Skip to content

Commit

Permalink
[FAB-3215] fix panic in policy parser code
Browse files Browse the repository at this point in the history 
This change set ensures that bad input doesn't cause the policy parser code
to panic. Tests have also been added.

Change-Id: If844c3e5fd5a4945e4d47bc74030ca54d68219b8
Signed-off-by: Alessandro Sorniotti <ale.linux@sopit.net>
  • Loading branch information
@ale-linux
ale-linux committed Jun 1, 2017
1 parent fa63fb9 commit 11a4d0a
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 2 deletions.
29 changes: 27 additions & 2 deletions common/cauthdsl/policyparser.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ import (
)

var regex *regexp.Regexp = regexp.MustCompile("^([[:alnum:]]+)([.])(member|admin)$")
var regexErr *regexp.Regexp = regexp.MustCompile("^No parameter '([^']+)' found[.]$")

func and(args ...interface{}) (interface{}, error) {
toret := "outof(" + strconv.Itoa(len(args))
Expand Down Expand Up @@ -209,8 +210,16 @@ func FromString(policy string) (*common.SignaturePolicyEnvelope, error) {
return nil, err
}

intermediateRes, err := intermediate.Evaluate(nil)
intermediateRes, err := intermediate.Evaluate(map[string]interface{}{})
if err != nil {
// attempt to produce a meaningful error
if regexErr.MatchString(err.Error()) {
sm := regexErr.FindStringSubmatch(err.Error())
if len(sm) == 2 {
return nil, fmt.Errorf("unrecognized token '%s' in policy string", sm[1])
}
}

return nil, err
}

Expand All @@ -225,8 +234,16 @@ func FromString(policy string) (*common.SignaturePolicyEnvelope, error) {
return nil, err
}

res, err := exp.Evaluate(nil)
res, err := exp.Evaluate(map[string]interface{}{})
if err != nil {
// attempt to produce a meaningful error
if regexErr.MatchString(err.Error()) {
sm := regexErr.FindStringSubmatch(err.Error())
if len(sm) == 2 {
return nil, fmt.Errorf("unrecognized token '%s' in policy string", sm[1])
}
}

return nil, err
}

Expand All @@ -241,6 +258,14 @@ func FromString(policy string) (*common.SignaturePolicyEnvelope, error) {

res, err = exp.Evaluate(parameters)
if err != nil {
// attempt to produce a meaningful error
if regexErr.MatchString(err.Error()) {
sm := regexErr.FindStringSubmatch(err.Error())
if len(sm) == 2 {
return nil, fmt.Errorf("unrecognized token '%s' in policy string", sm[1])
}
}

return nil, err
}

Expand Down
7 changes: 7 additions & 0 deletions common/cauthdsl/policyparser_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,3 +129,10 @@ func TestComplex2(t *testing.T) {

assert.True(t, reflect.DeepEqual(p1, p2))
}

func TestBadStringsNoPanic(t *testing.T) {
_, err := FromString("OR('A.member', 'Bmember')")
assert.Error(t, err)
_, err = FromString("OR('A.member', Bmember)")
assert.Error(t, err)
}

0 comments on commit 11a4d0a

Please sign in to comment.