Commit 080f1aff authored by Daisuke IIZUKA's avatar Daisuke IIZUKA Committed by Gari Singh
Browse files

[FAB-11404] Fix panic on illegal policy str



Fix causing panic on calling FromString()
when parameter string is number, nested string of number,
such as "1", "'1'", "'\'1\''`.

Change-Id: Ibb71e413d881c15981ad7ef711bebfecd906040a
Signed-off-by: default avatarDaisuke IIZUKA <daisuke.iizuka.ag@hitachi.com>
parent 3e99d6e9
......@@ -272,6 +272,10 @@ func FromString(policy string) (*common.SignaturePolicyEnvelope, error) {
return nil, err
}
resStr, ok := intermediateRes.(string)
if !ok {
return nil, fmt.Errorf("invalid policy string '%s'", policy)
}
// we still need two passes. The first pass just adds an extra
// argument ID to each of the outof calls. This is
......@@ -279,7 +283,7 @@ func FromString(policy string) (*common.SignaturePolicyEnvelope, error) {
// to user-implemented functions other than via arguments.
// We need this argument because we need a global place where
// we put the identities that the policy requires
exp, err := govaluate.NewEvaluableExpressionWithFunctions(intermediateRes.(string), map[string]govaluate.ExpressionFunction{"outof": firstPass})
exp, err := govaluate.NewEvaluableExpressionWithFunctions(resStr, map[string]govaluate.ExpressionFunction{"outof": firstPass})
if err != nil {
return nil, err
}
......@@ -296,12 +300,16 @@ func FromString(policy string) (*common.SignaturePolicyEnvelope, error) {
return nil, err
}
resStr, ok = res.(string)
if !ok {
return nil, fmt.Errorf("invalid policy string '%s'", policy)
}
ctx := newContext()
parameters := make(map[string]interface{}, 1)
parameters["ID"] = ctx
exp, err = govaluate.NewEvaluableExpressionWithFunctions(res.(string), map[string]govaluate.ExpressionFunction{"outof": secondPass})
exp, err = govaluate.NewEvaluableExpressionWithFunctions(resStr, map[string]govaluate.ExpressionFunction{"outof": secondPass})
if err != nil {
return nil, err
}
......@@ -318,11 +326,15 @@ func FromString(policy string) (*common.SignaturePolicyEnvelope, error) {
return nil, err
}
rule, ok := res.(*common.SignaturePolicy)
if !ok {
return nil, fmt.Errorf("invalid policy string '%s'", policy)
}
p := &common.SignaturePolicyEnvelope{
Identities: ctx.principals,
Version: 0,
Rule: res.(*common.SignaturePolicy),
Rule: rule,
}
return p, nil
......
......@@ -233,3 +233,20 @@ func TestBadStringsNoPanic(t *testing.T) {
_, err = FromString("OR('A.member', Bmember)")
assert.Error(t, err)
}
func TestBadStringBeforeFAB11404_ThisCanDeleteAfterFAB11404HasMerged(t *testing.T) {
s1 := "1" // ineger in string
p1, err1 := FromString(s1)
assert.Nil(t, p1)
assert.EqualError(t, err1, `invalid policy string '1'`)
s2 := "'1'" // quoted ineger in string
p2, err2 := FromString(s2)
assert.Nil(t, p2)
assert.EqualError(t, err2, `invalid policy string ''1''`)
s3 := `'\'1\''` // nested quoted ineger in string
p3, err3 := FromString(s3)
assert.Nil(t, p3)
assert.EqualError(t, err3, `invalid policy string ''\'1\'''`)
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment