oso-oso 0.4.0 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 919322c6735cfeb3615da5dd85b4188c59e8716d
-  data.tar.gz: 1c881b365f4098e3bbdad3152168e82ab31df87f
+  metadata.gz: '09ee09c3366406a34633c870ddfe4ff271971529'
+  data.tar.gz: 764b0f3b440d567e19e45b71eff823b9000f35ef
 SHA512:
-  metadata.gz: b898b3636cdb1cfa5fe909634292cf030bd60ccf768e964cb258c7e1c076d34b52e953bf8b37b27e2cc42926c44efdbd7b600dc21fea63e7144834870d80db1f
-  data.tar.gz: 1e38944c4a55b81b3dbecbf1864be035632bd840e0f709380c8b14bfaecf657a1abb273b74b171aae35df9210beddb7e42f4c3547af74e482d0db4b214ca987f
+  metadata.gz: fdae19c2528c46a85004241f0a8e59639123e416724239670cb9ff2ffc1172a87bb116b481d575e466c74f634213abdced263211f991721f1ff990e1e085d884
+  data.tar.gz: 309a196e2a0a3725e3bc1f45be8382ed85026dc7fc271662efaef8e207b0df2891f26da48ece702f1d9ce3e3731ea52c0a6cea30bf50af6acde54f08b44d79ec

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    oso-oso (0.4.0)
+    oso-oso (0.5.0)
       ffi (~> 1.0)
 
 GEM
@@ -49,19 +49,19 @@ GEM
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.9.0)
     rspec-support (3.9.3)
-    rubocop (0.89.0)
+    rubocop (0.89.1)
       parallel (~> 1.10)
       parser (>= 2.7.1.1)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.7)
       rexml
-      rubocop-ast (>= 0.1.0, < 1.0)
+      rubocop-ast (>= 0.3.0, < 1.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 1.4.0, < 2.0)
     rubocop-ast (0.3.0)
       parser (>= 2.7.1.4)
     ruby-progressbar (1.10.1)
-    solargraph (0.39.13)
+    solargraph (0.39.14)
       backport (~> 1.1)
       benchmark
       bundler (>= 1.17.2)
@@ -88,8 +88,8 @@ DEPENDENCIES
   pry-byebug (~> 3.9.0)
   rake (~> 12.0)
   rspec (~> 3.0)
-  rubocop (~> 0.89.0)
-  solargraph (~> 0.39.8)
+  rubocop (~> 0.89.1)
+  solargraph (~> 0.39.14)
   yard (~> 0.9.25)
 
 BUNDLED WITH

data/bin/oso

@@ -4,4 +4,4 @@
 require 'bundler/setup'
 require 'oso'
 
-Oso.new.repl(load: true)
+Oso.new.repl(ARGV)

data/lib/oso/oso.rb

@@ -3,7 +3,7 @@
 require_relative 'polar/polar'
 
 module Oso
-  # Oso authorization API.
+  # oso authorization API.
   class Oso < Polar::Polar
     def initialize
       super
@@ -11,6 +11,13 @@ module Oso
       register_class(PathMapper, name: 'PathMapper')
     end
 
+    # Query the knowledge base to determine whether an actor is allowed to
+    # perform an action upon a resource.
+    #
+    # @param actor [Object] Subject.
+    # @param action [Object] Verb.
+    # @param resource [Object] Object.
+    # @return [Boolean] An access control decision.
     def allowed?(actor:, action:, resource:)
       query_rule('allow', actor, action, resource).next
       true

data/lib/oso/polar/ffi.rb

@@ -37,7 +37,13 @@ module Oso
       # Wrapper class for Error FFI pointer + operations.
       class Error < ::FFI::AutoPointer
         def self.release(ptr)
-          Rust.free(ptr)
+          Rust.free(ptr) unless ptr.null?
+        end
+      end
+      # Wrapper class for Message FFI pointer + operations.
+      class Message < ::FFI::AutoPointer
+        def self.release(ptr)
+          Rust.free(ptr) unless ptr.null?
         end
       end
     end
@@ -49,3 +55,4 @@ require 'oso/polar/ffi/polar'
 require 'oso/polar/ffi/query'
 require 'oso/polar/ffi/query_event'
 require 'oso/polar/ffi/error'
+require 'oso/polar/ffi/message'

data/lib/oso/polar/ffi/message.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+module Oso
+  module Polar
+    module FFI
+      # Wrapper class for Message FFI pointer + operations.
+      class Message < ::FFI::AutoPointer
+        # @return [String]
+        def to_s
+          @to_s ||= read_string.force_encoding('UTF-8')
+        end
+
+        Rust = Module.new do
+          extend ::FFI::Library
+          ffi_lib FFI::LIB_PATH
+
+          attach_function :free, :string_free, [Message], :int32
+        end
+
+        def process
+          message = JSON.parse(to_s)
+          kind = message['kind']
+          msg = message['msg']
+
+          case kind
+          when 'Print'
+            puts(msg)
+          when 'Warning'
+            warn('[warning] %<msg>s')
+          end
+        end
+
+        private_constant :Rust
+      end
+    end
+  end
+end

data/lib/oso/polar/ffi/polar.rb

@@ -16,6 +16,7 @@ module Oso
           attach_function :new_query_from_str, :polar_new_query, [FFI::Polar, :string, :uint32], FFI::Query
           attach_function :new_query_from_term, :polar_new_query_from_term, [FFI::Polar, :string, :uint32], FFI::Query
           attach_function :register_constant, :polar_register_constant, [FFI::Polar, :string, :string], :int32
+          attach_function :next_message, :polar_next_polar_message, [FFI::Polar], FFI::Message
           attach_function :free, :polar_free, [FFI::Polar], :int32
         end
         private_constant :Rust
@@ -33,7 +34,9 @@ module Oso
         # @param filename [String]
         # @raise [FFI::Error] if the FFI call returns an error.
         def load_str(src, filename: nil)
-          raise FFI::Error.get if Rust.load_str(self, src, filename).zero?
+          loaded = Rust.load_str(self, src, filename)
+          process_messages
+          raise FFI::Error.get if loaded.zero?
         end
 
         # @return [FFI::Query] if there are remaining inline queries.
@@ -41,6 +44,7 @@ module Oso
         # @raise [FFI::Error] if the FFI call returns an error.
         def next_inline_query
           query = Rust.next_inline_query(self, 0)
+          process_messages
           query.null? ? nil : query
         end
 
@@ -60,6 +64,7 @@ module Oso
         # @raise [FFI::Error] if the FFI call returns an error.
         def new_query_from_str(str)
           query = Rust.new_query_from_str(self, str, 0)
+          process_messages
           raise FFI::Error.get if query.null?
 
           query
@@ -70,6 +75,7 @@ module Oso
         # @raise [FFI::Error] if the FFI call returns an error.
         def new_query_from_term(term)
           query = Rust.new_query_from_term(self, JSON.dump(term), 0)
+          process_messages
           raise FFI::Error.get if query.null?
 
           query
@@ -79,7 +85,21 @@ module Oso
         # @param value [Hash<String, Object>]
         # @raise [FFI::Error] if the FFI call returns an error.
         def register_constant(name, value:)
-          raise FFI::Error.get if Rust.register_constant(self, name, JSON.dump(value)).zero?
+          registered = Rust.register_constant(self, name, JSON.dump(value))
+          raise FFI::Error.get if registered.zero?
+        end
+
+        def next_message
+          Rust.next_message(self)
+        end
+
+        def process_messages
+          loop do
+            message = next_message
+            break if message.null?
+
+            message.process
+          end
         end
       end
     end

data/lib/oso/polar/ffi/query.rb

@@ -14,6 +14,7 @@ module Oso
           attach_function :question_result, :polar_question_result, [FFI::Query, :uint64, :int32], :int32
           attach_function :application_error, :polar_application_error, [FFI::Query, :string], :int32
           attach_function :next_event, :polar_next_query_event, [FFI::Query], FFI::QueryEvent
+          attach_function :next_message, :polar_next_query_message, [FFI::Query], FFI::Message
           attach_function :free, :query_free, [FFI::Query], :int32
         end
         private_constant :Rust
@@ -22,6 +23,7 @@ module Oso
         # @raise [FFI::Error] if the FFI call returns an error.
         def debug_command(cmd)
           res = Rust.debug_command(self, cmd)
+          process_messages
           raise FFI::Error.get if res.zero?
         end
 
@@ -54,10 +56,24 @@ module Oso
         # @raise [FFI::Error] if the FFI call returns an error.
         def next_event
           event = Rust.next_event(self)
+          process_messages
           raise FFI::Error.get if event.null?
 
           ::Oso::Polar::QueryEvent.new(JSON.parse(event.to_s))
         end
+
+        def next_message
+          Rust.next_message(self)
+        end
+
+        def process_messages
+          loop do
+            message = next_message
+            break if message.null?
+
+            message.process
+          end
+        end
       end
     end
   end

data/lib/oso/polar/host.rb

@@ -46,6 +46,7 @@ module Oso
       #
       # @param cls [Class] the class to cache
       # @param name [String] the name to cache the class as. Defaults to the name of the class.
+      # @param constructor [Proc] optional custom constructor function. Defaults to the :new method.
       # @return [String] the name the class is cached as.
       # @raise [UnregisteredClassError] if the class has not been registered.
       def cache_class(cls, name:, constructor:) # rubocop:disable Metrics/MethodLength
@@ -75,7 +76,7 @@ module Oso
         constructors[name]
       end
 
-      # Check if an instance has been cached.
+      # Check if an instance exists in the {#instances} cache.
       #
       # @param id [Integer]
       # @return [Boolean]
@@ -99,7 +100,8 @@ module Oso
         instances[id]
       end
 
-      # Cache a Ruby instance, fetching a {#new_id} if one isn't provided.
+      # Cache a Ruby instance in the {#instances} cache, fetching a {#new_id}
+      # if one isn't provided.
       #
       # @param instance [Object]
       # @param id [Integer]

data/lib/oso/polar/polar.rb

@@ -12,6 +12,26 @@ class TrueClass; include PolarBoolean; end
 # Monkey-patch Ruby false type.
 class FalseClass; include PolarBoolean; end
 
+# https://github.com/ruby/ruby/blob/bb9ecd026a6cadd5d0f85ac061649216806ed935/lib/bundler/vendor/thor/lib/thor/shell/color.rb#L99-L105
+def supports_color
+  $stdout.tty? && $stderr.tty? && ENV['NO_COLOR'].nil?
+end
+
+if supports_color
+  RESET = "\x1b[0m"
+  FG_BLUE = "\x1b[34m"
+  FG_RED = "\x1b[31m"
+else
+  RESET = ''
+  FG_BLUE = ''
+  FG_RED = ''
+end
+
+def print_error(error)
+  warn FG_RED + error.class.name.split('::').last + RESET
+  warn error.message
+end
+
 module Oso
   module Polar
     # Create and manage an instance of the Polar runtime.
@@ -41,7 +61,7 @@ module Oso
         @ffi_polar = FFI::Polar.create
       end
 
-      # Enqueue a Polar policy file for loading into the KB.
+      # Load a Polar policy file.
       #
       # @param name [String]
       # @raise [PolarFileExtensionError] if provided filename has invalid extension.
@@ -90,7 +110,7 @@ module Oso
         end
       end
 
-      # Query for a predicate, parsing it if necessary.
+      # Query for a Polar predicate or string.
       #
       # @overload query(query)
       #   @param query [String]
@@ -123,48 +143,6 @@ module Oso
         query(Predicate.new(name, args: args))
       end
 
-      # Start a REPL session.
-      #
-      # @raise [Error] if the FFI call raises one.
-      def repl(load: false) # rubocop:disable Metrics/MethodLength, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/AbcSize
-        ARGV.map { |f| load_file(f) } if load
-
-        loop do # rubocop:disable Metrics/BlockLength
-          print 'query> '
-          begin
-            query = $stdin.readline.chomp.chomp(';')
-          rescue EOFError
-            return
-          end
-
-          begin
-            ffi_query = ffi_polar.new_query_from_str(query)
-          rescue ParseError => e
-            puts "Parse error: #{e}"
-            next
-          end
-
-          begin
-            results = Query.new(ffi_query, host: host).results.to_a
-          rescue PolarRuntimeError => e
-            puts e
-            next
-          end
-
-          if results.empty?
-            pp false
-          else
-            results.each do |result|
-              if result.empty?
-                pp true
-              else
-                pp result
-              end
-            end
-          end
-        end
-      end
-
       # Register a Ruby class with Polar.
       #
       # @param cls [Class]
@@ -181,6 +159,21 @@ module Oso
         ffi_polar.register_constant(name, value: host.to_polar_term(value))
       end
 
+      # Start a REPL session.
+      #
+      # @param files [Array<String>]
+      # @raise [Error] if the FFI call raises one.
+      def repl(files = [])
+        files.map { |f| load_file(f) }
+        prompt = "#{FG_BLUE}query>#{RESET} "
+        # Try loading the readline module from the Ruby stdlib. If we get a
+        # LoadError, fall back to the standard REPL with no readline support.
+        require 'readline'
+        repl_readline(prompt)
+      rescue LoadError
+        repl_standard(prompt)
+      end
+
       private
 
       # @return [FFI::Polar]
@@ -189,6 +182,66 @@ module Oso
       attr_reader :loaded_names
       # @return [Hash<String, String>]
       attr_reader :loaded_contents
+
+      # The R and L in REPL for systems where readline is available.
+      def repl_readline(prompt)
+        while (buf = Readline.readline(prompt, true))
+          if /^\s*$/ =~ buf # Don't add empty entries to history.
+            Readline::HISTORY.pop
+            next
+          end
+          process_line(buf)
+        end
+      rescue Interrupt # rubocop:disable Lint/SuppressedException
+      end
+
+      # The R and L in REPL for systems where readline is not available.
+      def repl_standard(prompt)
+        loop do
+          puts prompt
+          begin
+            buf = $stdin.readline
+          rescue EOFError
+            return
+          end
+          process_line(buf)
+        end
+      rescue Interrupt # rubocop:disable Lint/SuppressedException
+      end
+
+      # Process a line of user input in the REPL.
+      #
+      # @param buf [String]
+      def process_line(buf) # rubocop:disable Metrics/MethodLength, Metrics/PerceivedComplexity, Metrics/AbcSize
+        query = buf.chomp.chomp(';')
+        begin
+          ffi_query = ffi_polar.new_query_from_str(query)
+        rescue ParseError => e
+          print_error(e)
+          return
+        end
+
+        begin
+          results = Query.new(ffi_query, host: host).results.to_a
+        rescue PolarRuntimeError => e
+          print_error(e)
+          return
+        end
+
+        if results.empty?
+          puts false
+        else
+          results.each do |result|
+            if result.empty?
+              puts true
+            else
+              result.each do |variable, value|
+                puts "#{variable} => #{value.inspect}"
+              end
+            end
+          end
+        end
+      end
     end
   end
 end

data/lib/oso/polar/query.rb

@@ -43,12 +43,16 @@ module Oso
       # @param args [Array<Hash>]
       # @raise [InvalidCallError] if the method doesn't exist on the instance or
       #   the args passed to the method are invalid.
-      def register_call(method, call_id:, instance:, args:)
+      def register_call(attribute, call_id:, instance:, args:) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
         return if calls.key?(call_id)
 
-        args = args.map { |a| host.to_ruby(a) }
         instance = host.to_ruby(instance)
-        result = instance.__send__(method, *args)
+        if args.nil?
+          result = instance.__send__(attribute)
+        else
+          args = args.map { |a| host.to_ruby(a) }
+          result = instance.__send__(attribute, *args)
+        end
         result = [result].to_enum unless result.is_a? Enumerator # Call must be a generator.
         calls[call_id] = result.lazy
       rescue ArgumentError, NoMethodError
@@ -89,8 +93,8 @@ module Oso
       # @param call_id [Integer]
       # @param instance [Hash<String, Object>]
       # @raise [Error] if the FFI call raises one.
-      def handle_call(method, call_id:, instance:, args:)
-        register_call(method, call_id: call_id, instance: instance, args: args)
+      def handle_call(attribute, call_id:, instance:, args:)
+        register_call(attribute, call_id: call_id, instance: instance, args: args)
         result = JSON.dump(next_call_result(call_id))
         call_result(result, call_id: call_id)
       rescue InvalidCallError => e
@@ -133,9 +137,9 @@ module Oso
             when 'ExternalCall'
               call_id = event.data['call_id']
               instance = event.data['instance']
-              method = event.data['attribute']
+              attribute = event.data['attribute']
               args = event.data['args']
-              handle_call(method, call_id: call_id, instance: instance, args: args)
+              handle_call(attribute, call_id: call_id, instance: instance, args: args)
             when 'ExternalIsSubSpecializer'
               instance_id = event.data['instance_id']
               left_tag = event.data['left_class_tag']

data/lib/oso/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Oso
-  VERSION = '0.4.0'
+  VERSION = '0.5.0'
 end

data/oso-oso.gemspec

@@ -34,7 +34,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'pry-byebug', '~> 3.9.0'
   spec.add_development_dependency 'rake', '~> 12.0'
   spec.add_development_dependency 'rspec', '~> 3.0'
-  spec.add_development_dependency 'rubocop', '~> 0.89.0'
-  spec.add_development_dependency 'solargraph', '~> 0.39.8'
+  spec.add_development_dependency 'rubocop', '~> 0.89.1'
+  spec.add_development_dependency 'solargraph', '~> 0.39.14'
   spec.add_development_dependency 'yard', '~> 0.9.25'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: oso-oso
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.5.0
 platform: ruby
 authors:
 - Oso Security, Inc.
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-08-11 00:00:00.000000000 Z
+date: 2020-08-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
@@ -72,28 +72,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.89.0
+        version: 0.89.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.89.0
+        version: 0.89.1
 - !ruby/object:Gem::Dependency
   name: solargraph
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.39.8
+        version: 0.39.14
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.39.8
+        version: 0.39.14
 - !ruby/object:Gem::Dependency
   name: yard
   requirement: !ruby/object:Gem::Requirement
@@ -137,6 +137,7 @@ files:
 - lib/oso/polar/errors.rb
 - lib/oso/polar/ffi.rb
 - lib/oso/polar/ffi/error.rb
+- lib/oso/polar/ffi/message.rb
 - lib/oso/polar/ffi/polar.rb
 - lib/oso/polar/ffi/query.rb
 - lib/oso/polar/ffi/query_event.rb