oso-oso 0.2.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: ec2b2b33a484c1770041164811415985e0e6c135a3fb03688d40813d0b332772
+  data.tar.gz: 960bcf13f984e19b359da8da1ac6478702c48d68f1ed9f1150250d0d4d0d1df4
+SHA512:
+  metadata.gz: 9b49f6a116fb1e542674a19047c16484f8f08a54dda51f83918644abfca808e164e628c164fcfd6ad0b2497549c3192a5a194264b138b018c01adbbea8b38cd7
+  data.tar.gz: 30d9fe7a3c625c1245140415c010066c21a388f79b5edce8b6376631712f33ca1bfc82f208e10244c6094b671588e6d1448e241bc11377e2b58c5a154b1afa66

data/.gitignore

@@ -0,0 +1,12 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+vendor
+
+# rspec failure tracking
+.rspec_status

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.solargraph.yml

@@ -0,0 +1,17 @@
+---
+include:
+- "lib/**/*.rb"
+exclude:
+- spec/**/*
+- test/**/*
+- vendor/**/*
+- ".bundle/**/*"
+require: []
+domains: []
+reporters:
+- rubocop
+- require_not_found
+- typecheck
+require_paths: []
+plugins: []
+max_files: 5000

data/Gemfile

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
+
+gemspec
+

data/Gemfile.lock

@@ -0,0 +1,95 @@
+PATH
+  remote: .
+  specs:
+    oso-oso (0.2.2)
+      ffi (~> 1.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    ast (2.4.1)
+    backport (1.1.2)
+    benchmark (0.1.0)
+    byebug (11.1.3)
+    coderay (1.1.3)
+    diff-lcs (1.3)
+    e2mmap (0.1.0)
+    ffi (1.13.1)
+    jaro_winkler (1.5.4)
+    maruku (0.7.3)
+    method_source (1.0.0)
+    mini_portile2 (2.4.0)
+    nokogiri (1.10.9)
+      mini_portile2 (~> 2.4.0)
+    parallel (1.19.1)
+    parser (2.7.1.3)
+      ast (~> 2.4.0)
+    pry (0.13.1)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    pry-byebug (3.9.0)
+      byebug (~> 11.0)
+      pry (~> 0.13.0)
+    rainbow (3.0.0)
+    rake (12.3.3)
+    regexp_parser (1.7.1)
+    reverse_markdown (2.0.0)
+      nokogiri
+    rexml (3.2.4)
+    rspec (3.9.0)
+      rspec-core (~> 3.9.0)
+      rspec-expectations (~> 3.9.0)
+      rspec-mocks (~> 3.9.0)
+    rspec-core (3.9.2)
+      rspec-support (~> 3.9.3)
+    rspec-expectations (3.9.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.9.0)
+    rspec-mocks (3.9.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.9.0)
+    rspec-support (3.9.3)
+    rubocop (0.85.1)
+      parallel (~> 1.10)
+      parser (>= 2.7.0.1)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.7)
+      rexml
+      rubocop-ast (>= 0.0.3)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 2.0)
+    rubocop-ast (0.0.3)
+      parser (>= 2.7.0.1)
+    ruby-progressbar (1.10.1)
+    solargraph (0.39.8)
+      backport (~> 1.1)
+      benchmark
+      bundler (>= 1.17.2)
+      e2mmap
+      jaro_winkler (~> 1.5)
+      maruku (~> 0.7, >= 0.7.3)
+      nokogiri (~> 1.9, >= 1.9.1)
+      parser (~> 2.3)
+      reverse_markdown (>= 1.0.5, < 3)
+      rubocop (~> 0.52)
+      thor (~> 1.0)
+      tilt (~> 2.0)
+      yard (~> 0.9, >= 0.9.24)
+    thor (1.0.1)
+    tilt (2.0.10)
+    unicode-display_width (1.7.0)
+    yard (0.9.25)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  oso-oso!
+  pry-byebug (~> 3.9.0)
+  rake (~> 12.0)
+  rspec (~> 3.0)
+  solargraph (~> 0.39.8)
+  yard (~> 0.9.25)
+
+BUNDLED WITH
+   2.1.4

data/Makefile

@@ -0,0 +1,16 @@
+CARGO_FLAGS := $(shell [ -z $${RELEASE} ] && echo "" || echo "--all-features --release")
+export CARGO_FLAGS
+TARGET_DIR := $(shell [ -z $${RELEASE} ] && echo "debug" || echo "release")
+LIB_EXT := $(shell [ $$(uname) = "Linux" ] && echo "so" || echo "dylib")
+
+.PHONY: install rust-build test
+
+rust-build:
+	$(MAKE) -C ../.. rust-build
+	cp ../../target/$(TARGET_DIR)/libpolar.$(LIB_EXT) ext/oso-oso/lib/libpolar.$(LIB_EXT)
+
+install: rust-build
+	bundle install
+
+test: install
+	bundle exec rake spec

data/README.md

@@ -0,0 +1,30 @@
+# Oso::Oso
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'oso-oso'
+```
+
+And then execute:
+
+    $ bundle install
+
+Or install it yourself as:
+
+    $ gem install oso-oso
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run
+`rake spec` to run the tests. You can also run `bin/console` for an interactive
+prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To
+release a new version, update the version number in `version.rb`, and then run
+`bundle exec rake release`, which will create a git tag for the version, push
+git commits and tags, and push the `.gem` file to
+[rubygems.org](https://rubygems.org).
+

data/Rakefile

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+task default: :spec
+

data/bin/console

@@ -0,0 +1,33 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'bundler/setup'
+require 'oso'
+
+polar = Oso::Polar.new.tap do |p| # rubocop:disable Lint/UselessAssignment
+  p.load_str('f(1); f(2); g(1); g(2); h(2); k(x) := f(x), h(x), g(x);')
+  puts 'f(x)', p.send(:query_str, 'f(x)').to_a
+  puts 'k(x)', p.send(:query_str, 'k(x)').to_a
+
+  p.load_str('foo(1, 2); foo(3, 4); foo(5, 6);')
+  expected = [{ 'x' => 1, 'y' => 2 }, { 'x' => 3, 'y' => 4 }, { 'x' => 5, 'y' => 6 }]
+  raise 'AssertionError' if p.send(:query_str, 'foo(x, y)').to_a != expected
+
+  class TestClass # rubocop:disable Style/Documentation
+    def my_method
+      1
+    end
+  end
+
+  p.register_class(TestClass)
+
+  p.load_str('external(x, 3) := x = new TestClass{}.my_method;')
+  results = p.send(:query_str, 'external(1, x)')
+  p results.next
+
+  # p.load_str('testDebug() := debug(), foo(x, y), k(y);')
+  # p.send(:query_str, 'testDebug()').next
+end
+
+require 'pry'
+Pry.start

data/bin/setup

@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install

data/lib/oso.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+require 'oso/http'
+require 'oso/oso'
+require 'oso/path_mapper'
+require 'oso/polar'
+require 'oso/version'
+
+# Top-level namespace for oso authorization library.
+module Oso
+  def self.new
+    ::Oso::Oso.new
+  end
+end

data/lib/oso/http.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module Oso
+  # An HTTP resource.
+  class Http
+    def initialize(hostname: nil, path: nil, query: nil)
+      @hostname = hostname
+      @path = path
+      @query = query
+    end
+
+    private
+
+    attr_reader :hostname, :path, :query
+  end
+end

data/lib/oso/oso.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+module Oso
+  # Oso authorization API.
+  class Oso
+    def initialize
+      @polar = ::Oso::Polar.new
+      register_class(Http, name: 'Http')
+      register_class(PathMapper, name: 'PathMapper')
+    end
+
+    def load_file(file)
+      polar.load_file(file)
+    end
+
+    def load_str(str)
+      polar.load_str(str)
+    end
+
+    def register_class(cls, name: nil) # rubocop:disable Naming/MethodParameterName
+      if block_given?
+        polar.register_class(cls, name: name, from_polar: Proc.new)
+      else
+        polar.register_class(cls, name: name)
+      end
+    end
+
+    def allow(actor:, action:, resource:)
+      polar.query_pred('allow', args: [actor, action, resource]).next
+      true
+    rescue StopIteration
+      false
+    end
+
+    def query_predicate(name, *args)
+      polar.query_pred(name, args: args)
+    end
+
+    def load_queued_files
+      polar.load_queued_files
+    end
+
+    private
+
+    attr_reader :polar
+  end
+end

data/lib/oso/path_mapper.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module Oso
+  # Map from a template string with capture groups of the form
+  # `{name}` to a dictionary of the form `{name: captured_value}`
+  class PathMapper
+    def initialize(template:)
+      capture_group = /({([^}]+)})/
+
+      template = template.dup
+      template.scan(capture_group).each do |outer, inner|
+        template = if inner == '*'
+                     template.gsub! outer, '.*'
+                   else
+                     template.gsub! outer, "(?<#{inner}>[^/]+)"
+                   end
+      end
+      @pattern = /\A#{template}\Z/
+    end
+
+    def map(string)
+      string.match(pattern)&.named_captures || {}
+    end
+
+    private
+
+    attr_reader :pattern
+  end
+end

data/lib/oso/polar.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+require 'oso/polar/errors'
+require 'oso/polar/ffi'
+require 'oso/polar/polar'
+require 'oso/polar/predicate'
+require 'oso/polar/query'
+require 'oso/polar/query_event'
+require 'oso/polar/variable'
+
+module Oso
+  # Top-level namespace for Polar language library.
+  module Polar
+    def self.new
+      ::Oso::Polar::Polar.new
+    end
+  end
+end

data/lib/oso/polar/errors.rb

@@ -0,0 +1,84 @@
+# frozen_string_literal: true
+
+module Oso
+  module Polar
+    # Base error type for Oso::Polar.
+    class Error < ::RuntimeError
+      attr_reader :stack_trace
+      
+      # @param message [String]
+      # @param details [Hash]
+      def initialize(message = nil, details: nil)
+        @details = details
+        if details and details.key?("stack_trace")
+          @stack_trace = details['stack_trace']
+        else
+          @stack_trace = nil
+        end
+        super(message)
+      end
+    end
+
+    # Expected to find an FFI error to convert into a Ruby exception but found none.
+    class FFIErrorNotFound < Error; end
+
+    # Generic runtime exception.
+    class PolarRuntimeError < Error; end
+
+    # Errors from across the FFI boundary.
+
+    class SerializationError < PolarRuntimeError; end
+    class UnsupportedError < PolarRuntimeError; end
+    class PolarTypeError < PolarRuntimeError; end
+    class StackOverflowError < PolarRuntimeError; end
+
+    # Errors originating from this side of the FFI boundary.
+
+    class UnregisteredClassError < PolarRuntimeError; end
+    class MissingConstructorError < PolarRuntimeError; end
+    class UnregisteredInstanceError < PolarRuntimeError; end
+    class DuplicateInstanceRegistrationError < PolarRuntimeError; end
+    class InvalidCallError < PolarRuntimeError; end
+    class InvalidConstructorError < PolarRuntimeError; end
+    class InlineQueryFailedError < PolarRuntimeError; end
+    class NullByteInPolarFileError < PolarRuntimeError; end
+    class UnexpectedPolarTypeError < PolarRuntimeError; end
+    class PolarFileExtensionError < PolarRuntimeError # rubocop:disable Style/Documentation
+      def initialize
+        super('Polar files must have .pol or .polar extension.')
+      end
+    end
+    class PolarFileNotFoundError < PolarRuntimeError # rubocop:disable Style/Documentation
+      # @param file [String]
+      def initialize(file)
+        super("Could not find file: #{file}")
+      end
+    end
+    class DuplicateClassAliasError < PolarRuntimeError # rubocop:disable Style/Documentation
+      # @param as [String]
+      # @param old [Class]
+      # @param new [Class]
+      def initialize(name:, old:, new:) # rubocop:disable Naming/MethodParameterName
+        super("Attempted to alias #{new} as '#{name}', but #{old} already has that alias.")
+      end
+    end
+
+    # Generic operational exception.
+    class OperationalError < Error; end
+    class UnknownError < OperationalError; end
+
+    # Catch-all for a parsing error that doesn't match any of the more specific types.
+    class ParseError < Error
+      class ExtraToken < ParseError; end
+      class IntegerOverflow < ParseError; end
+      class InvalidTokenCharacter < ParseError; end
+      class InvalidToken < ParseError; end
+      class UnrecognizedEOF < ParseError; end
+      class UnrecognizedToken < ParseError; end
+    end
+
+    # Generic Polar API exception.
+    class ApiError < Error; end
+    class ParameterError < ApiError; end
+  end
+end