @@ fn log_err<T>(res: Result<T>, doing_what: &str) -> Result<T> {
             Err(Error::OtherArbitrary(_)) => {
                 checkpoint(LOG_FILENAME_ERR_OTHER.to_string() + "_" + doing_what)
             }
+            Err(Error::TooManyReqEnvs(_)) => {
+                checkpoint(LOG_FILENAME_TOO_MANY_REQ_ENVS_ERROR.to_string() + "_" + doing_what)
+            }
             Ok(_) => (),
         }
     }

cedar-policy-generators/src/err.rs

@@ -76,6 +76,10 @@ pub enum Error {
     /// ourselves.
     #[error(transparent)]
     OtherArbitrary(arbitrary::Error),
+    /// Error thrown when the generator produces a schema that has too many
+    /// valid request environments
+    #[error("Too many request environments: {} vs upper bound {}", .0 , crate::schema::Schema::PER_ACTION_REQUEST_ENV_LIMIT)]
+    TooManyReqEnvs(usize),
 }
 
 /// Type alias for convenience
@@ -95,6 +99,7 @@ impl From<Error> for arbitrary::Error {
             Error::ContextError(_) => arbitrary::Error::IncorrectFormat,
             Error::SchemaError(_) => arbitrary::Error::IncorrectFormat,
             Error::OtherArbitrary(e) => e,
+            Error::TooManyReqEnvs(_) => arbitrary::Error::IncorrectFormat,
         }
     }
 }

cedar-policy-generators/src/schema.rs

@@ -951,6 +951,11 @@ impl Schema {
         }
     }
 
+    // An upper bound on the number of request environment a schema can produce
+    // See https://github.com/cedar-policy/cedar-spec/issues/610 for the
+    // motivation why we want this limit
+    pub(crate) const PER_ACTION_REQUEST_ENV_LIMIT: usize = 128;
+
     /// Get an arbitrary `Schema`.
     pub fn arbitrary(settings: ABACSettings, u: &mut Unstructured<'_>) -> Result<Schema> {
         let namespace = arbitrary_namespace(u)?;
@@ -1063,7 +1068,9 @@ impl Schema {
                                  u: &mut Unstructured<'_>|
          -> Result<Vec<ast::InternalName>> {
             // Pre-select the number of entity types (minimum 1), then randomly select that many indices
-            let num = u.int_in_range(1..=entity_types.len()).unwrap();
+            let num = u
+                .int_in_range(1..=(entity_types.len() % Self::PER_ACTION_REQUEST_ENV_LIMIT))
+                .unwrap();
             let mut indices: Vec<usize> = (0..entity_types.len()).collect();
             let mut selected_indices = Vec::with_capacity(num);
 
@@ -1108,6 +1115,13 @@ impl Schema {
                             } else {
                                 principal_and_resource_types_exist = true;
                             }
+                            let req_env_num =
+                                picked_principal_types.len() * picked_resource_types.len();
+                            // Fail fast if the number of request environment
+                            // number is too large
+                            if req_env_num > Self::PER_ACTION_REQUEST_ENV_LIMIT {
+                                return Err(Error::TooManyReqEnvs(req_env_num));
+                            }
                             Some(json_schema::ApplySpec {
                                 resource_types: picked_resource_types,
                                 principal_types: picked_principal_types,