oso-oso 0.6.0 → 0.8.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 70321ccb3dc8e6468b89109aa7d9bbb97868d1be
-  data.tar.gz: 8b7c1873eba4dae6d1150f8f91a74a3d5a72e51c
+  metadata.gz: 8d51e82a017eaa54ea9a33b9199461015e3eac36
+  data.tar.gz: 6903b31bf79562138d28d96c1c33d51270f65ba5
 SHA512:
-  metadata.gz: 639ea45ef8a86ebf97ae20ee1977499e18f04827b05d869369c7ec01792eb7a7747c6bae9f7d7789af4993a4b04edef5b375c9caa504c6e09afe701ed931874f
-  data.tar.gz: 7dc68ed639125472e808ff375059ceb6d70837fad20c05672a183452bef78eeee56dcc0dc58579d21536749bc8e2fbc2628baa349473984c824d23b38d1270f4
+  metadata.gz: 91cc12a5af5fc9b16492681e398b8d09d341ac4dd4af34ca0b216c774248024723844937b1c106e7aceba03dc574b6377530cb74f2e591c86cab62ae836538df
+  data.tar.gz: 1cd76a3ba326f3e505e956f22f41ae1a572bc995e990be19e294dae803bd0683f01b7d3589ca4a44923848deb150ccb401ee77bfaf99faacc6e9b032a61b0fe7

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    oso-oso (0.6.0)
+    oso-oso (0.8.2)
       ffi (~> 1.0)
 
 GEM

data/lib/oso/polar/errors.rb

@@ -32,13 +32,13 @@ module Oso
     # Errors originating from this side of the FFI boundary.
 
     class UnregisteredClassError < PolarRuntimeError; end
-    class MissingConstructorError < PolarRuntimeError; end
     class UnregisteredInstanceError < PolarRuntimeError; end
     class DuplicateInstanceRegistrationError < PolarRuntimeError; end
 
     # TODO: I think this should probably have some arguments to say what the call is
     class InvalidCallError < PolarRuntimeError; end
     class InvalidConstructorError < PolarRuntimeError; end
+    class InvalidIteratorError < PolarRuntimeError; end
     class InvalidQueryTypeError < PolarRuntimeError; end
     class NullByteInPolarFileError < PolarRuntimeError; end
     class UnexpectedPolarTypeError < PolarRuntimeError; end
@@ -68,6 +68,12 @@ module Oso
       end
     end
 
+    class UnimplementedOperationError < PolarRuntimeError # rubocop:disable Style/Documentation
+      def initialize(operation)
+        super("#{operation} are unimplemented in the oso Ruby library")
+      end
+    end
+
     # Generic operational exception.
     class OperationalError < Error; end
     class UnknownError < OperationalError; end

data/lib/oso/polar/ffi/error.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require 'json'
+
 module Oso
   module Polar
     module FFI

data/lib/oso/polar/ffi/message.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require 'json'
+
 module Oso
   module Polar
     module FFI

data/lib/oso/polar/ffi/polar.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require 'json'
+
 module Oso
   module Polar
     module FFI
@@ -11,6 +13,7 @@ module Oso
 
           attach_function :new, :polar_new, [], FFI::Polar
           attach_function :load, :polar_load, [FFI::Polar, :string, :string], :int32
+          attach_function :clear_rules, :polar_clear_rules, [FFI::Polar], :int32
           attach_function :next_inline_query, :polar_next_inline_query, [FFI::Polar, :uint32], FFI::Query
           attach_function :new_id, :polar_get_external_id, [FFI::Polar], :uint64
           attach_function :new_query_from_str, :polar_new_query, [FFI::Polar, :string, :uint32], FFI::Query
@@ -39,6 +42,13 @@ module Oso
           raise FFI::Error.get if loaded.zero?
         end
 
+        # @raise [FFI::Error] if the FFI call returns an error.
+        def clear_rules
+          cleared = Rust.clear_rules(self)
+          process_messages
+          raise FFI::Error.get if cleared.zero?
+        end
+
         # @return [FFI::Query] if there are remaining inline queries.
         # @return [nil] if there are no remaining inline queries.
         # @raise [FFI::Error] if the FFI call returns an error.
@@ -84,7 +94,7 @@ module Oso
         # @param name [String]
         # @param value [Hash<String, Object>]
         # @raise [FFI::Error] if the FFI call returns an error.
-        def register_constant(name, value:)
+        def register_constant(value, name:)
           registered = Rust.register_constant(self, name, JSON.dump(value))
           raise FFI::Error.get if registered.zero?
         end

data/lib/oso/polar/ffi/query.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require 'json'
+
 module Oso
   module Polar
     module FFI

data/lib/oso/polar/host.rb

@@ -10,8 +10,6 @@ module Oso
       attr_reader :ffi_polar
       # @return [Hash<String, Class>]
       attr_reader :classes
-      # @return [Hash<String, Object>]
-      attr_reader :constructors
       # @return [Hash<Integer, Object>]
       attr_reader :instances
 
@@ -20,14 +18,12 @@ module Oso
       def initialize(ffi_polar)
         @ffi_polar = ffi_polar
         @classes = {}
-        @constructors = {}
         @instances = {}
       end
 
       def initialize_copy(other)
         @ffi_polar = other.ffi_polar
         @classes = other.classes.dup
-        @constructors = other.constructors.dup
         @instances = other.instances.dup
       end
 
@@ -44,38 +40,18 @@ module Oso
 
       # Store a Ruby class in the {#classes} cache.
       #
-      # @param cls [Class] the class to cache
-      # @param name [String] the name to cache the class as. Defaults to the name of the class.
-      # @param constructor [Proc] optional custom constructor function. Defaults to the :new method.
+      # @param cls [Class] the class to cache.
+      # @param name [String] the name to cache the class as.
       # @return [String] the name the class is cached as.
-      # @raise [UnregisteredClassError] if the class has not been registered.
-      def cache_class(cls, name:, constructor:) # rubocop:disable Metrics/MethodLength
-        name = cls.name if name.nil?
+      # @raise [DuplicateClassAliasError] if attempting to register a class
+      # under a previously-registered name.
+      def cache_class(cls, name:)
         raise DuplicateClassAliasError, name: name, old: get_class(name), new: cls if classes.key? name
 
         classes[name] = cls
-        if constructor.nil?
-          constructors[name] = :new
-        elsif constructor.respond_to? :call
-          constructors[name] = constructor
-        else
-          raise InvalidConstructorError
-        end
         name
       end
 
-      # Fetch a constructor from the {#constructors} cache.
-      #
-      # @param name [String]
-      # @return [Symbol] if constructor is the default of `:new`.
-      # @return [Proc] if a custom constructor was registered.
-      # @raise [MissingConstructorError] if the constructor has not been registered.
-      def get_constructor(name)
-        raise MissingConstructorError, name unless constructors.key? name
-
-        constructors[name]
-      end
-
       # Check if an instance exists in the {#instances} cache.
       #
       # @param id [Integer]
@@ -100,12 +76,12 @@ module Oso
         instances[id]
       end
 
-      # Cache a Ruby instance in the {#instances} cache, fetching a {#new_id}
-      # if one isn't provided.
+      # Cache a Ruby instance in the {#instances} cache, fetching a new id if
+      # one isn't provided.
       #
       # @param instance [Object]
-      # @param id [Integer]
-      # @return [Integer]
+      # @param id [Integer] the instance ID. Generated via FFI if not provided.
+      # @return [Integer] the instance ID.
       def cache_instance(instance, id: nil)
         id = ffi_polar.new_id if id.nil?
         instances[id] = instance
@@ -114,24 +90,17 @@ module Oso
 
       # Construct and cache a Ruby instance.
       #
-      # @param cls_name [String]
-      # @param args [Array<Object>]
-      # @param kwargs [Hash<String, Object>]
-      # @param id [Integer]
+      # @param cls_name [String] name of the instance's class.
+      # @param args [Array<Object>] positional args to the constructor.
+      # @param kwargs [Hash<String, Object>] keyword args to the constructor.
+      # @param id [Integer] the instance ID.
       # @raise [PolarRuntimeError] if instance construction fails.
-      def make_instance(cls_name, args:, kwargs:, id:) # rubocop:disable Metrics/MethodLength
-        constructor = get_constructor(cls_name)
-        # The kwargs.empty? checks are for Ruby < 2.7.
-        instance = if constructor == :new
-                     if kwargs.empty?
-                       get_class(cls_name).__send__(:new, *args)
-                     else
-                       get_class(cls_name).__send__(:new, *args, **kwargs)
-                     end
-                   elsif kwargs.empty?
-                     constructor.call(*args)
+      # @return [Integer] the instance ID.
+      def make_instance(cls_name, args:, kwargs:, id:)
+        instance = if kwargs.empty? # This check is for Ruby < 2.7.
+                     get_class(cls_name).__send__(:new, *args)
                    else
-                     constructor.call(*args, **kwargs)
+                     get_class(cls_name).__send__(:new, *args, **kwargs)
                    end
         cache_instance(instance, id: id)
       rescue StandardError => e

data/lib/oso/polar/polar.rb

@@ -1,10 +1,5 @@
 # frozen_string_literal: true
 
-require 'json'
-require 'pp'
-require 'set'
-require 'digest/md5'
-
 # Missing Ruby type.
 module PolarBoolean; end
 # Monkey-patch Ruby true type.
@@ -43,6 +38,9 @@ module Oso
         @ffi_polar = FFI::Polar.create
         @host = Host.new(ffi_polar)
 
+        # Register global constants.
+        register_constant nil, name: 'nil'
+
         # Register built-in classes.
         register_class PolarBoolean, name: 'Boolean'
         register_class Integer
@@ -52,9 +50,12 @@ module Oso
         register_class String
       end
 
-      # Replace the current Polar instance but retain all registered classes and constructors.
-      def clear
-        @ffi_polar = FFI::Polar.create
+      # Clear all rules and rule sources from the current Polar instance
+      #
+      # @return [self] for chaining.
+      def clear_rules
+        ffi_polar.clear_rules
+        self
       end
 
       # Load a Polar policy file.
@@ -62,6 +63,7 @@ module Oso
       # @param name [String]
       # @raise [PolarFileExtensionError] if provided filename has invalid extension.
       # @raise [PolarFileNotFoundError] if provided filename does not exist.
+      # @return [self] for chaining.
       def load_file(name)
         raise PolarFileExtensionError, name unless File.extname(name) == '.polar'
 
@@ -78,6 +80,7 @@ module Oso
       # @raise [NullByteInPolarFileError] if str includes a non-terminating null byte.
       # @raise [InlineQueryFailedError] on the first failed inline query.
       # @raise [Error] if any of the FFI calls raise one.
+      # @return [self] for chaining.
       def load_str(str, filename: nil) # rubocop:disable Metrics/MethodLength
         raise NullByteInPolarFileError if str.chomp("\0").include?("\0")
 
@@ -92,6 +95,7 @@ module Oso
             raise InlineQueryFailedError, next_query.source
           end
         end
+        self
       end
 
       # Query for a Polar predicate or string.
@@ -129,18 +133,26 @@ module Oso
 
       # Register a Ruby class with Polar.
       #
-      # @param cls [Class]
-      # @param name [String]
-      # @param from_polar [Proc]
-      # @raise [InvalidConstructorError] if provided an invalid 'from_polar' constructor.
-      def register_class(cls, name: nil, from_polar: nil)
-        from_polar = Proc.new if block_given?
-        name = host.cache_class(cls, name: name, constructor: from_polar)
-        register_constant(name, value: cls)
+      # @param cls [Class] the class to register.
+      # @param name [String] the name to register the class as. Defaults to the name of the class.
+      # @raise [DuplicateClassAliasError] if attempting to register a class
+      # under a previously-registered name.
+      # @raise [FFI::Error] if the FFI call returns an error.
+      # @return [self] for chaining.
+      def register_class(cls, name: nil)
+        name = host.cache_class(cls, name: name || cls.name)
+        register_constant(cls, name: name)
       end
 
-      def register_constant(name, value:)
-        ffi_polar.register_constant(name, value: host.to_polar(value))
+      # Register a Ruby object with Polar.
+      #
+      # @param value [Object] the object to register.
+      # @param name [String] the name to register the object as.
+      # @return [self] for chaining.
+      # @raise [FFI::Error] if the FFI call returns an error.
+      def register_constant(value, name:)
+        ffi_polar.register_constant(host.to_polar(value), name: name)
+        self
       end
 
       # Start a REPL session.
@@ -162,10 +174,6 @@ module Oso
 
       # @return [FFI::Polar]
       attr_reader :ffi_polar
-      # @return [Hash<String, String>]
-      attr_reader :loaded_names
-      # @return [Hash<String, String>]
-      attr_reader :loaded_contents
 
       # The R and L in REPL for systems where readline is available.
       def repl_readline(prompt)

data/lib/oso/polar/query.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require 'json'
+
 module Oso
   module Polar
     # A single Polar query.
@@ -34,33 +36,6 @@ module Oso
         ffi_query.question_result(result, call_id: call_id)
       end
 
-      # Register a Ruby method call, wrapping the call result in a generator if
-      # it isn't already one.
-      #
-      # @param method [#to_sym]
-      # @param call_id [Integer]
-      # @param instance [Hash<String, Object>]
-      # @param args [Array<Hash>]
-      # @raise [InvalidCallError] if the method doesn't exist on the instance or
-      #   the args passed to the method are invalid.
-      def register_call(attribute, call_id:, instance:, args:, kwargs:) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
-        return if calls.key?(call_id)
-
-        instance = host.to_ruby(instance)
-        args = args.map { |a| host.to_ruby(a) }
-        kwargs = Hash[kwargs.map { |k, v| [k.to_sym, host.to_ruby(v)] }]
-        # The kwargs.empty? check is for Ruby < 2.7.
-        result = if kwargs.empty?
-                   instance.__send__(attribute, *args)
-                 else
-                   instance.__send__(attribute, *args, **kwargs)
-                 end
-        result = [result].to_enum unless result.is_a? Enumerator # Call must be a generator.
-        calls[call_id] = result.lazy
-      rescue ArgumentError, NoMethodError
-        raise InvalidCallError
-      end
-
       # Send next result of Ruby method call across FFI boundary.
       #
       # @param result [String]
@@ -95,13 +70,33 @@ module Oso
       # @param call_id [Integer]
       # @param instance [Hash<String, Object>]
       # @raise [Error] if the FFI call raises one.
-      def handle_call(attribute, call_id:, instance:, args:, kwargs:)
-        register_call(attribute, call_id: call_id, instance: instance, args: args, kwargs: kwargs)
-        result = JSON.dump(next_call_result(call_id))
+      def handle_call(attribute, call_id:, instance:, args:, kwargs:) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
+        instance = host.to_ruby(instance)
+        args = args.map { |a| host.to_ruby(a) }
+        kwargs = Hash[kwargs.map { |k, v| [k.to_sym, host.to_ruby(v)] }]
+        # The kwargs.empty? check is for Ruby < 2.7.
+        result = if kwargs.empty?
+                   instance.__send__(attribute, *args)
+                 else
+                   instance.__send__(attribute, *args, **kwargs)
+                 end
+        result = JSON.dump(host.to_polar(result))
         call_result(result, call_id: call_id)
-      rescue InvalidCallError => e
+      rescue ArgumentError, NoMethodError => e
         application_error(e.message)
         call_result(nil, call_id: call_id)
+      end
+
+      def handle_next_external(call_id, iterable)
+        unless calls.key? call_id
+          value = host.to_ruby iterable
+          raise InvalidIteratorError unless value.is_a? Enumerable
+
+          calls[call_id] = value.lazy
+        end
+
+        result = JSON.dump(next_call_result(call_id))
+        call_result(result, call_id: call_id)
       rescue StopIteration
         call_result(nil, call_id: call_id)
       end
@@ -169,6 +164,12 @@ module Oso
               end
               command = JSON.dump(host.to_polar(input))
               ffi_query.debug_command(command)
+            when 'ExternalOp'
+              raise UnimplementedOperationError, 'comparison operators'
+            when 'NextExternal'
+              call_id = event.data['call_id']
+              iterable = event.data['iterable']
+              handle_next_external(call_id, iterable)
             else
               raise "Unhandled event: #{JSON.dump(event.inspect)}"
             end

data/lib/oso/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Oso
-  VERSION = '0.6.0'
+  VERSION = '0.8.2'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: oso-oso
 version: !ruby/object:Gem::Version
-  version: 0.6.0
+  version: 0.8.2
 platform: ruby
 authors:
 - Oso Security, Inc.
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-09-22 00:00:00.000000000 Z
+date: 2020-11-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi