oso-oso 0.12.0 → 0.13.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +2 -2
- data/ext/oso-oso/lib/libpolar.dylib +0 -0
- data/ext/oso-oso/lib/libpolar.so +0 -0
- data/ext/oso-oso/lib/polar.dll +0 -0
- data/lib/oso/oso.rb +1 -4
- data/lib/oso/polar/polar.rb +4 -8
- data/lib/oso/polar/query.rb +52 -56
- data/lib/oso/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ffbf1065665531684ef3ae06cc1e1ccf71156926
|
4
|
+
data.tar.gz: 6d32e5b6fa9510b9cafe473dcc1c15b6565cf04a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 94046154aaab4d511f9f73fb8e9ccf6272afd0d7daa5a1fc675309ca54f8d859a04dd9287d71021e5bfc908a51cf85a11bb4de2ec00c6f0dd0509bc292841d8e
|
7
|
+
data.tar.gz: 06dca843a843d2686e8112cecd5a7ae85c24f4212323158786e6dc35d1d512144cd3e1e01b55e154cfcd880f9ba643bdd56b62f5013649b4eb1370fb84b5925c
|
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
oso-oso (0.
|
4
|
+
oso-oso (0.13.0)
|
5
5
|
ffi (~> 1.0)
|
6
6
|
|
7
7
|
GEM
|
@@ -14,7 +14,7 @@ GEM
|
|
14
14
|
coderay (1.1.3)
|
15
15
|
diff-lcs (1.4.4)
|
16
16
|
e2mmap (0.1.0)
|
17
|
-
ffi (1.15.
|
17
|
+
ffi (1.15.1)
|
18
18
|
jaro_winkler (1.5.4)
|
19
19
|
maruku (0.7.3)
|
20
20
|
method_source (1.0.0)
|
Binary file
|
data/ext/oso-oso/lib/libpolar.so
CHANGED
Binary file
|
data/ext/oso-oso/lib/polar.dll
CHANGED
Binary file
|
data/lib/oso/oso.rb
CHANGED
@@ -17,10 +17,7 @@ module Oso
|
|
17
17
|
# @param resource [Object] Object.
|
18
18
|
# @return [Boolean] An access control decision.
|
19
19
|
def allowed?(actor:, action:, resource:)
|
20
|
-
query_rule('allow', actor, action, resource).
|
21
|
-
true
|
22
|
-
rescue StopIteration
|
23
|
-
false
|
20
|
+
!query_rule('allow', actor, action, resource).first.nil?
|
24
21
|
end
|
25
22
|
end
|
26
23
|
end
|
data/lib/oso/polar/polar.rb
CHANGED
@@ -81,7 +81,7 @@ module Oso
|
|
81
81
|
# @raise [InlineQueryFailedError] on the first failed inline query.
|
82
82
|
# @raise [Error] if any of the FFI calls raise one.
|
83
83
|
# @return [self] for chaining.
|
84
|
-
def load_str(str, filename: nil)
|
84
|
+
def load_str(str, filename: nil)
|
85
85
|
raise NullByteInPolarFileError if str.chomp("\0").include?("\0")
|
86
86
|
|
87
87
|
ffi_polar.load(str, filename: filename)
|
@@ -89,11 +89,7 @@ module Oso
|
|
89
89
|
next_query = ffi_polar.next_inline_query
|
90
90
|
break if next_query.nil?
|
91
91
|
|
92
|
-
|
93
|
-
Query.new(next_query, host: host).results.next
|
94
|
-
rescue StopIteration
|
95
|
-
raise InlineQueryFailedError, next_query.source
|
96
|
-
end
|
92
|
+
raise InlineQueryFailedError, next_query.source if Query.new(next_query, host: host).first.nil?
|
97
93
|
end
|
98
94
|
self
|
99
95
|
end
|
@@ -118,7 +114,7 @@ module Oso
|
|
118
114
|
else
|
119
115
|
raise InvalidQueryTypeError
|
120
116
|
end
|
121
|
-
Query.new(ffi_query, host: new_host)
|
117
|
+
Query.new(ffi_query, host: new_host)
|
122
118
|
end
|
123
119
|
|
124
120
|
# Query for a rule.
|
@@ -214,7 +210,7 @@ module Oso
|
|
214
210
|
end
|
215
211
|
|
216
212
|
begin
|
217
|
-
results = Query.new(ffi_query, host: host).
|
213
|
+
results = Query.new(ffi_query, host: host).to_a
|
218
214
|
rescue PolarRuntimeError => e
|
219
215
|
print_error(e)
|
220
216
|
return
|
data/lib/oso/polar/query.rb
CHANGED
@@ -6,8 +6,7 @@ module Oso
|
|
6
6
|
module Polar
|
7
7
|
# A single Polar query.
|
8
8
|
class Query # rubocop:disable Metrics/ClassLength
|
9
|
-
|
10
|
-
attr_reader :results
|
9
|
+
include Enumerable
|
11
10
|
|
12
11
|
# @param ffi_query [FFI::Query]
|
13
12
|
# @param host [Oso::Polar::Host]
|
@@ -15,7 +14,6 @@ module Oso
|
|
15
14
|
@calls = {}
|
16
15
|
@ffi_query = ffi_query
|
17
16
|
@host = host
|
18
|
-
@results = start
|
19
17
|
end
|
20
18
|
|
21
19
|
private
|
@@ -120,61 +118,59 @@ module Oso
|
|
120
118
|
# @yieldparam [Hash<String, Object>]
|
121
119
|
# @return [Enumerator]
|
122
120
|
# @raise [Error] if any of the FFI calls raise one.
|
123
|
-
def
|
124
|
-
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
140
|
-
|
141
|
-
|
142
|
-
|
143
|
-
|
144
|
-
|
145
|
-
|
146
|
-
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
-
|
151
|
-
|
152
|
-
|
153
|
-
|
154
|
-
|
155
|
-
|
156
|
-
|
157
|
-
|
158
|
-
|
159
|
-
|
160
|
-
|
161
|
-
|
162
|
-
|
163
|
-
next
|
164
|
-
end
|
165
|
-
command = JSON.dump(host.to_polar(input))
|
166
|
-
ffi_query.debug_command(command)
|
167
|
-
when 'ExternalOp'
|
168
|
-
raise UnimplementedOperationError, 'comparison operators'
|
169
|
-
when 'NextExternal'
|
170
|
-
call_id = event.data['call_id']
|
171
|
-
iterable = event.data['iterable']
|
172
|
-
handle_next_external(call_id, iterable)
|
173
|
-
else
|
174
|
-
raise "Unhandled event: #{JSON.dump(event.inspect)}"
|
121
|
+
def each # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
|
122
|
+
loop do # rubocop:disable Metrics/BlockLength
|
123
|
+
event = ffi_query.next_event
|
124
|
+
case event.kind
|
125
|
+
when 'Done'
|
126
|
+
break
|
127
|
+
when 'Result'
|
128
|
+
yield event.data['bindings'].transform_values { |v| host.to_ruby(v) }
|
129
|
+
when 'MakeExternal'
|
130
|
+
handle_make_external(event.data)
|
131
|
+
when 'ExternalCall'
|
132
|
+
call_id = event.data['call_id']
|
133
|
+
instance = event.data['instance']
|
134
|
+
attribute = event.data['attribute']
|
135
|
+
args = event.data['args'] || []
|
136
|
+
kwargs = event.data['kwargs'] || {}
|
137
|
+
handle_call(attribute, call_id: call_id, instance: instance, args: args, kwargs: kwargs)
|
138
|
+
when 'ExternalIsSubSpecializer'
|
139
|
+
instance_id = event.data['instance_id']
|
140
|
+
left_tag = event.data['left_class_tag']
|
141
|
+
right_tag = event.data['right_class_tag']
|
142
|
+
answer = host.subspecializer?(instance_id, left_tag: left_tag, right_tag: right_tag)
|
143
|
+
question_result(answer, call_id: event.data['call_id'])
|
144
|
+
when 'ExternalIsa'
|
145
|
+
instance = event.data['instance']
|
146
|
+
class_tag = event.data['class_tag']
|
147
|
+
answer = host.isa?(instance, class_tag: class_tag)
|
148
|
+
question_result(answer, call_id: event.data['call_id'])
|
149
|
+
when 'ExternalUnify'
|
150
|
+
left_instance_id = event.data['left_instance_id']
|
151
|
+
right_instance_id = event.data['right_instance_id']
|
152
|
+
answer = host.unify?(left_instance_id, right_instance_id)
|
153
|
+
question_result(answer, call_id: event.data['call_id'])
|
154
|
+
when 'Debug'
|
155
|
+
puts event.data['message'] if event.data['message']
|
156
|
+
print 'debug> '
|
157
|
+
begin
|
158
|
+
input = $stdin.readline.chomp.chomp(';')
|
159
|
+
rescue EOFError
|
160
|
+
next
|
175
161
|
end
|
162
|
+
command = JSON.dump(host.to_polar(input))
|
163
|
+
ffi_query.debug_command(command)
|
164
|
+
when 'ExternalOp'
|
165
|
+
raise UnimplementedOperationError, 'comparison operators'
|
166
|
+
when 'NextExternal'
|
167
|
+
call_id = event.data['call_id']
|
168
|
+
iterable = event.data['iterable']
|
169
|
+
handle_next_external(call_id, iterable)
|
170
|
+
else
|
171
|
+
raise "Unhandled event: #{JSON.dump(event.inspect)}"
|
176
172
|
end
|
177
|
-
end
|
173
|
+
end
|
178
174
|
end
|
179
175
|
end
|
180
176
|
end
|
data/lib/oso/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: oso-oso
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.13.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Oso Security, Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-06-22 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: ffi
|