From d90accdad7cdf2adb9fd4e8a391ce6af48af77e6 Mon Sep 17 00:00:00 2001 From: Clement Delafargue Date: Tue, 5 Nov 2024 11:17:54 +0100 Subject: [PATCH] increase coverage of lenient equals / not equals --- biscuit-auth/examples/testcases.rs | 32 ++++--- biscuit-auth/samples/samples.json | 84 ++++++------------ .../samples/test031_heterogeneous_equal.bc | Bin 253 -> 748 bytes 3 files changed, 47 insertions(+), 69 deletions(-) diff --git a/biscuit-auth/examples/testcases.rs b/biscuit-auth/examples/testcases.rs index 554d7246..23258894 100644 --- a/biscuit-auth/examples/testcases.rs +++ b/biscuit-auth/examples/testcases.rs @@ -2043,8 +2043,24 @@ fn heterogeneous_equal(target: &str, root: &KeyPair, test: bool) -> TestResult { let biscuit = biscuit!( r#" - check if fact(1, $value), 1 == $value; - check if fact2(1, $value), 1 != $value; + check if true == true; + check if false != false; + check if 1 != true; + check if 1 == 1; + check if 1 != 3; + check if 1 != true; + check if "abcD12" == "abcD12"; + check if "abcD12x" != "abcD12"; + check if "abcD12x" != true; + check if 2022-12-04T09:46:41+00:00 == 2022-12-04T09:46:41+00:00; + check if 2022-12-04T09:46:41+00:00 != 2020-12-04T09:46:41+00:00; + check if 2022-12-04T09:46:41+00:00 != true; + check if hex:12abcd == hex:12abcd; + check if hex:12abcd != hex:12ab; + check if hex:12abcd != true; + check if {1, 2} == {1, 2}; + check if {1, 4} != {1, 2}; + check if {1, 4} != true; "# ) .build_with_rng(&root, SymbolTable::default(), &mut rng) @@ -2055,16 +2071,8 @@ fn heterogeneous_equal(target: &str, root: &KeyPair, test: bool) -> TestResult { let mut validations = BTreeMap::new(); validations.insert( - "authorized same type".to_string(), - validate_token(root, &data[..], "fact(1, 1); fact2(1, 2); allow if true"), - ); - validations.insert( - "unauthorized failed logic different type".to_string(), - validate_token( - root, - &data[..], - "fact(1, true); fact2(1, false); allow if true", - ), + "".to_string(), + validate_token(root, &data[..], "allow if true"), ); TestResult { diff --git a/biscuit-auth/samples/samples.json b/biscuit-auth/samples/samples.json index 02af8294..140d3d7c 100644 --- a/biscuit-auth/samples/samples.json +++ b/biscuit-auth/samples/samples.json @@ -2513,71 +2513,41 @@ "token": [ { "symbols": [ - "fact", - "value", - "fact2" + "abcD12", + "abcD12x" ], "public_keys": [], "external_key": null, - "code": "check if fact(1, $value), 1 == $value;\ncheck if fact2(1, $value), 1 != $value;\n" + "code": "check if true == true;\ncheck if false != false;\ncheck if 1 != true;\ncheck if 1 == 1;\ncheck if 1 != 3;\ncheck if 1 != true;\ncheck if \"abcD12\" == \"abcD12\";\ncheck if \"abcD12x\" != \"abcD12\";\ncheck if \"abcD12x\" != true;\ncheck if 2022-12-04T09:46:41Z == 2022-12-04T09:46:41Z;\ncheck if 2022-12-04T09:46:41Z != 2020-12-04T09:46:41Z;\ncheck if 2022-12-04T09:46:41Z != true;\ncheck if hex:12abcd == hex:12abcd;\ncheck if hex:12abcd != hex:12ab;\ncheck if hex:12abcd != true;\ncheck if {1, 2} == {1, 2};\ncheck if {1, 4} != {1, 2};\ncheck if {1, 4} != true;\n" } ], "validations": { - "authorized same type": { - "world": { - "facts": [ - { - "origin": [ - null - ], - "facts": [ - "fact(1, 1)", - "fact2(1, 2)" - ] - } - ], - "rules": [], - "checks": [ - { - "origin": 0, - "checks": [ - "check if fact(1, $value), 1 == $value", - "check if fact2(1, $value), 1 != $value" - ] - } - ], - "policies": [ - "allow if true" - ] - }, - "result": { - "Ok": 0 - }, - "authorizer_code": "fact(1, 1);\nfact2(1, 2);\n\nallow if true;\n", - "revocation_ids": [ - "d65b3aeceb6268124190f5eb87788a5eb81c89a3fc8370c9a3ea362731c55660b2b390ca6270e68afab90862bd2bbb808aa6b5576c975ae773a992a2434c930d" - ] - }, - "unauthorized failed logic different type": { + "": { "world": { - "facts": [ - { - "origin": [ - null - ], - "facts": [ - "fact(1, true)", - "fact2(1, false)" - ] - } - ], + "facts": [], "rules": [], "checks": [ { "origin": 0, "checks": [ - "check if fact(1, $value), 1 == $value", - "check if fact2(1, $value), 1 != $value" + "check if \"abcD12\" == \"abcD12\"", + "check if \"abcD12x\" != \"abcD12\"", + "check if \"abcD12x\" != true", + "check if 1 != 3", + "check if 1 != true", + "check if 1 != true", + "check if 1 == 1", + "check if 2022-12-04T09:46:41Z != 2020-12-04T09:46:41Z", + "check if 2022-12-04T09:46:41Z != true", + "check if 2022-12-04T09:46:41Z == 2022-12-04T09:46:41Z", + "check if false != false", + "check if hex:12abcd != hex:12ab", + "check if hex:12abcd != true", + "check if hex:12abcd == hex:12abcd", + "check if true == true", + "check if {1, 2} == {1, 2}", + "check if {1, 4} != true", + "check if {1, 4} != {1, 2}" ] } ], @@ -2596,8 +2566,8 @@ { "Block": { "block_id": 0, - "check_id": 0, - "rule": "check if fact(1, $value), 1 == $value" + "check_id": 1, + "rule": "check if false != false" } } ] @@ -2605,9 +2575,9 @@ } } }, - "authorizer_code": "fact(1, true);\nfact2(1, false);\n\nallow if true;\n", + "authorizer_code": "allow if true;\n", "revocation_ids": [ - "d65b3aeceb6268124190f5eb87788a5eb81c89a3fc8370c9a3ea362731c55660b2b390ca6270e68afab90862bd2bbb808aa6b5576c975ae773a992a2434c930d" + "4af245a2504ec00809bd0cd8d20ceaaac35f8ec5aaa8c7d3fd6652b126d2bf246d64fec8f0e65c409b196d4a60c9723dd4fbb3328988790e97fc4e08e9528208" ] } } diff --git a/biscuit-auth/samples/test031_heterogeneous_equal.bc b/biscuit-auth/samples/test031_heterogeneous_equal.bc index feb38732a79185bad7ddf3f375abfa33d4795d5e..8ca4ff20e3684c29cf2d6117eba3d745751c1f10 100644 GIT binary patch literal 748 zcmWeS%F1<%g^MjQDcQx)h>IOUS4glKNpVSVF>y#s330J-F&QwzNGT=`Q8YOQupE#C z%88-M2_WmkDhE=5X(mLU05cJ0%5X`6-6_Jw%Ec_vzyYHmrlQI=qR5IFNpnep^$LSE z0cD|H1$#t^O93n?#l^wJrqFnE;~X|57Q}d*YPwhaV}&|ij!On?ju^6TNRWc5*H5_ zmlX#W6EJw01enlx5WBFeWx=9W%n0FoWOG@NLs3YDgF#3^AoO^^#)Scq=IcexkE!i4 zN}d^Gyv#jf)%uO<(ab`RTBIDjKDjOm@H@c4xtHh0C7xHS4#)Q$UA5x)<-ch`8`UoD zSIJHJcjCjd7>C)Cxn2n;i)^p_-fYy_QOP&`j~~a&pe7C_pj&3XsOFm(5iIv^EAxL* YwLER*LyH2cg?r{o%WG|kxUZWC07XD~kpKVy delta 205 zcmaFE`j@d@=o%we4i`&WVsZ%=YguAWX(|^hh+`zdW~9lb&c(zbEyTmoz#+sWz$nDb z(a0es%*Db5 zWe7P=`1-oNqAPBPOy}Z1%>^eHzcN!dJQ|j;Y4e0rNd?cke(mH)+N-_0p=;UJ@SN#U S&x==1TIB3AnRoIDCKUi^s5!3y