@highflame/policy 1.2.0 → 1.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/errors.d.ts +102 -0
- package/dist/errors.d.ts.map +1 -0
- package/dist/errors.js +127 -0
- package/dist/errors.js.map +1 -0
- package/dist/index.d.ts +2 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +2 -0
- package/dist/index.js.map +1 -1
- package/dist/parser.d.ts.map +1 -1
- package/dist/parser.js +79 -34
- package/dist/parser.js.map +1 -1
- package/dist/parser.test.js +44 -0
- package/dist/parser.test.js.map +1 -1
- package/dist/types.d.ts +1 -0
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js +2 -0
- package/dist/types.js.map +1 -1
- package/package.json +5 -1
- package/src/errors.ts +195 -0
- package/src/index.ts +2 -0
- package/src/parser.test.ts +53 -0
- package/src/parser.ts +83 -36
- package/src/types.ts +3 -0
package/dist/errors.d.ts
ADDED
|
@@ -0,0 +1,102 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Parser error types and codes for highflame-policy.
|
|
3
|
+
*
|
|
4
|
+
* This module provides standardized error codes that are consistent
|
|
5
|
+
* across all language implementations (Rust, Go, TypeScript, Python).
|
|
6
|
+
*/
|
|
7
|
+
/**
|
|
8
|
+
* Error codes for parser errors.
|
|
9
|
+
*
|
|
10
|
+
* These codes are stable and consistent across all language implementations.
|
|
11
|
+
* Format: HFP-<CATEGORY>-<NUMBER>
|
|
12
|
+
* - HFP = HighFlame Policy
|
|
13
|
+
* - CATEGORY = SCOPE | ACTION | COND | PARSE
|
|
14
|
+
* - NUMBER = 3-digit incremental
|
|
15
|
+
*/
|
|
16
|
+
export declare const ErrorCodes: {
|
|
17
|
+
/** Scope constraint is missing an entity (for == operator) */
|
|
18
|
+
readonly SCOPE_MISSING_ENTITY: "HFP-SCOPE-001";
|
|
19
|
+
/** Scope constraint is missing an entity type (for is operator) */
|
|
20
|
+
readonly SCOPE_MISSING_ENTITY_TYPE: "HFP-SCOPE-002";
|
|
21
|
+
/** Scope constraint is missing entity list (for in operator) */
|
|
22
|
+
readonly SCOPE_MISSING_ENTITY_LIST: "HFP-SCOPE-003";
|
|
23
|
+
/** Slot constraints are not supported in PolicyRule */
|
|
24
|
+
readonly SCOPE_SLOT_NOT_SUPPORTED: "HFP-SCOPE-004";
|
|
25
|
+
/** Unsupported scope operator */
|
|
26
|
+
readonly SCOPE_UNSUPPORTED_OP: "HFP-SCOPE-005";
|
|
27
|
+
/** Action constraint is missing an entity (for == operator) */
|
|
28
|
+
readonly ACTION_MISSING_ENTITY: "HFP-ACTION-001";
|
|
29
|
+
/** Action constraint is missing entities (for in operator) */
|
|
30
|
+
readonly ACTION_MISSING_ENTITIES: "HFP-ACTION-002";
|
|
31
|
+
/** Unsupported action operator */
|
|
32
|
+
readonly ACTION_UNSUPPORTED_OP: "HFP-ACTION-003";
|
|
33
|
+
/** Action scope is null/nil */
|
|
34
|
+
readonly ACTION_SCOPE_NIL: "HFP-ACTION-004";
|
|
35
|
+
/** Unless clauses are not supported in PolicyRule */
|
|
36
|
+
readonly COND_UNLESS_NOT_SUPPORTED: "HFP-COND-001";
|
|
37
|
+
/** Complex condition cannot be parsed */
|
|
38
|
+
readonly COND_COMPLEX_EXPRESSION: "HFP-COND-002";
|
|
39
|
+
/** Invalid Cedar syntax */
|
|
40
|
+
readonly PARSE_INVALID_SYNTAX: "HFP-PARSE-001";
|
|
41
|
+
/** Failed to convert policy to JSON */
|
|
42
|
+
readonly PARSE_JSON_CONVERSION: "HFP-PARSE-002";
|
|
43
|
+
/** Failed to parse Cedar JSON structure */
|
|
44
|
+
readonly PARSE_JSON_STRUCTURE: "HFP-PARSE-003";
|
|
45
|
+
/** Unknown policy effect (not permit or forbid) */
|
|
46
|
+
readonly PARSE_UNKNOWN_EFFECT: "HFP-PARSE-004";
|
|
47
|
+
/** Duplicate policy ID found */
|
|
48
|
+
readonly PARSE_DUPLICATE_ID: "HFP-PARSE-005";
|
|
49
|
+
};
|
|
50
|
+
export type ErrorCode = (typeof ErrorCodes)[keyof typeof ErrorCodes];
|
|
51
|
+
/**
|
|
52
|
+
* Context information for parser errors.
|
|
53
|
+
*/
|
|
54
|
+
export interface ErrorContext {
|
|
55
|
+
/** The operator that caused the error (e.g., "==", "in", "is") */
|
|
56
|
+
operator?: string;
|
|
57
|
+
/** The field that caused the error (e.g., "principal", "action", "resource") */
|
|
58
|
+
field?: string;
|
|
59
|
+
/** The policy ID if available */
|
|
60
|
+
policyId?: string;
|
|
61
|
+
}
|
|
62
|
+
/**
|
|
63
|
+
* A structured parser error with code, message, and optional context.
|
|
64
|
+
*/
|
|
65
|
+
export declare class ParserError extends Error {
|
|
66
|
+
/** Machine-readable error code (e.g., "HFP-SCOPE-001") */
|
|
67
|
+
readonly code: ErrorCode;
|
|
68
|
+
/** Optional context for debugging */
|
|
69
|
+
readonly context?: ErrorContext;
|
|
70
|
+
constructor(code: ErrorCode, message: string, context?: ErrorContext);
|
|
71
|
+
/**
|
|
72
|
+
* Returns a string representation including the error code.
|
|
73
|
+
*/
|
|
74
|
+
toString(): string;
|
|
75
|
+
/**
|
|
76
|
+
* Serializes the error to a plain object for JSON serialization.
|
|
77
|
+
*/
|
|
78
|
+
toJSON(): {
|
|
79
|
+
code: string;
|
|
80
|
+
message: string;
|
|
81
|
+
context?: ErrorContext;
|
|
82
|
+
};
|
|
83
|
+
/** Scope constraint is missing an entity */
|
|
84
|
+
static scopeMissingEntity(operator: string, field: string): ParserError;
|
|
85
|
+
/** Scope constraint is missing an entity type */
|
|
86
|
+
static scopeMissingEntityType(field: string): ParserError;
|
|
87
|
+
/** Scope constraint is missing entity list */
|
|
88
|
+
static scopeMissingEntityList(field: string): ParserError;
|
|
89
|
+
/** Slot constraints are not supported */
|
|
90
|
+
static scopeSlotNotSupported(operator: string, field: string): ParserError;
|
|
91
|
+
/** Unsupported scope operator */
|
|
92
|
+
static scopeUnsupportedOp(operator: string, field: string): ParserError;
|
|
93
|
+
/** Action constraint is missing an entity */
|
|
94
|
+
static actionMissingEntity(operator: string): ParserError;
|
|
95
|
+
/** Action constraint is missing entities */
|
|
96
|
+
static actionMissingEntities(): ParserError;
|
|
97
|
+
/** Unsupported action operator */
|
|
98
|
+
static actionUnsupportedOp(operator: string): ParserError;
|
|
99
|
+
/** Action scope is nil */
|
|
100
|
+
static actionScopeNil(): ParserError;
|
|
101
|
+
}
|
|
102
|
+
//# sourceMappingURL=errors.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;;;;;;;GAQG;AACH,eAAO,MAAM,UAAU;IAErB,8DAA8D;;IAE9D,mEAAmE;;IAEnE,gEAAgE;;IAEhE,uDAAuD;;IAEvD,iCAAiC;;IAIjC,+DAA+D;;IAE/D,8DAA8D;;IAE9D,kCAAkC;;IAElC,+BAA+B;;IAI/B,qDAAqD;;IAErD,yCAAyC;;IAIzC,2BAA2B;;IAE3B,uCAAuC;;IAEvC,2CAA2C;;IAE3C,mDAAmD;;IAEnD,gCAAgC;;CAExB,CAAC;AAEX,MAAM,MAAM,SAAS,GAAG,CAAC,OAAO,UAAU,CAAC,CAAC,MAAM,OAAO,UAAU,CAAC,CAAC;AAErE;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,kEAAkE;IAClE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,gFAAgF;IAChF,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,iCAAiC;IACjC,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,qBAAa,WAAY,SAAQ,KAAK;IACpC,0DAA0D;IAC1D,SAAgB,IAAI,EAAE,SAAS,CAAC;IAChC,qCAAqC;IACrC,SAAgB,OAAO,CAAC,EAAE,YAAY,CAAC;gBAE3B,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,YAAY;IAapE;;OAEG;IACM,QAAQ,IAAI,MAAM;IAI3B;;OAEG;IACH,MAAM,IAAI;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,YAAY,CAAA;KAAE;IAUnE,4CAA4C;IAC5C,MAAM,CAAC,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,WAAW;IAQvE,iDAAiD;IACjD,MAAM,CAAC,sBAAsB,CAAC,KAAK,EAAE,MAAM,GAAG,WAAW;IAQzD,8CAA8C;IAC9C,MAAM,CAAC,sBAAsB,CAAC,KAAK,EAAE,MAAM,GAAG,WAAW;IAQzD,yCAAyC;IACzC,MAAM,CAAC,qBAAqB,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,WAAW;IAQ1E,iCAAiC;IACjC,MAAM,CAAC,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,WAAW;IAQvE,6CAA6C;IAC7C,MAAM,CAAC,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,WAAW;IAQzD,4CAA4C;IAC5C,MAAM,CAAC,qBAAqB,IAAI,WAAW;IAQ3C,kCAAkC;IAClC,MAAM,CAAC,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,WAAW;IAQzD,0BAA0B;IAC1B,MAAM,CAAC,cAAc,IAAI,WAAW;CAOrC"}
|
package/dist/errors.js
ADDED
|
@@ -0,0 +1,127 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Parser error types and codes for highflame-policy.
|
|
3
|
+
*
|
|
4
|
+
* This module provides standardized error codes that are consistent
|
|
5
|
+
* across all language implementations (Rust, Go, TypeScript, Python).
|
|
6
|
+
*/
|
|
7
|
+
/**
|
|
8
|
+
* Error codes for parser errors.
|
|
9
|
+
*
|
|
10
|
+
* These codes are stable and consistent across all language implementations.
|
|
11
|
+
* Format: HFP-<CATEGORY>-<NUMBER>
|
|
12
|
+
* - HFP = HighFlame Policy
|
|
13
|
+
* - CATEGORY = SCOPE | ACTION | COND | PARSE
|
|
14
|
+
* - NUMBER = 3-digit incremental
|
|
15
|
+
*/
|
|
16
|
+
export const ErrorCodes = {
|
|
17
|
+
// Scope constraint errors (HFP-SCOPE-xxx)
|
|
18
|
+
/** Scope constraint is missing an entity (for == operator) */
|
|
19
|
+
SCOPE_MISSING_ENTITY: "HFP-SCOPE-001",
|
|
20
|
+
/** Scope constraint is missing an entity type (for is operator) */
|
|
21
|
+
SCOPE_MISSING_ENTITY_TYPE: "HFP-SCOPE-002",
|
|
22
|
+
/** Scope constraint is missing entity list (for in operator) */
|
|
23
|
+
SCOPE_MISSING_ENTITY_LIST: "HFP-SCOPE-003",
|
|
24
|
+
/** Slot constraints are not supported in PolicyRule */
|
|
25
|
+
SCOPE_SLOT_NOT_SUPPORTED: "HFP-SCOPE-004",
|
|
26
|
+
/** Unsupported scope operator */
|
|
27
|
+
SCOPE_UNSUPPORTED_OP: "HFP-SCOPE-005",
|
|
28
|
+
// Action constraint errors (HFP-ACTION-xxx)
|
|
29
|
+
/** Action constraint is missing an entity (for == operator) */
|
|
30
|
+
ACTION_MISSING_ENTITY: "HFP-ACTION-001",
|
|
31
|
+
/** Action constraint is missing entities (for in operator) */
|
|
32
|
+
ACTION_MISSING_ENTITIES: "HFP-ACTION-002",
|
|
33
|
+
/** Unsupported action operator */
|
|
34
|
+
ACTION_UNSUPPORTED_OP: "HFP-ACTION-003",
|
|
35
|
+
/** Action scope is null/nil */
|
|
36
|
+
ACTION_SCOPE_NIL: "HFP-ACTION-004",
|
|
37
|
+
// Condition errors (HFP-COND-xxx)
|
|
38
|
+
/** Unless clauses are not supported in PolicyRule */
|
|
39
|
+
COND_UNLESS_NOT_SUPPORTED: "HFP-COND-001",
|
|
40
|
+
/** Complex condition cannot be parsed */
|
|
41
|
+
COND_COMPLEX_EXPRESSION: "HFP-COND-002",
|
|
42
|
+
// Parse errors (HFP-PARSE-xxx)
|
|
43
|
+
/** Invalid Cedar syntax */
|
|
44
|
+
PARSE_INVALID_SYNTAX: "HFP-PARSE-001",
|
|
45
|
+
/** Failed to convert policy to JSON */
|
|
46
|
+
PARSE_JSON_CONVERSION: "HFP-PARSE-002",
|
|
47
|
+
/** Failed to parse Cedar JSON structure */
|
|
48
|
+
PARSE_JSON_STRUCTURE: "HFP-PARSE-003",
|
|
49
|
+
/** Unknown policy effect (not permit or forbid) */
|
|
50
|
+
PARSE_UNKNOWN_EFFECT: "HFP-PARSE-004",
|
|
51
|
+
/** Duplicate policy ID found */
|
|
52
|
+
PARSE_DUPLICATE_ID: "HFP-PARSE-005",
|
|
53
|
+
};
|
|
54
|
+
/**
|
|
55
|
+
* A structured parser error with code, message, and optional context.
|
|
56
|
+
*/
|
|
57
|
+
export class ParserError extends Error {
|
|
58
|
+
/** Machine-readable error code (e.g., "HFP-SCOPE-001") */
|
|
59
|
+
code;
|
|
60
|
+
/** Optional context for debugging */
|
|
61
|
+
context;
|
|
62
|
+
constructor(code, message, context) {
|
|
63
|
+
super(message);
|
|
64
|
+
this.name = "ParserError";
|
|
65
|
+
this.code = code;
|
|
66
|
+
this.context = context;
|
|
67
|
+
// Maintains proper stack trace for where our error was thrown (only available on V8)
|
|
68
|
+
const ErrorWithCapture = Error;
|
|
69
|
+
if (ErrorWithCapture.captureStackTrace) {
|
|
70
|
+
ErrorWithCapture.captureStackTrace(this, ParserError);
|
|
71
|
+
}
|
|
72
|
+
}
|
|
73
|
+
/**
|
|
74
|
+
* Returns a string representation including the error code.
|
|
75
|
+
*/
|
|
76
|
+
toString() {
|
|
77
|
+
return `[${this.code}] ${this.message}`;
|
|
78
|
+
}
|
|
79
|
+
/**
|
|
80
|
+
* Serializes the error to a plain object for JSON serialization.
|
|
81
|
+
*/
|
|
82
|
+
toJSON() {
|
|
83
|
+
return {
|
|
84
|
+
code: this.code,
|
|
85
|
+
message: this.message,
|
|
86
|
+
...(this.context && { context: this.context }),
|
|
87
|
+
};
|
|
88
|
+
}
|
|
89
|
+
// Convenience static factory methods for common errors
|
|
90
|
+
/** Scope constraint is missing an entity */
|
|
91
|
+
static scopeMissingEntity(operator, field) {
|
|
92
|
+
return new ParserError(ErrorCodes.SCOPE_MISSING_ENTITY, `'${operator}' constraint is missing an entity`, { operator, field });
|
|
93
|
+
}
|
|
94
|
+
/** Scope constraint is missing an entity type */
|
|
95
|
+
static scopeMissingEntityType(field) {
|
|
96
|
+
return new ParserError(ErrorCodes.SCOPE_MISSING_ENTITY_TYPE, "'is' constraint is missing an entity_type", { operator: "is", field });
|
|
97
|
+
}
|
|
98
|
+
/** Scope constraint is missing entity list */
|
|
99
|
+
static scopeMissingEntityList(field) {
|
|
100
|
+
return new ParserError(ErrorCodes.SCOPE_MISSING_ENTITY_LIST, "'in' constraint is missing an entity", { operator: "in", field });
|
|
101
|
+
}
|
|
102
|
+
/** Slot constraints are not supported */
|
|
103
|
+
static scopeSlotNotSupported(operator, field) {
|
|
104
|
+
return new ParserError(ErrorCodes.SCOPE_SLOT_NOT_SUPPORTED, `'${operator}' constraint with slot cannot be represented`, { operator, field });
|
|
105
|
+
}
|
|
106
|
+
/** Unsupported scope operator */
|
|
107
|
+
static scopeUnsupportedOp(operator, field) {
|
|
108
|
+
return new ParserError(ErrorCodes.SCOPE_UNSUPPORTED_OP, `Unsupported scope operator: ${operator}`, { operator, field });
|
|
109
|
+
}
|
|
110
|
+
/** Action constraint is missing an entity */
|
|
111
|
+
static actionMissingEntity(operator) {
|
|
112
|
+
return new ParserError(ErrorCodes.ACTION_MISSING_ENTITY, `Action '${operator}' constraint is missing an entity`, { operator, field: "action" });
|
|
113
|
+
}
|
|
114
|
+
/** Action constraint is missing entities */
|
|
115
|
+
static actionMissingEntities() {
|
|
116
|
+
return new ParserError(ErrorCodes.ACTION_MISSING_ENTITIES, "Action 'in' constraint is missing entities", { operator: "in", field: "action" });
|
|
117
|
+
}
|
|
118
|
+
/** Unsupported action operator */
|
|
119
|
+
static actionUnsupportedOp(operator) {
|
|
120
|
+
return new ParserError(ErrorCodes.ACTION_UNSUPPORTED_OP, `Unsupported action operator: ${operator}`, { operator, field: "action" });
|
|
121
|
+
}
|
|
122
|
+
/** Action scope is nil */
|
|
123
|
+
static actionScopeNil() {
|
|
124
|
+
return new ParserError(ErrorCodes.ACTION_SCOPE_NIL, "Action scope is nil", { field: "action" });
|
|
125
|
+
}
|
|
126
|
+
}
|
|
127
|
+
//# sourceMappingURL=errors.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;;;;;;;GAQG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG;IACxB,0CAA0C;IAC1C,8DAA8D;IAC9D,oBAAoB,EAAE,eAAe;IACrC,mEAAmE;IACnE,yBAAyB,EAAE,eAAe;IAC1C,gEAAgE;IAChE,yBAAyB,EAAE,eAAe;IAC1C,uDAAuD;IACvD,wBAAwB,EAAE,eAAe;IACzC,iCAAiC;IACjC,oBAAoB,EAAE,eAAe;IAErC,4CAA4C;IAC5C,+DAA+D;IAC/D,qBAAqB,EAAE,gBAAgB;IACvC,8DAA8D;IAC9D,uBAAuB,EAAE,gBAAgB;IACzC,kCAAkC;IAClC,qBAAqB,EAAE,gBAAgB;IACvC,+BAA+B;IAC/B,gBAAgB,EAAE,gBAAgB;IAElC,kCAAkC;IAClC,qDAAqD;IACrD,yBAAyB,EAAE,cAAc;IACzC,yCAAyC;IACzC,uBAAuB,EAAE,cAAc;IAEvC,+BAA+B;IAC/B,2BAA2B;IAC3B,oBAAoB,EAAE,eAAe;IACrC,uCAAuC;IACvC,qBAAqB,EAAE,eAAe;IACtC,2CAA2C;IAC3C,oBAAoB,EAAE,eAAe;IACrC,mDAAmD;IACnD,oBAAoB,EAAE,eAAe;IACrC,gCAAgC;IAChC,kBAAkB,EAAE,eAAe;CAC3B,CAAC;AAgBX;;GAEG;AACH,MAAM,OAAO,WAAY,SAAQ,KAAK;IACpC,0DAA0D;IAC1C,IAAI,CAAY;IAChC,qCAAqC;IACrB,OAAO,CAAgB;IAEvC,YAAY,IAAe,EAAE,OAAe,EAAE,OAAsB;QAClE,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,aAAa,CAAC;QAC1B,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QAEvB,qFAAqF;QACrF,MAAM,gBAAgB,GAAG,KAA2F,CAAC;QACrH,IAAI,gBAAgB,CAAC,iBAAiB,EAAE,CAAC;YACvC,gBAAgB,CAAC,iBAAiB,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAED;;OAEG;IACM,QAAQ;QACf,OAAO,IAAI,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,OAAO,EAAE,CAAC;IAC1C,CAAC;IAED;;OAEG;IACH,MAAM;QACJ,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,GAAG,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC;SAC/C,CAAC;IACJ,CAAC;IAED,uDAAuD;IAEvD,4CAA4C;IAC5C,MAAM,CAAC,kBAAkB,CAAC,QAAgB,EAAE,KAAa;QACvD,OAAO,IAAI,WAAW,CACpB,UAAU,CAAC,oBAAoB,EAC/B,IAAI,QAAQ,mCAAmC,EAC/C,EAAE,QAAQ,EAAE,KAAK,EAAE,CACpB,CAAC;IACJ,CAAC;IAED,iDAAiD;IACjD,MAAM,CAAC,sBAAsB,CAAC,KAAa;QACzC,OAAO,IAAI,WAAW,CACpB,UAAU,CAAC,yBAAyB,EACpC,2CAA2C,EAC3C,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,CAC1B,CAAC;IACJ,CAAC;IAED,8CAA8C;IAC9C,MAAM,CAAC,sBAAsB,CAAC,KAAa;QACzC,OAAO,IAAI,WAAW,CACpB,UAAU,CAAC,yBAAyB,EACpC,sCAAsC,EACtC,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,CAC1B,CAAC;IACJ,CAAC;IAED,yCAAyC;IACzC,MAAM,CAAC,qBAAqB,CAAC,QAAgB,EAAE,KAAa;QAC1D,OAAO,IAAI,WAAW,CACpB,UAAU,CAAC,wBAAwB,EACnC,IAAI,QAAQ,8CAA8C,EAC1D,EAAE,QAAQ,EAAE,KAAK,EAAE,CACpB,CAAC;IACJ,CAAC;IAED,iCAAiC;IACjC,MAAM,CAAC,kBAAkB,CAAC,QAAgB,EAAE,KAAa;QACvD,OAAO,IAAI,WAAW,CACpB,UAAU,CAAC,oBAAoB,EAC/B,+BAA+B,QAAQ,EAAE,EACzC,EAAE,QAAQ,EAAE,KAAK,EAAE,CACpB,CAAC;IACJ,CAAC;IAED,6CAA6C;IAC7C,MAAM,CAAC,mBAAmB,CAAC,QAAgB;QACzC,OAAO,IAAI,WAAW,CACpB,UAAU,CAAC,qBAAqB,EAChC,WAAW,QAAQ,mCAAmC,EACtD,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,CAC9B,CAAC;IACJ,CAAC;IAED,4CAA4C;IAC5C,MAAM,CAAC,qBAAqB;QAC1B,OAAO,IAAI,WAAW,CACpB,UAAU,CAAC,uBAAuB,EAClC,4CAA4C,EAC5C,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,CACpC,CAAC;IACJ,CAAC;IAED,kCAAkC;IAClC,MAAM,CAAC,mBAAmB,CAAC,QAAgB;QACzC,OAAO,IAAI,WAAW,CACpB,UAAU,CAAC,qBAAqB,EAChC,gCAAgC,QAAQ,EAAE,EAC1C,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,CAC9B,CAAC;IACJ,CAAC;IAED,0BAA0B;IAC1B,MAAM,CAAC,cAAc;QACnB,OAAO,IAAI,WAAW,CACpB,UAAU,CAAC,gBAAgB,EAC3B,qBAAqB,EACrB,EAAE,KAAK,EAAE,QAAQ,EAAE,CACpB,CAAC;IACJ,CAAC;CACF"}
|
package/dist/index.d.ts
CHANGED
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAMA,cAAc,mBAAmB,CAAC;AAClC,cAAc,kBAAkB,CAAC;AACjC,cAAc,kBAAkB,CAAC;AACjC,cAAc,iBAAiB,CAAC;AAGhC,cAAc,aAAa,CAAC;AAC5B,cAAc,cAAc,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAMA,cAAc,mBAAmB,CAAC;AAClC,cAAc,kBAAkB,CAAC;AACjC,cAAc,kBAAkB,CAAC;AACjC,cAAc,iBAAiB,CAAC;AAGhC,cAAc,aAAa,CAAC;AAC5B,cAAc,cAAc,CAAC;AAC7B,cAAc,aAAa,CAAC;AAC5B,cAAc,aAAa,CAAC"}
|
package/dist/index.js
CHANGED
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,2DAA2D;AAC3D,uCAAuC;AACvC,EAAE;AACF,sEAAsE;AACtE,oEAAoE;AAEpE,cAAc,mBAAmB,CAAC;AAClC,cAAc,kBAAkB,CAAC;AACjC,cAAc,kBAAkB,CAAC;AACjC,cAAc,iBAAiB,CAAC;AAEhC,0CAA0C;AAC1C,cAAc,aAAa,CAAC;AAC5B,cAAc,cAAc,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,2DAA2D;AAC3D,uCAAuC;AACvC,EAAE;AACF,sEAAsE;AACtE,oEAAoE;AAEpE,cAAc,mBAAmB,CAAC;AAClC,cAAc,kBAAkB,CAAC;AACjC,cAAc,kBAAkB,CAAC;AACjC,cAAc,iBAAiB,CAAC;AAEhC,0CAA0C;AAC1C,cAAc,aAAa,CAAC;AAC5B,cAAc,cAAc,CAAC;AAC7B,cAAc,aAAa,CAAC;AAC5B,cAAc,aAAa,CAAC"}
|
package/dist/parser.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"parser.d.ts","sourceRoot":"","sources":["../src/parser.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAGH,OAAO,KAAK,EAAE,UAAU,EAAkE,MAAM,cAAc,CAAC;
|
|
1
|
+
{"version":3,"file":"parser.d.ts","sourceRoot":"","sources":["../src/parser.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAGH,OAAO,KAAK,EAAE,UAAU,EAAkE,MAAM,cAAc,CAAC;AAG/G;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,2DAA2D;IAC3D,KAAK,EAAE,UAAU,EAAE,CAAC;IACpB,iFAAiF;IACjF,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,qCAAqC;IACrC,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAmDD;;;;;;;;;GASG;AACH,wBAAgB,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,WAAW,CA4EhE"}
|
package/dist/parser.js
CHANGED
|
@@ -9,6 +9,7 @@
|
|
|
9
9
|
* 2. Cedar JSON → PolicyRule (simple JSON mapping)
|
|
10
10
|
*/
|
|
11
11
|
import * as cedar from "@cedar-policy/cedar-wasm/nodejs";
|
|
12
|
+
import { ParserError, ErrorCodes } from "./errors.js";
|
|
12
13
|
/**
|
|
13
14
|
* Normalize entity reference to simple { type, id } format
|
|
14
15
|
*/
|
|
@@ -77,6 +78,20 @@ export function parseCedarToRules(cedarText) {
|
|
|
77
78
|
catch (e) {
|
|
78
79
|
result.errors.push(`Parse error: ${e instanceof Error ? e.message : String(e)}`);
|
|
79
80
|
}
|
|
81
|
+
// Check for duplicate policy IDs and add warnings
|
|
82
|
+
const idOccurrences = new Map();
|
|
83
|
+
result.rules.forEach((rule, idx) => {
|
|
84
|
+
if (rule.id) {
|
|
85
|
+
const indices = idOccurrences.get(rule.id) || [];
|
|
86
|
+
indices.push(idx);
|
|
87
|
+
idOccurrences.set(rule.id, indices);
|
|
88
|
+
}
|
|
89
|
+
});
|
|
90
|
+
for (const [id, indices] of idOccurrences) {
|
|
91
|
+
if (indices.length > 1) {
|
|
92
|
+
result.errors.push(`[${ErrorCodes.PARSE_DUPLICATE_ID}] Duplicate policy ID '${id}' found at indices [${indices.join(", ")}]`);
|
|
93
|
+
}
|
|
94
|
+
}
|
|
80
95
|
return result;
|
|
81
96
|
}
|
|
82
97
|
/**
|
|
@@ -90,28 +105,35 @@ function cedarJsonToRule(policy, policyId, index, originalText) {
|
|
|
90
105
|
const raw = originalText || getRawCedar(policyId, policy);
|
|
91
106
|
return { raw };
|
|
92
107
|
}
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
108
|
+
try {
|
|
109
|
+
const rule = {
|
|
110
|
+
id: policy.annotations?.id || policyId,
|
|
111
|
+
name: policy.annotations?.name || policy.annotations?.id || policyId,
|
|
112
|
+
effect: policy.effect,
|
|
113
|
+
principal: mapScopeToEntity(policy.principal, "principal"),
|
|
114
|
+
action: mapActionScope(policy.action),
|
|
115
|
+
resource: mapScopeToEntity(policy.resource, "resource"),
|
|
116
|
+
conditions: [],
|
|
117
|
+
enabled: true,
|
|
118
|
+
order: index,
|
|
119
|
+
};
|
|
120
|
+
// Map description from annotations
|
|
121
|
+
if (policy.annotations?.description) {
|
|
122
|
+
rule.description = policy.annotations.description;
|
|
123
|
+
}
|
|
124
|
+
// Map conditions
|
|
125
|
+
const { conditions, rawCondition } = mapConditions(policy.conditions);
|
|
126
|
+
rule.conditions = conditions;
|
|
127
|
+
if (rawCondition) {
|
|
128
|
+
rule.rawCondition = rawCondition;
|
|
129
|
+
}
|
|
130
|
+
return { rule };
|
|
107
131
|
}
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
rule.rawCondition = rawCondition;
|
|
132
|
+
catch (e) {
|
|
133
|
+
const error = e instanceof Error ? e.message : String(e);
|
|
134
|
+
const raw = originalText || getRawCedar(policyId, policy);
|
|
135
|
+
return { raw, error };
|
|
113
136
|
}
|
|
114
|
-
return { rule };
|
|
115
137
|
}
|
|
116
138
|
/**
|
|
117
139
|
* Check if a Cedar policy can be represented as PolicyRule
|
|
@@ -157,12 +179,20 @@ function getRawCedar(policyId, policy) {
|
|
|
157
179
|
catch {
|
|
158
180
|
// Ignore conversion errors
|
|
159
181
|
}
|
|
160
|
-
|
|
182
|
+
// Sanitize policyId to prevent newline injection attacks
|
|
183
|
+
const safeId = policyId.replace(/[\n\r]/g, " ");
|
|
184
|
+
return `// Complex policy: ${safeId}`;
|
|
161
185
|
}
|
|
162
186
|
/**
|
|
163
187
|
* Map Cedar scope constraint to PolicyEntity
|
|
188
|
+
*
|
|
189
|
+
* Returns null for unconstrained ("All") scopes.
|
|
190
|
+
* Throws ParserError for malformed constraints to prevent silent misinterpretation.
|
|
191
|
+
*
|
|
192
|
+
* @param scope - The Cedar scope constraint
|
|
193
|
+
* @param field - The field name ("principal" or "resource") for error context
|
|
164
194
|
*/
|
|
165
|
-
function mapScopeToEntity(scope) {
|
|
195
|
+
function mapScopeToEntity(scope, field) {
|
|
166
196
|
if (scope.op === "All") {
|
|
167
197
|
return null;
|
|
168
198
|
}
|
|
@@ -171,33 +201,44 @@ function mapScopeToEntity(scope) {
|
|
|
171
201
|
const entity = normalizeEntityRef(scope.entity);
|
|
172
202
|
return { type: entity.type, id: entity.id };
|
|
173
203
|
}
|
|
174
|
-
|
|
175
|
-
|
|
204
|
+
if ("slot" in scope) {
|
|
205
|
+
throw ParserError.scopeSlotNotSupported("==", field);
|
|
206
|
+
}
|
|
207
|
+
throw ParserError.scopeMissingEntity("==", field);
|
|
176
208
|
}
|
|
177
209
|
if (scope.op === "is") {
|
|
178
|
-
|
|
179
|
-
|
|
210
|
+
if (scope.entity_type) {
|
|
211
|
+
return { type: scope.entity_type };
|
|
212
|
+
}
|
|
213
|
+
throw ParserError.scopeMissingEntityType(field);
|
|
180
214
|
}
|
|
181
215
|
if (scope.op === "in") {
|
|
182
216
|
if ("entity" in scope) {
|
|
183
217
|
const entity = normalizeEntityRef(scope.entity);
|
|
184
218
|
return { type: entity.type, id: entity.id };
|
|
185
219
|
}
|
|
186
|
-
|
|
187
|
-
|
|
220
|
+
if ("slot" in scope) {
|
|
221
|
+
throw ParserError.scopeSlotNotSupported("in", field);
|
|
222
|
+
}
|
|
223
|
+
throw ParserError.scopeMissingEntityList(field);
|
|
188
224
|
}
|
|
189
|
-
|
|
225
|
+
throw ParserError.scopeUnsupportedOp(scope.op, field);
|
|
190
226
|
}
|
|
191
227
|
/**
|
|
192
228
|
* Map action scope to action string(s)
|
|
229
|
+
*
|
|
230
|
+
* Throws ParserError for malformed constraints to prevent silent misinterpretation.
|
|
193
231
|
*/
|
|
194
232
|
function mapActionScope(scope) {
|
|
195
233
|
if (scope.op === "All") {
|
|
196
234
|
return "*";
|
|
197
235
|
}
|
|
198
236
|
if (scope.op === "==") {
|
|
199
|
-
|
|
200
|
-
|
|
237
|
+
if ("entity" in scope) {
|
|
238
|
+
const entity = normalizeEntityRef(scope.entity);
|
|
239
|
+
return entity.id;
|
|
240
|
+
}
|
|
241
|
+
throw ParserError.actionMissingEntity("==");
|
|
201
242
|
}
|
|
202
243
|
if (scope.op === "in") {
|
|
203
244
|
if ("entities" in scope) {
|
|
@@ -208,8 +249,9 @@ function mapActionScope(scope) {
|
|
|
208
249
|
const entity = normalizeEntityRef(scope.entity);
|
|
209
250
|
return entity.id;
|
|
210
251
|
}
|
|
252
|
+
throw ParserError.actionMissingEntities();
|
|
211
253
|
}
|
|
212
|
-
|
|
254
|
+
throw ParserError.actionUnsupportedOp(scope.op);
|
|
213
255
|
}
|
|
214
256
|
/**
|
|
215
257
|
* Map Cedar conditions to PolicyCondition array
|
|
@@ -229,9 +271,11 @@ function mapConditions(conditions) {
|
|
|
229
271
|
rawParts.push(parsed.raw);
|
|
230
272
|
}
|
|
231
273
|
}
|
|
274
|
+
// Store raw conditions as a valid JSON array instead of joining with " && "
|
|
275
|
+
// This ensures downstream systems can parse the rawCondition field
|
|
232
276
|
return {
|
|
233
277
|
conditions: result,
|
|
234
|
-
rawCondition: rawParts.length > 0 ? rawParts.join("
|
|
278
|
+
rawCondition: rawParts.length > 0 ? `[${rawParts.join(",")}]` : undefined,
|
|
235
279
|
};
|
|
236
280
|
}
|
|
237
281
|
/**
|
|
@@ -292,11 +336,12 @@ function mapLike(args) {
|
|
|
292
336
|
if (!field)
|
|
293
337
|
return null;
|
|
294
338
|
// Convert pattern to string (e.g., ["Wildcard", { Literal: "foo" }, "Wildcard"] -> "*foo*")
|
|
339
|
+
// Escape literal * characters to distinguish from wildcards on round-trip
|
|
295
340
|
const patternStr = args.pattern.map(p => {
|
|
296
341
|
if (p === "Wildcard")
|
|
297
342
|
return "*";
|
|
298
343
|
if (typeof p === "object" && "Literal" in p)
|
|
299
|
-
return p.Literal;
|
|
344
|
+
return p.Literal.replace(/\*/g, "\\*");
|
|
300
345
|
return "";
|
|
301
346
|
}).join("");
|
|
302
347
|
return { field, operator: "like", value: patternStr };
|
package/dist/parser.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"parser.js","sourceRoot":"","sources":["../src/parser.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,KAAK,MAAM,iCAAiC,CAAC;AAsDzD;;GAEG;AACH,SAAS,kBAAkB,CAAC,GAAmB;IAC7C,IAAI,UAAU,IAAI,GAAG,EAAE,CAAC;QACtB,OAAO,GAAG,CAAC,QAAQ,CAAC;IACtB,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,iBAAiB,CAAC,SAAiB;IACjD,MAAM,MAAM,GAAgB;QAC1B,KAAK,EAAE,EAAE;QACT,YAAY,EAAE,EAAE;QAChB,MAAM,EAAE,EAAE;KACX,CAAC;IAEF,IAAI,CAAC;QACH,8DAA8D;QAC9D,MAAM,WAAW,GAAG,KAAK,CAAC,oBAAoB,CAAC,SAAS,CAAC,CAAC;QAE1D,IAAI,WAAW,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YACnC,KAAK,MAAM,KAAK,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;gBACvC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACpC,CAAC;YACD,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,sBAAsB;QACtB,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,KAAK,MAAM,UAAU,IAAI,WAAW,CAAC,QAAQ,EAAE,CAAC;YAC9C,qDAAqD;YACrD,MAAM,UAAU,GAAG,KAAK,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;YAElD,IAAI,UAAU,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gBAClC,KAAK,MAAM,KAAK,IAAI,UAAU,CAAC,MAAM,EAAE,CAAC;oBACtC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,KAAK,KAAK,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;gBAC1D,CAAC;gBACD,KAAK,EAAE,CAAC;gBACR,SAAS;YACX,CAAC;YAED,MAAM,MAAM,GAAG,UAAU,CAAC,IAAuB,CAAC;YAClD,MAAM,QAAQ,GAAG,MAAM,CAAC,WAAW,EAAE,EAAE,IAAI,SAAS,KAAK,EAAE,CAAC;YAC5D,MAAM,UAAU,GAAG,eAAe,CAAC,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC;YAExE,IAAI,UAAU,CAAC,KAAK,EAAE,CAAC;gBACrB,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,QAAQ,KAAK,UAAU,CAAC,KAAK,EAAE,CAAC,CAAC;YAChE,CAAC;YAED,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;gBACpB,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;YACrC,CAAC;iBAAM,IAAI,UAAU,CAAC,GAAG,EAAE,CAAC;gBAC1B,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;YAC3C,CAAC;YAED,KAAK,EAAE,CAAC;QACV,CAAC;QAED,+CAA+C;QAC/C,KAAK,MAAM,YAAY,IAAI,WAAW,CAAC,gBAAgB,EAAE,CAAC;YACxD,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACzC,CAAC;IAEH,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IACnF,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CACtB,MAAuB,EACvB,QAAgB,EAChB,KAAa,EACb,YAAqB;IAGrB,wDAAwD;IACxD,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,EAAE,CAAC;QAChC,sEAAsE;QACtE,MAAM,GAAG,GAAG,YAAY,IAAI,WAAW,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAC1D,OAAO,EAAE,GAAG,EAAE,CAAC;IACjB,CAAC;IAED,MAAM,IAAI,GAAe;QACvB,EAAE,EAAE,MAAM,CAAC,WAAW,EAAE,EAAE,IAAI,QAAQ;QACtC,IAAI,EAAE,MAAM,CAAC,WAAW,EAAE,IAAI,IAAI,MAAM,CAAC,WAAW,EAAE,EAAE,IAAI,QAAQ;QACpE,MAAM,EAAE,MAAM,CAAC,MAAsB;QACrC,SAAS,EAAE,gBAAgB,CAAC,MAAM,CAAC,SAAS,CAAC;QAC7C,MAAM,EAAE,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC;QACrC,QAAQ,EAAE,gBAAgB,CAAC,MAAM,CAAC,QAAQ,CAAC;QAC3C,UAAU,EAAE,EAAE;QACd,OAAO,EAAE,IAAI;QACb,KAAK,EAAE,KAAK;KACb,CAAC;IAEF,mCAAmC;IACnC,IAAI,MAAM,CAAC,WAAW,EAAE,WAAW,EAAE,CAAC;QACpC,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC,WAAW,CAAC;IACpD,CAAC;IAED,iBAAiB;IACjB,MAAM,EAAE,UAAU,EAAE,YAAY,EAAE,GAAG,aAAa,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IACtE,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAC7B,IAAI,YAAY,EAAE,CAAC;QACjB,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;IACnC,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,MAAuB;IACjD,sCAAsC;IACtC,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;QACrC,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC3B,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,sCAAsC;IACtC,IAAI,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1D,OAAO,KAAK,CAAC;IACf,CAAC;IAED,+CAA+C;IAC/C,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;IAC7B,IAAI,MAAM,CAAC,EAAE,KAAK,IAAI,IAAI,UAAU,IAAI,MAAM,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7E,2CAA2C;IAC7C,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,OAAO,CAAC,KAA2B;IAC1C,IAAI,KAAK,CAAC,EAAE,KAAK,KAAK,IAAI,KAAK,CAAC,EAAE,KAAK,IAAI,EAAE,CAAC;QAC5C,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,MAAM,IAAI,KAAK,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,QAAgB,EAAE,MAAuB;IAC5D,IAAI,CAAC;QACH,2DAA2D;QAC3D,MAAM,UAAU,GAAG,KAAK,CAAC,YAAY,CAAC,MAA0B,CAAC,CAAC;QAClE,IAAI,UAAU,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAClC,OAAO,UAAU,CAAC,IAAI,CAAC;QACzB,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,2BAA2B;IAC7B,CAAC;IACD,OAAO,sBAAsB,QAAQ,EAAE,CAAC;AAC1C,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,KAA2B;IACnD,IAAI,KAAK,CAAC,EAAE,KAAK,KAAK,EAAE,CAAC;QACvB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,KAAK,CAAC,EAAE,KAAK,IAAI,EAAE,CAAC;QACtB,IAAI,QAAQ,IAAI,KAAK,EAAE,CAAC;YACtB,MAAM,MAAM,GAAG,kBAAkB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAChD,OAAO,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE,CAAC;QAC9C,CAAC;QACD,yBAAyB;QACzB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,KAAK,CAAC,EAAE,KAAK,IAAI,EAAE,CAAC;QACtB,kBAAkB;QAClB,OAAO,EAAE,IAAI,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;IACrC,CAAC;IAED,IAAI,KAAK,CAAC,EAAE,KAAK,IAAI,EAAE,CAAC;QACtB,IAAI,QAAQ,IAAI,KAAK,EAAE,CAAC;YACtB,MAAM,MAAM,GAAG,kBAAkB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAChD,OAAO,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE,CAAC;QAC9C,CAAC;QACD,yBAAyB;QACzB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,KAA4B;IAClD,IAAI,KAAK,CAAC,EAAE,KAAK,KAAK,EAAE,CAAC;QACvB,OAAO,GAAG,CAAC;IACb,CAAC;IAED,IAAI,KAAK,CAAC,EAAE,KAAK,IAAI,EAAE,CAAC;QACtB,MAAM,MAAM,GAAG,kBAAkB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAChD,OAAO,MAAM,CAAC,EAAE,CAAC;IACnB,CAAC;IAED,IAAI,KAAK,CAAC,EAAE,KAAK,IAAI,EAAE,CAAC;QACtB,IAAI,UAAU,IAAI,KAAK,EAAE,CAAC;YACxB,MAAM,OAAO,GAAG,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YAClE,OAAO,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;QACrD,CAAC;QACD,IAAI,QAAQ,IAAI,KAAK,EAAE,CAAC;YACtB,MAAM,MAAM,GAAG,kBAAkB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAChD,OAAO,MAAM,CAAC,EAAE,CAAC;QACnB,CAAC;IACH,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,UAA4B;IAIjD,MAAM,MAAM,GAAsB,EAAE,CAAC;IACrC,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;YACzB,SAAS;QACX,CAAC;QAED,MAAM,MAAM,GAAG,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC3C,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;YACrB,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAChC,CAAC;aAAM,IAAI,MAAM,CAAC,GAAG,EAAE,CAAC;YACtB,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC;IAED,OAAO;QACL,UAAU,EAAE,MAAM;QAClB,YAAY,EAAE,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS;KACtE,CAAC;AACJ,CAAC;AAmBD;;;;;GAKG;AACH,SAAS,gBAAgB,CAAC,IAA6B;IAIrD,MAAM,IAAI,GAAG,IAAiB,CAAC;IAE/B,6BAA6B;IAC7B,KAAK,MAAM,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,CAAU,EAAE,CAAC;QAC7D,MAAM,UAAU,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC;QAC5B,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,SAAS,GAAG,aAAa,CAAC,EAAE,EAAE,UAAU,CAAC,CAAC;YAChD,IAAI,SAAS;gBAAE,OAAO,EAAE,SAAS,EAAE,CAAC;QACtC,CAAC;IACH,CAAC;IAED,iBAAiB;IACjB,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClB,MAAM,SAAS,GAAG,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC7C,IAAI,SAAS;YAAE,OAAO,EAAE,SAAS,EAAE,CAAC;IACtC,CAAC;IAED,aAAa;IACb,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrC,IAAI,SAAS;YAAE,OAAO,EAAE,SAAS,EAAE,CAAC;IACtC,CAAC;IAED,iCAAiC;IACjC,OAAO,EAAE,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC;AACvC,CAAC;AAED,SAAS,aAAa,CAAC,EAAU,EAAE,IAA2C;IAC5E,MAAM,KAAK,GAAG,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC7C,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAExB,MAAM,KAAK,GAAG,mBAAmB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC9C,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC;IAErC,MAAM,QAAQ,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IACjC,IAAI,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IAE3B,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;AACpC,CAAC;AAED,SAAS,WAAW,CAAC,IAA2C;IAC9D,MAAM,KAAK,GAAG,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC7C,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAExB,MAAM,KAAK,GAAG,mBAAmB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC9C,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC;IAErC,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC;AAChD,CAAC;AAED,SAAS,OAAO,CAAC,IAA2E;IAC1F,MAAM,KAAK,GAAG,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC7C,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAExB,4FAA4F;IAC5F,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE;QACtC,IAAI,CAAC,KAAK,UAAU;YAAE,OAAO,GAAG,CAAC;QACjC,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,SAAS,IAAI,CAAC;YAAE,OAAO,CAAC,CAAC,OAAO,CAAC;QAC9D,OAAO,EAAE,CAAC;IACZ,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEZ,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC;AACxD,CAAC;AAED;;;GAGG;AACH,SAAS,mBAAmB,CAAC,IAAe;IAC1C,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;IAC5B,IAAI,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC;IAE5B,sCAAsC;IACtC,MAAM,QAAQ,GAAG,SAAS,CAAC,IAAI,CAAC;IAChC,IAAI,QAAQ,CAAC,GAAG,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC;IAE5C,OAAO,SAAS,CAAC,IAAI,CAAC;AACxB,CAAC;AAED;;;GAGG;AACH,SAAS,mBAAmB,CAAC,IAAe;IAC1C,IAAI,CAAC,CAAC,OAAO,IAAI,IAAI,CAAC;QAAE,OAAO,SAAS,CAAC;IAEzC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;IACzB,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,SAAS,EAAE,CAAC;QACzF,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,EAAE,CAAC;QACpE,OAAO,KAAiB,CAAC;IAC3B,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,OAAe;IAClC,MAAM,OAAO,GAAsC;QACjD,IAAI,EAAE,IAAI;QACV,IAAI,EAAE,KAAK;QACX,GAAG,EAAE,IAAI;QACT,IAAI,EAAE,KAAK;QACX,GAAG,EAAE,IAAI;QACT,IAAI,EAAE,KAAK;KACZ,CAAC;IACF,OAAO,OAAO,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC;AAClC,CAAC"}
|
|
1
|
+
{"version":3,"file":"parser.js","sourceRoot":"","sources":["../src/parser.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,KAAK,MAAM,iCAAiC,CAAC;AAEzD,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAqDtD;;GAEG;AACH,SAAS,kBAAkB,CAAC,GAAmB;IAC7C,IAAI,UAAU,IAAI,GAAG,EAAE,CAAC;QACtB,OAAO,GAAG,CAAC,QAAQ,CAAC;IACtB,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,iBAAiB,CAAC,SAAiB;IACjD,MAAM,MAAM,GAAgB;QAC1B,KAAK,EAAE,EAAE;QACT,YAAY,EAAE,EAAE;QAChB,MAAM,EAAE,EAAE;KACX,CAAC;IAEF,IAAI,CAAC;QACH,8DAA8D;QAC9D,MAAM,WAAW,GAAG,KAAK,CAAC,oBAAoB,CAAC,SAAS,CAAC,CAAC;QAE1D,IAAI,WAAW,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YACnC,KAAK,MAAM,KAAK,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;gBACvC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACpC,CAAC;YACD,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,sBAAsB;QACtB,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,KAAK,MAAM,UAAU,IAAI,WAAW,CAAC,QAAQ,EAAE,CAAC;YAC9C,qDAAqD;YACrD,MAAM,UAAU,GAAG,KAAK,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;YAElD,IAAI,UAAU,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gBAClC,KAAK,MAAM,KAAK,IAAI,UAAU,CAAC,MAAM,EAAE,CAAC;oBACtC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,KAAK,KAAK,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;gBAC1D,CAAC;gBACD,KAAK,EAAE,CAAC;gBACR,SAAS;YACX,CAAC;YAED,MAAM,MAAM,GAAG,UAAU,CAAC,IAAuB,CAAC;YAClD,MAAM,QAAQ,GAAG,MAAM,CAAC,WAAW,EAAE,EAAE,IAAI,SAAS,KAAK,EAAE,CAAC;YAC5D,MAAM,UAAU,GAAG,eAAe,CAAC,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC;YAExE,IAAI,UAAU,CAAC,KAAK,EAAE,CAAC;gBACrB,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,QAAQ,KAAK,UAAU,CAAC,KAAK,EAAE,CAAC,CAAC;YAChE,CAAC;YAED,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;gBACpB,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;YACrC,CAAC;iBAAM,IAAI,UAAU,CAAC,GAAG,EAAE,CAAC;gBAC1B,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;YAC3C,CAAC;YAED,KAAK,EAAE,CAAC;QACV,CAAC;QAED,+CAA+C;QAC/C,KAAK,MAAM,YAAY,IAAI,WAAW,CAAC,gBAAgB,EAAE,CAAC;YACxD,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACzC,CAAC;IAEH,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IACnF,CAAC;IAED,kDAAkD;IAClD,MAAM,aAAa,GAAG,IAAI,GAAG,EAAoB,CAAC;IAClD,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;QACjC,IAAI,IAAI,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,OAAO,GAAG,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC;YACjD,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAClB,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;QACtC,CAAC;IACH,CAAC,CAAC,CAAC;IACH,KAAK,MAAM,CAAC,EAAE,EAAE,OAAO,CAAC,IAAI,aAAa,EAAE,CAAC;QAC1C,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvB,MAAM,CAAC,MAAM,CAAC,IAAI,CAChB,IAAI,UAAU,CAAC,kBAAkB,0BAA0B,EAAE,uBAAuB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAC1G,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CACtB,MAAuB,EACvB,QAAgB,EAChB,KAAa,EACb,YAAqB;IAGrB,wDAAwD;IACxD,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,EAAE,CAAC;QAChC,sEAAsE;QACtE,MAAM,GAAG,GAAG,YAAY,IAAI,WAAW,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAC1D,OAAO,EAAE,GAAG,EAAE,CAAC;IACjB,CAAC;IAED,IAAI,CAAC;QACH,MAAM,IAAI,GAAe;YACvB,EAAE,EAAE,MAAM,CAAC,WAAW,EAAE,EAAE,IAAI,QAAQ;YACtC,IAAI,EAAE,MAAM,CAAC,WAAW,EAAE,IAAI,IAAI,MAAM,CAAC,WAAW,EAAE,EAAE,IAAI,QAAQ;YACpE,MAAM,EAAE,MAAM,CAAC,MAAsB;YACrC,SAAS,EAAE,gBAAgB,CAAC,MAAM,CAAC,SAAS,EAAE,WAAW,CAAC;YAC1D,MAAM,EAAE,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC;YACrC,QAAQ,EAAE,gBAAgB,CAAC,MAAM,CAAC,QAAQ,EAAE,UAAU,CAAC;YACvD,UAAU,EAAE,EAAE;YACd,OAAO,EAAE,IAAI;YACb,KAAK,EAAE,KAAK;SACb,CAAC;QAEF,mCAAmC;QACnC,IAAI,MAAM,CAAC,WAAW,EAAE,WAAW,EAAE,CAAC;YACpC,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC,WAAW,CAAC;QACpD,CAAC;QAED,iBAAiB;QACjB,MAAM,EAAE,UAAU,EAAE,YAAY,EAAE,GAAG,aAAa,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QACtE,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,YAAY,EAAE,CAAC;YACjB,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;QACnC,CAAC;QAED,OAAO,EAAE,IAAI,EAAE,CAAC;IAClB,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,KAAK,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACzD,MAAM,GAAG,GAAG,YAAY,IAAI,WAAW,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAC1D,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;IACxB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,MAAuB;IACjD,sCAAsC;IACtC,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;QACrC,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC3B,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,sCAAsC;IACtC,IAAI,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1D,OAAO,KAAK,CAAC;IACf,CAAC;IAED,+CAA+C;IAC/C,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;IAC7B,IAAI,MAAM,CAAC,EAAE,KAAK,IAAI,IAAI,UAAU,IAAI,MAAM,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7E,2CAA2C;IAC7C,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,OAAO,CAAC,KAA2B;IAC1C,IAAI,KAAK,CAAC,EAAE,KAAK,KAAK,IAAI,KAAK,CAAC,EAAE,KAAK,IAAI,EAAE,CAAC;QAC5C,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,MAAM,IAAI,KAAK,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,QAAgB,EAAE,MAAuB;IAC5D,IAAI,CAAC;QACH,2DAA2D;QAC3D,MAAM,UAAU,GAAG,KAAK,CAAC,YAAY,CAAC,MAA0B,CAAC,CAAC;QAClE,IAAI,UAAU,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAClC,OAAO,UAAU,CAAC,IAAI,CAAC;QACzB,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,2BAA2B;IAC7B,CAAC;IACD,yDAAyD;IACzD,MAAM,MAAM,GAAG,QAAQ,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;IAChD,OAAO,sBAAsB,MAAM,EAAE,CAAC;AACxC,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,gBAAgB,CAAC,KAA2B,EAAE,KAAa;IAClE,IAAI,KAAK,CAAC,EAAE,KAAK,KAAK,EAAE,CAAC;QACvB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,KAAK,CAAC,EAAE,KAAK,IAAI,EAAE,CAAC;QACtB,IAAI,QAAQ,IAAI,KAAK,EAAE,CAAC;YACtB,MAAM,MAAM,GAAG,kBAAkB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAChD,OAAO,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE,CAAC;QAC9C,CAAC;QACD,IAAI,MAAM,IAAI,KAAK,EAAE,CAAC;YACpB,MAAM,WAAW,CAAC,qBAAqB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QACvD,CAAC;QACD,MAAM,WAAW,CAAC,kBAAkB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IACpD,CAAC;IAED,IAAI,KAAK,CAAC,EAAE,KAAK,IAAI,EAAE,CAAC;QACtB,IAAI,KAAK,CAAC,WAAW,EAAE,CAAC;YACtB,OAAO,EAAE,IAAI,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;QACrC,CAAC;QACD,MAAM,WAAW,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAC;IAClD,CAAC;IAED,IAAI,KAAK,CAAC,EAAE,KAAK,IAAI,EAAE,CAAC;QACtB,IAAI,QAAQ,IAAI,KAAK,EAAE,CAAC;YACtB,MAAM,MAAM,GAAG,kBAAkB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAChD,OAAO,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE,CAAC;QAC9C,CAAC;QACD,IAAI,MAAM,IAAI,KAAK,EAAE,CAAC;YACpB,MAAM,WAAW,CAAC,qBAAqB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QACvD,CAAC;QACD,MAAM,WAAW,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAC;IAClD,CAAC;IAED,MAAM,WAAW,CAAC,kBAAkB,CAAE,KAAwB,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;AAC5E,CAAC;AAED;;;;GAIG;AACH,SAAS,cAAc,CAAC,KAA4B;IAClD,IAAI,KAAK,CAAC,EAAE,KAAK,KAAK,EAAE,CAAC;QACvB,OAAO,GAAG,CAAC;IACb,CAAC;IAED,IAAI,KAAK,CAAC,EAAE,KAAK,IAAI,EAAE,CAAC;QACtB,IAAI,QAAQ,IAAI,KAAK,EAAE,CAAC;YACtB,MAAM,MAAM,GAAG,kBAAkB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAChD,OAAO,MAAM,CAAC,EAAE,CAAC;QACnB,CAAC;QACD,MAAM,WAAW,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;IAC9C,CAAC;IAED,IAAI,KAAK,CAAC,EAAE,KAAK,IAAI,EAAE,CAAC;QACtB,IAAI,UAAU,IAAI,KAAK,EAAE,CAAC;YACxB,MAAM,OAAO,GAAG,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YAClE,OAAO,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;QACrD,CAAC;QACD,IAAI,QAAQ,IAAI,KAAK,EAAE,CAAC;YACtB,MAAM,MAAM,GAAG,kBAAkB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAChD,OAAO,MAAM,CAAC,EAAE,CAAC;QACnB,CAAC;QACD,MAAM,WAAW,CAAC,qBAAqB,EAAE,CAAC;IAC5C,CAAC;IAED,MAAM,WAAW,CAAC,mBAAmB,CAAE,KAAwB,CAAC,EAAE,CAAC,CAAC;AACtE,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,UAA4B;IAIjD,MAAM,MAAM,GAAsB,EAAE,CAAC;IACrC,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;YACzB,SAAS;QACX,CAAC;QAED,MAAM,MAAM,GAAG,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC3C,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;YACrB,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAChC,CAAC;aAAM,IAAI,MAAM,CAAC,GAAG,EAAE,CAAC;YACtB,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC;IAED,4EAA4E;IAC5E,mEAAmE;IACnE,OAAO;QACL,UAAU,EAAE,MAAM;QAClB,YAAY,EAAE,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;KAC1E,CAAC;AACJ,CAAC;AAmBD;;;;;GAKG;AACH,SAAS,gBAAgB,CAAC,IAA6B;IAIrD,MAAM,IAAI,GAAG,IAAiB,CAAC;IAE/B,6BAA6B;IAC7B,KAAK,MAAM,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,CAAU,EAAE,CAAC;QAC7D,MAAM,UAAU,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC;QAC5B,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,SAAS,GAAG,aAAa,CAAC,EAAE,EAAE,UAAU,CAAC,CAAC;YAChD,IAAI,SAAS;gBAAE,OAAO,EAAE,SAAS,EAAE,CAAC;QACtC,CAAC;IACH,CAAC;IAED,iBAAiB;IACjB,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClB,MAAM,SAAS,GAAG,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC7C,IAAI,SAAS;YAAE,OAAO,EAAE,SAAS,EAAE,CAAC;IACtC,CAAC;IAED,aAAa;IACb,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrC,IAAI,SAAS;YAAE,OAAO,EAAE,SAAS,EAAE,CAAC;IACtC,CAAC;IAED,iCAAiC;IACjC,OAAO,EAAE,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC;AACvC,CAAC;AAED,SAAS,aAAa,CAAC,EAAU,EAAE,IAA2C;IAC5E,MAAM,KAAK,GAAG,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC7C,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAExB,MAAM,KAAK,GAAG,mBAAmB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC9C,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC;IAErC,MAAM,QAAQ,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IACjC,IAAI,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IAE3B,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;AACpC,CAAC;AAED,SAAS,WAAW,CAAC,IAA2C;IAC9D,MAAM,KAAK,GAAG,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC7C,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAExB,MAAM,KAAK,GAAG,mBAAmB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC9C,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC;IAErC,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC;AAChD,CAAC;AAED,SAAS,OAAO,CAAC,IAA2E;IAC1F,MAAM,KAAK,GAAG,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC7C,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAExB,4FAA4F;IAC5F,0EAA0E;IAC1E,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE;QACtC,IAAI,CAAC,KAAK,UAAU;YAAE,OAAO,GAAG,CAAC;QACjC,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,SAAS,IAAI,CAAC;YAAE,OAAO,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QACpF,OAAO,EAAE,CAAC;IACZ,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEZ,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC;AACxD,CAAC;AAED;;;GAGG;AACH,SAAS,mBAAmB,CAAC,IAAe;IAC1C,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;IAC5B,IAAI,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC;IAE5B,sCAAsC;IACtC,MAAM,QAAQ,GAAG,SAAS,CAAC,IAAI,CAAC;IAChC,IAAI,QAAQ,CAAC,GAAG,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC;IAE5C,OAAO,SAAS,CAAC,IAAI,CAAC;AACxB,CAAC;AAED;;;GAGG;AACH,SAAS,mBAAmB,CAAC,IAAe;IAC1C,IAAI,CAAC,CAAC,OAAO,IAAI,IAAI,CAAC;QAAE,OAAO,SAAS,CAAC;IAEzC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;IACzB,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,SAAS,EAAE,CAAC;QACzF,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,EAAE,CAAC;QACpE,OAAO,KAAiB,CAAC;IAC3B,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,OAAe;IAClC,MAAM,OAAO,GAAsC;QACjD,IAAI,EAAE,IAAI;QACV,IAAI,EAAE,KAAK;QACX,GAAG,EAAE,IAAI;QACT,IAAI,EAAE,KAAK;QACX,GAAG,EAAE,IAAI;QACT,IAAI,EAAE,KAAK;KACZ,CAAC;IACF,OAAO,OAAO,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC;AAClC,CAAC"}
|
package/dist/parser.test.js
CHANGED
|
@@ -95,5 +95,49 @@ describe('parseCedarToRules', () => {
|
|
|
95
95
|
expect(result.rules).toHaveLength(0);
|
|
96
96
|
expect(result.unstructured.length).toBeGreaterThan(0);
|
|
97
97
|
});
|
|
98
|
+
it('should store complex conditions as valid JSON array in rawCondition', () => {
|
|
99
|
+
// Use a condition with boolean AND that can't be mapped to structured format
|
|
100
|
+
const cedarText = `
|
|
101
|
+
@id("complex-condition")
|
|
102
|
+
permit(principal, action, resource)
|
|
103
|
+
when {
|
|
104
|
+
context.a == "x" && context.b == "y"
|
|
105
|
+
};
|
|
106
|
+
`;
|
|
107
|
+
const result = parseCedarToRules(cedarText);
|
|
108
|
+
expect(result.errors).toHaveLength(0);
|
|
109
|
+
expect(result.rules).toHaveLength(1);
|
|
110
|
+
const rule = result.rules[0];
|
|
111
|
+
// The complex && condition should be in rawCondition as valid JSON array
|
|
112
|
+
if (rule.rawCondition) {
|
|
113
|
+
// Verify it's valid JSON (should not throw)
|
|
114
|
+
const parsed = JSON.parse(rule.rawCondition);
|
|
115
|
+
expect(Array.isArray(parsed)).toBe(true);
|
|
116
|
+
expect(parsed.length).toBeGreaterThan(0);
|
|
117
|
+
}
|
|
118
|
+
// Either conditions were mapped or rawCondition contains valid JSON
|
|
119
|
+
expect(rule.conditions.length > 0 || rule.rawCondition).toBeTruthy();
|
|
120
|
+
});
|
|
121
|
+
it('should warn about duplicate policy IDs', () => {
|
|
122
|
+
const cedarText = `
|
|
123
|
+
@id("duplicate-id")
|
|
124
|
+
permit(principal, action, resource);
|
|
125
|
+
|
|
126
|
+
@id("unique-id")
|
|
127
|
+
forbid(principal, action, resource);
|
|
128
|
+
|
|
129
|
+
@id("duplicate-id")
|
|
130
|
+
permit(principal is User, action, resource);
|
|
131
|
+
`;
|
|
132
|
+
const result = parseCedarToRules(cedarText);
|
|
133
|
+
// All policies should still be parsed
|
|
134
|
+
expect(result.rules).toHaveLength(3);
|
|
135
|
+
// Should have a warning about duplicate ID
|
|
136
|
+
const duplicateError = result.errors.find(e => e.includes("HFP-PARSE-005"));
|
|
137
|
+
expect(duplicateError).toBeDefined();
|
|
138
|
+
expect(duplicateError).toContain("duplicate-id");
|
|
139
|
+
expect(duplicateError).toContain("[0"); // First occurrence at index 0
|
|
140
|
+
expect(duplicateError).toContain("2"); // Second occurrence at index 2
|
|
141
|
+
});
|
|
98
142
|
});
|
|
99
143
|
//# sourceMappingURL=parser.test.js.map
|
package/dist/parser.test.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"parser.test.js","sourceRoot":"","sources":["../src/parser.test.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAEhD,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;IACjC,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;QAC7C,MAAM,SAAS,GAAG;;;;;;;KAOjB,CAAC;QAEF,MAAM,MAAM,GAAG,iBAAiB,CAAC,SAAS,CAAC,CAAC;QAE5C,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAE5C,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC7B,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QACzC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACnC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;QACjD,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACtC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC;QACpD,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;QACpD,MAAM,SAAS,GAAG;;;;;;;;;;KAUjB,CAAC;QAEF,MAAM,MAAM,GAAG,iBAAiB,CAAC,SAAS,CAAC,CAAC;QAE5C,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAErC,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC7B,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;QACxC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACnC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAEzC,6BAA6B;QAC7B,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC;QACzD,2DAA2D;QAC3D,uCAAuC;QACvC,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC/B,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YACtD,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC/C,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAChD,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,WAAW,EAAE,CAAC;QAC1C,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;QACvD,MAAM,YAAY,GAAG;;;;KAIpB,CAAC;QAEF,MAAM,MAAM,GAAG,iBAAiB,CAAC,YAAY,CAAC,CAAC;QAE/C,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;QACzC,MAAM,SAAS,GAAG;;;;;;KAMjB,CAAC;QAEF,MAAM,MAAM,GAAG,iBAAiB,CAAC,SAAS,CAAC,CAAC;QAE5C,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC9C,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yDAAyD,EAAE,GAAG,EAAE;QACjE,MAAM,SAAS,GAAG;;;;;KAKjB,CAAC;QAEF,MAAM,MAAM,GAAG,iBAAiB,CAAC,SAAS,CAAC,CAAC;QAE5C,oDAAoD;QACpD,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
1
|
+
{"version":3,"file":"parser.test.js","sourceRoot":"","sources":["../src/parser.test.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAEhD,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;IACjC,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;QAC7C,MAAM,SAAS,GAAG;;;;;;;KAOjB,CAAC;QAEF,MAAM,MAAM,GAAG,iBAAiB,CAAC,SAAS,CAAC,CAAC;QAE5C,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAE5C,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC7B,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QACzC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACnC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;QACjD,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACtC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC;QACpD,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;QACpD,MAAM,SAAS,GAAG;;;;;;;;;;KAUjB,CAAC;QAEF,MAAM,MAAM,GAAG,iBAAiB,CAAC,SAAS,CAAC,CAAC;QAE5C,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAErC,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC7B,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;QACxC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACnC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAEzC,6BAA6B;QAC7B,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC;QACzD,2DAA2D;QAC3D,uCAAuC;QACvC,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC/B,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YACtD,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC/C,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAChD,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,WAAW,EAAE,CAAC;QAC1C,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;QACvD,MAAM,YAAY,GAAG;;;;KAIpB,CAAC;QAEF,MAAM,MAAM,GAAG,iBAAiB,CAAC,YAAY,CAAC,CAAC;QAE/C,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;QACzC,MAAM,SAAS,GAAG;;;;;;KAMjB,CAAC;QAEF,MAAM,MAAM,GAAG,iBAAiB,CAAC,SAAS,CAAC,CAAC;QAE5C,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC9C,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yDAAyD,EAAE,GAAG,EAAE;QACjE,MAAM,SAAS,GAAG;;;;;KAKjB,CAAC;QAEF,MAAM,MAAM,GAAG,iBAAiB,CAAC,SAAS,CAAC,CAAC;QAE5C,oDAAoD;QACpD,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qEAAqE,EAAE,GAAG,EAAE;QAC7E,6EAA6E;QAC7E,MAAM,SAAS,GAAG;;;;;;KAMjB,CAAC;QAEF,MAAM,MAAM,GAAG,iBAAiB,CAAC,SAAS,CAAC,CAAC;QAE5C,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAErC,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAE7B,yEAAyE;QACzE,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,4CAA4C;YAC5C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YAC7C,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACzC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QAC3C,CAAC;QACD,oEAAoE;QACpE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,IAAI,IAAI,CAAC,YAAY,CAAC,CAAC,UAAU,EAAE,CAAC;IACvE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;QAChD,MAAM,SAAS,GAAG;;;;;;;;;KASjB,CAAC;QAEF,MAAM,MAAM,GAAG,iBAAiB,CAAC,SAAS,CAAC,CAAC;QAE5C,sCAAsC;QACtC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAErC,2CAA2C;QAC3C,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,CAAC;QAC5E,MAAM,CAAC,cAAc,CAAC,CAAC,WAAW,EAAE,CAAC;QACrC,MAAM,CAAC,cAAc,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC;QACjD,MAAM,CAAC,cAAc,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAE,8BAA8B;QACvE,MAAM,CAAC,cAAc,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAG,+BAA+B;IAC1E,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
package/dist/types.d.ts
CHANGED
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAQA,cAAc,mBAAmB,CAAC;AAClC,cAAc,kBAAkB,CAAC;AACjC,cAAc,kBAAkB,CAAC;AACjC,cAAc,iBAAiB,CAAC;AAGhC,cAAc,cAAc,CAAC"}
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAQA,cAAc,mBAAmB,CAAC;AAClC,cAAc,kBAAkB,CAAC;AACjC,cAAc,kBAAkB,CAAC;AACjC,cAAc,iBAAiB,CAAC;AAGhC,cAAc,cAAc,CAAC;AAG7B,cAAc,aAAa,CAAC"}
|
package/dist/types.js
CHANGED
|
@@ -11,4 +11,6 @@ export * from './context.gen.js';
|
|
|
11
11
|
export * from './schema.gen.js';
|
|
12
12
|
// PolicyBuilder - works in browser (no WASM dependency)
|
|
13
13
|
export * from './builder.js';
|
|
14
|
+
// Error types - works in browser (no WASM dependency)
|
|
15
|
+
export * from './errors.js';
|
|
14
16
|
//# sourceMappingURL=types.js.map
|
package/dist/types.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,2DAA2D;AAC3D,uCAAuC;AACvC,EAAE;AACF,6CAA6C;AAC7C,gDAAgD;AAChD,yEAAyE;AAEzE,gDAAgD;AAChD,cAAc,mBAAmB,CAAC;AAClC,cAAc,kBAAkB,CAAC;AACjC,cAAc,kBAAkB,CAAC;AACjC,cAAc,iBAAiB,CAAC;AAEhC,wDAAwD;AACxD,cAAc,cAAc,CAAC"}
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,2DAA2D;AAC3D,uCAAuC;AACvC,EAAE;AACF,6CAA6C;AAC7C,gDAAgD;AAChD,yEAAyE;AAEzE,gDAAgD;AAChD,cAAc,mBAAmB,CAAC;AAClC,cAAc,kBAAkB,CAAC;AACjC,cAAc,kBAAkB,CAAC;AACjC,cAAc,iBAAiB,CAAC;AAEhC,wDAAwD;AACxD,cAAc,cAAc,CAAC;AAE7B,sDAAsD;AACtD,cAAc,aAAa,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@highflame/policy",
|
|
3
|
-
"version": "1.2.
|
|
3
|
+
"version": "1.2.1",
|
|
4
4
|
"description": "Highflame Cedar policy types and engine wrapper",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
@@ -37,6 +37,10 @@
|
|
|
37
37
|
"./builder": {
|
|
38
38
|
"import": "./dist/builder.js",
|
|
39
39
|
"types": "./dist/builder.d.ts"
|
|
40
|
+
},
|
|
41
|
+
"./parser": {
|
|
42
|
+
"import": "./dist/parser.js",
|
|
43
|
+
"types": "./dist/parser.d.ts"
|
|
40
44
|
}
|
|
41
45
|
},
|
|
42
46
|
"scripts": {
|
package/src/errors.ts
ADDED
|
@@ -0,0 +1,195 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Parser error types and codes for highflame-policy.
|
|
3
|
+
*
|
|
4
|
+
* This module provides standardized error codes that are consistent
|
|
5
|
+
* across all language implementations (Rust, Go, TypeScript, Python).
|
|
6
|
+
*/
|
|
7
|
+
|
|
8
|
+
/**
|
|
9
|
+
* Error codes for parser errors.
|
|
10
|
+
*
|
|
11
|
+
* These codes are stable and consistent across all language implementations.
|
|
12
|
+
* Format: HFP-<CATEGORY>-<NUMBER>
|
|
13
|
+
* - HFP = HighFlame Policy
|
|
14
|
+
* - CATEGORY = SCOPE | ACTION | COND | PARSE
|
|
15
|
+
* - NUMBER = 3-digit incremental
|
|
16
|
+
*/
|
|
17
|
+
export const ErrorCodes = {
|
|
18
|
+
// Scope constraint errors (HFP-SCOPE-xxx)
|
|
19
|
+
/** Scope constraint is missing an entity (for == operator) */
|
|
20
|
+
SCOPE_MISSING_ENTITY: "HFP-SCOPE-001",
|
|
21
|
+
/** Scope constraint is missing an entity type (for is operator) */
|
|
22
|
+
SCOPE_MISSING_ENTITY_TYPE: "HFP-SCOPE-002",
|
|
23
|
+
/** Scope constraint is missing entity list (for in operator) */
|
|
24
|
+
SCOPE_MISSING_ENTITY_LIST: "HFP-SCOPE-003",
|
|
25
|
+
/** Slot constraints are not supported in PolicyRule */
|
|
26
|
+
SCOPE_SLOT_NOT_SUPPORTED: "HFP-SCOPE-004",
|
|
27
|
+
/** Unsupported scope operator */
|
|
28
|
+
SCOPE_UNSUPPORTED_OP: "HFP-SCOPE-005",
|
|
29
|
+
|
|
30
|
+
// Action constraint errors (HFP-ACTION-xxx)
|
|
31
|
+
/** Action constraint is missing an entity (for == operator) */
|
|
32
|
+
ACTION_MISSING_ENTITY: "HFP-ACTION-001",
|
|
33
|
+
/** Action constraint is missing entities (for in operator) */
|
|
34
|
+
ACTION_MISSING_ENTITIES: "HFP-ACTION-002",
|
|
35
|
+
/** Unsupported action operator */
|
|
36
|
+
ACTION_UNSUPPORTED_OP: "HFP-ACTION-003",
|
|
37
|
+
/** Action scope is null/nil */
|
|
38
|
+
ACTION_SCOPE_NIL: "HFP-ACTION-004",
|
|
39
|
+
|
|
40
|
+
// Condition errors (HFP-COND-xxx)
|
|
41
|
+
/** Unless clauses are not supported in PolicyRule */
|
|
42
|
+
COND_UNLESS_NOT_SUPPORTED: "HFP-COND-001",
|
|
43
|
+
/** Complex condition cannot be parsed */
|
|
44
|
+
COND_COMPLEX_EXPRESSION: "HFP-COND-002",
|
|
45
|
+
|
|
46
|
+
// Parse errors (HFP-PARSE-xxx)
|
|
47
|
+
/** Invalid Cedar syntax */
|
|
48
|
+
PARSE_INVALID_SYNTAX: "HFP-PARSE-001",
|
|
49
|
+
/** Failed to convert policy to JSON */
|
|
50
|
+
PARSE_JSON_CONVERSION: "HFP-PARSE-002",
|
|
51
|
+
/** Failed to parse Cedar JSON structure */
|
|
52
|
+
PARSE_JSON_STRUCTURE: "HFP-PARSE-003",
|
|
53
|
+
/** Unknown policy effect (not permit or forbid) */
|
|
54
|
+
PARSE_UNKNOWN_EFFECT: "HFP-PARSE-004",
|
|
55
|
+
/** Duplicate policy ID found */
|
|
56
|
+
PARSE_DUPLICATE_ID: "HFP-PARSE-005",
|
|
57
|
+
} as const;
|
|
58
|
+
|
|
59
|
+
export type ErrorCode = (typeof ErrorCodes)[keyof typeof ErrorCodes];
|
|
60
|
+
|
|
61
|
+
/**
|
|
62
|
+
* Context information for parser errors.
|
|
63
|
+
*/
|
|
64
|
+
export interface ErrorContext {
|
|
65
|
+
/** The operator that caused the error (e.g., "==", "in", "is") */
|
|
66
|
+
operator?: string;
|
|
67
|
+
/** The field that caused the error (e.g., "principal", "action", "resource") */
|
|
68
|
+
field?: string;
|
|
69
|
+
/** The policy ID if available */
|
|
70
|
+
policyId?: string;
|
|
71
|
+
}
|
|
72
|
+
|
|
73
|
+
/**
|
|
74
|
+
* A structured parser error with code, message, and optional context.
|
|
75
|
+
*/
|
|
76
|
+
export class ParserError extends Error {
|
|
77
|
+
/** Machine-readable error code (e.g., "HFP-SCOPE-001") */
|
|
78
|
+
public readonly code: ErrorCode;
|
|
79
|
+
/** Optional context for debugging */
|
|
80
|
+
public readonly context?: ErrorContext;
|
|
81
|
+
|
|
82
|
+
constructor(code: ErrorCode, message: string, context?: ErrorContext) {
|
|
83
|
+
super(message);
|
|
84
|
+
this.name = "ParserError";
|
|
85
|
+
this.code = code;
|
|
86
|
+
this.context = context;
|
|
87
|
+
|
|
88
|
+
// Maintains proper stack trace for where our error was thrown (only available on V8)
|
|
89
|
+
const ErrorWithCapture = Error as typeof Error & { captureStackTrace?: (err: Error, constructor: Function) => void };
|
|
90
|
+
if (ErrorWithCapture.captureStackTrace) {
|
|
91
|
+
ErrorWithCapture.captureStackTrace(this, ParserError);
|
|
92
|
+
}
|
|
93
|
+
}
|
|
94
|
+
|
|
95
|
+
/**
|
|
96
|
+
* Returns a string representation including the error code.
|
|
97
|
+
*/
|
|
98
|
+
override toString(): string {
|
|
99
|
+
return `[${this.code}] ${this.message}`;
|
|
100
|
+
}
|
|
101
|
+
|
|
102
|
+
/**
|
|
103
|
+
* Serializes the error to a plain object for JSON serialization.
|
|
104
|
+
*/
|
|
105
|
+
toJSON(): { code: string; message: string; context?: ErrorContext } {
|
|
106
|
+
return {
|
|
107
|
+
code: this.code,
|
|
108
|
+
message: this.message,
|
|
109
|
+
...(this.context && { context: this.context }),
|
|
110
|
+
};
|
|
111
|
+
}
|
|
112
|
+
|
|
113
|
+
// Convenience static factory methods for common errors
|
|
114
|
+
|
|
115
|
+
/** Scope constraint is missing an entity */
|
|
116
|
+
static scopeMissingEntity(operator: string, field: string): ParserError {
|
|
117
|
+
return new ParserError(
|
|
118
|
+
ErrorCodes.SCOPE_MISSING_ENTITY,
|
|
119
|
+
`'${operator}' constraint is missing an entity`,
|
|
120
|
+
{ operator, field }
|
|
121
|
+
);
|
|
122
|
+
}
|
|
123
|
+
|
|
124
|
+
/** Scope constraint is missing an entity type */
|
|
125
|
+
static scopeMissingEntityType(field: string): ParserError {
|
|
126
|
+
return new ParserError(
|
|
127
|
+
ErrorCodes.SCOPE_MISSING_ENTITY_TYPE,
|
|
128
|
+
"'is' constraint is missing an entity_type",
|
|
129
|
+
{ operator: "is", field }
|
|
130
|
+
);
|
|
131
|
+
}
|
|
132
|
+
|
|
133
|
+
/** Scope constraint is missing entity list */
|
|
134
|
+
static scopeMissingEntityList(field: string): ParserError {
|
|
135
|
+
return new ParserError(
|
|
136
|
+
ErrorCodes.SCOPE_MISSING_ENTITY_LIST,
|
|
137
|
+
"'in' constraint is missing an entity",
|
|
138
|
+
{ operator: "in", field }
|
|
139
|
+
);
|
|
140
|
+
}
|
|
141
|
+
|
|
142
|
+
/** Slot constraints are not supported */
|
|
143
|
+
static scopeSlotNotSupported(operator: string, field: string): ParserError {
|
|
144
|
+
return new ParserError(
|
|
145
|
+
ErrorCodes.SCOPE_SLOT_NOT_SUPPORTED,
|
|
146
|
+
`'${operator}' constraint with slot cannot be represented`,
|
|
147
|
+
{ operator, field }
|
|
148
|
+
);
|
|
149
|
+
}
|
|
150
|
+
|
|
151
|
+
/** Unsupported scope operator */
|
|
152
|
+
static scopeUnsupportedOp(operator: string, field: string): ParserError {
|
|
153
|
+
return new ParserError(
|
|
154
|
+
ErrorCodes.SCOPE_UNSUPPORTED_OP,
|
|
155
|
+
`Unsupported scope operator: ${operator}`,
|
|
156
|
+
{ operator, field }
|
|
157
|
+
);
|
|
158
|
+
}
|
|
159
|
+
|
|
160
|
+
/** Action constraint is missing an entity */
|
|
161
|
+
static actionMissingEntity(operator: string): ParserError {
|
|
162
|
+
return new ParserError(
|
|
163
|
+
ErrorCodes.ACTION_MISSING_ENTITY,
|
|
164
|
+
`Action '${operator}' constraint is missing an entity`,
|
|
165
|
+
{ operator, field: "action" }
|
|
166
|
+
);
|
|
167
|
+
}
|
|
168
|
+
|
|
169
|
+
/** Action constraint is missing entities */
|
|
170
|
+
static actionMissingEntities(): ParserError {
|
|
171
|
+
return new ParserError(
|
|
172
|
+
ErrorCodes.ACTION_MISSING_ENTITIES,
|
|
173
|
+
"Action 'in' constraint is missing entities",
|
|
174
|
+
{ operator: "in", field: "action" }
|
|
175
|
+
);
|
|
176
|
+
}
|
|
177
|
+
|
|
178
|
+
/** Unsupported action operator */
|
|
179
|
+
static actionUnsupportedOp(operator: string): ParserError {
|
|
180
|
+
return new ParserError(
|
|
181
|
+
ErrorCodes.ACTION_UNSUPPORTED_OP,
|
|
182
|
+
`Unsupported action operator: ${operator}`,
|
|
183
|
+
{ operator, field: "action" }
|
|
184
|
+
);
|
|
185
|
+
}
|
|
186
|
+
|
|
187
|
+
/** Action scope is nil */
|
|
188
|
+
static actionScopeNil(): ParserError {
|
|
189
|
+
return new ParserError(
|
|
190
|
+
ErrorCodes.ACTION_SCOPE_NIL,
|
|
191
|
+
"Action scope is nil",
|
|
192
|
+
{ field: "action" }
|
|
193
|
+
);
|
|
194
|
+
}
|
|
195
|
+
}
|
package/src/index.ts
CHANGED
package/src/parser.test.ts
CHANGED
|
@@ -113,4 +113,57 @@ describe('parseCedarToRules', () => {
|
|
|
113
113
|
expect(result.rules).toHaveLength(0);
|
|
114
114
|
expect(result.unstructured.length).toBeGreaterThan(0);
|
|
115
115
|
});
|
|
116
|
+
|
|
117
|
+
it('should store complex conditions as valid JSON array in rawCondition', () => {
|
|
118
|
+
// Use a condition with boolean AND that can't be mapped to structured format
|
|
119
|
+
const cedarText = `
|
|
120
|
+
@id("complex-condition")
|
|
121
|
+
permit(principal, action, resource)
|
|
122
|
+
when {
|
|
123
|
+
context.a == "x" && context.b == "y"
|
|
124
|
+
};
|
|
125
|
+
`;
|
|
126
|
+
|
|
127
|
+
const result = parseCedarToRules(cedarText);
|
|
128
|
+
|
|
129
|
+
expect(result.errors).toHaveLength(0);
|
|
130
|
+
expect(result.rules).toHaveLength(1);
|
|
131
|
+
|
|
132
|
+
const rule = result.rules[0];
|
|
133
|
+
|
|
134
|
+
// The complex && condition should be in rawCondition as valid JSON array
|
|
135
|
+
if (rule.rawCondition) {
|
|
136
|
+
// Verify it's valid JSON (should not throw)
|
|
137
|
+
const parsed = JSON.parse(rule.rawCondition);
|
|
138
|
+
expect(Array.isArray(parsed)).toBe(true);
|
|
139
|
+
expect(parsed.length).toBeGreaterThan(0);
|
|
140
|
+
}
|
|
141
|
+
// Either conditions were mapped or rawCondition contains valid JSON
|
|
142
|
+
expect(rule.conditions.length > 0 || rule.rawCondition).toBeTruthy();
|
|
143
|
+
});
|
|
144
|
+
|
|
145
|
+
it('should warn about duplicate policy IDs', () => {
|
|
146
|
+
const cedarText = `
|
|
147
|
+
@id("duplicate-id")
|
|
148
|
+
permit(principal, action, resource);
|
|
149
|
+
|
|
150
|
+
@id("unique-id")
|
|
151
|
+
forbid(principal, action, resource);
|
|
152
|
+
|
|
153
|
+
@id("duplicate-id")
|
|
154
|
+
permit(principal is User, action, resource);
|
|
155
|
+
`;
|
|
156
|
+
|
|
157
|
+
const result = parseCedarToRules(cedarText);
|
|
158
|
+
|
|
159
|
+
// All policies should still be parsed
|
|
160
|
+
expect(result.rules).toHaveLength(3);
|
|
161
|
+
|
|
162
|
+
// Should have a warning about duplicate ID
|
|
163
|
+
const duplicateError = result.errors.find(e => e.includes("HFP-PARSE-005"));
|
|
164
|
+
expect(duplicateError).toBeDefined();
|
|
165
|
+
expect(duplicateError).toContain("duplicate-id");
|
|
166
|
+
expect(duplicateError).toContain("[0"); // First occurrence at index 0
|
|
167
|
+
expect(duplicateError).toContain("2"); // Second occurrence at index 2
|
|
168
|
+
});
|
|
116
169
|
});
|
package/src/parser.ts
CHANGED
|
@@ -11,6 +11,7 @@
|
|
|
11
11
|
|
|
12
12
|
import * as cedar from "@cedar-policy/cedar-wasm/nodejs";
|
|
13
13
|
import type { PolicyRule, PolicyCondition, PolicyEntity, PolicyEffect, ConditionOperator } from "./builder.js";
|
|
14
|
+
import { ParserError, ErrorCodes } from "./errors.js";
|
|
14
15
|
|
|
15
16
|
/**
|
|
16
17
|
* Result of parsing Cedar policies
|
|
@@ -141,6 +142,23 @@ export function parseCedarToRules(cedarText: string): ParseResult {
|
|
|
141
142
|
result.errors.push(`Parse error: ${e instanceof Error ? e.message : String(e)}`);
|
|
142
143
|
}
|
|
143
144
|
|
|
145
|
+
// Check for duplicate policy IDs and add warnings
|
|
146
|
+
const idOccurrences = new Map<string, number[]>();
|
|
147
|
+
result.rules.forEach((rule, idx) => {
|
|
148
|
+
if (rule.id) {
|
|
149
|
+
const indices = idOccurrences.get(rule.id) || [];
|
|
150
|
+
indices.push(idx);
|
|
151
|
+
idOccurrences.set(rule.id, indices);
|
|
152
|
+
}
|
|
153
|
+
});
|
|
154
|
+
for (const [id, indices] of idOccurrences) {
|
|
155
|
+
if (indices.length > 1) {
|
|
156
|
+
result.errors.push(
|
|
157
|
+
`[${ErrorCodes.PARSE_DUPLICATE_ID}] Duplicate policy ID '${id}' found at indices [${indices.join(", ")}]`
|
|
158
|
+
);
|
|
159
|
+
}
|
|
160
|
+
}
|
|
161
|
+
|
|
144
162
|
return result;
|
|
145
163
|
}
|
|
146
164
|
|
|
@@ -162,31 +180,37 @@ function cedarJsonToRule(
|
|
|
162
180
|
return { raw };
|
|
163
181
|
}
|
|
164
182
|
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
|
|
183
|
+
try {
|
|
184
|
+
const rule: PolicyRule = {
|
|
185
|
+
id: policy.annotations?.id || policyId,
|
|
186
|
+
name: policy.annotations?.name || policy.annotations?.id || policyId,
|
|
187
|
+
effect: policy.effect as PolicyEffect,
|
|
188
|
+
principal: mapScopeToEntity(policy.principal, "principal"),
|
|
189
|
+
action: mapActionScope(policy.action),
|
|
190
|
+
resource: mapScopeToEntity(policy.resource, "resource"),
|
|
191
|
+
conditions: [],
|
|
192
|
+
enabled: true,
|
|
193
|
+
order: index,
|
|
194
|
+
};
|
|
195
|
+
|
|
196
|
+
// Map description from annotations
|
|
197
|
+
if (policy.annotations?.description) {
|
|
198
|
+
rule.description = policy.annotations.description;
|
|
199
|
+
}
|
|
176
200
|
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
rule.
|
|
180
|
-
|
|
201
|
+
// Map conditions
|
|
202
|
+
const { conditions, rawCondition } = mapConditions(policy.conditions);
|
|
203
|
+
rule.conditions = conditions;
|
|
204
|
+
if (rawCondition) {
|
|
205
|
+
rule.rawCondition = rawCondition;
|
|
206
|
+
}
|
|
181
207
|
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
208
|
+
return { rule };
|
|
209
|
+
} catch (e) {
|
|
210
|
+
const error = e instanceof Error ? e.message : String(e);
|
|
211
|
+
const raw = originalText || getRawCedar(policyId, policy);
|
|
212
|
+
return { raw, error };
|
|
187
213
|
}
|
|
188
|
-
|
|
189
|
-
return { rule };
|
|
190
214
|
}
|
|
191
215
|
|
|
192
216
|
/**
|
|
@@ -237,13 +261,21 @@ function getRawCedar(policyId: string, policy: CedarPolicyJSON): string {
|
|
|
237
261
|
} catch {
|
|
238
262
|
// Ignore conversion errors
|
|
239
263
|
}
|
|
240
|
-
|
|
264
|
+
// Sanitize policyId to prevent newline injection attacks
|
|
265
|
+
const safeId = policyId.replace(/[\n\r]/g, " ");
|
|
266
|
+
return `// Complex policy: ${safeId}`;
|
|
241
267
|
}
|
|
242
268
|
|
|
243
269
|
/**
|
|
244
270
|
* Map Cedar scope constraint to PolicyEntity
|
|
271
|
+
*
|
|
272
|
+
* Returns null for unconstrained ("All") scopes.
|
|
273
|
+
* Throws ParserError for malformed constraints to prevent silent misinterpretation.
|
|
274
|
+
*
|
|
275
|
+
* @param scope - The Cedar scope constraint
|
|
276
|
+
* @param field - The field name ("principal" or "resource") for error context
|
|
245
277
|
*/
|
|
246
|
-
function mapScopeToEntity(scope: CedarScopeConstraint): PolicyEntity | null {
|
|
278
|
+
function mapScopeToEntity(scope: CedarScopeConstraint, field: string): PolicyEntity | null {
|
|
247
279
|
if (scope.op === "All") {
|
|
248
280
|
return null;
|
|
249
281
|
}
|
|
@@ -253,13 +285,17 @@ function mapScopeToEntity(scope: CedarScopeConstraint): PolicyEntity | null {
|
|
|
253
285
|
const entity = normalizeEntityRef(scope.entity);
|
|
254
286
|
return { type: entity.type, id: entity.id };
|
|
255
287
|
}
|
|
256
|
-
|
|
257
|
-
|
|
288
|
+
if ("slot" in scope) {
|
|
289
|
+
throw ParserError.scopeSlotNotSupported("==", field);
|
|
290
|
+
}
|
|
291
|
+
throw ParserError.scopeMissingEntity("==", field);
|
|
258
292
|
}
|
|
259
293
|
|
|
260
294
|
if (scope.op === "is") {
|
|
261
|
-
|
|
262
|
-
|
|
295
|
+
if (scope.entity_type) {
|
|
296
|
+
return { type: scope.entity_type };
|
|
297
|
+
}
|
|
298
|
+
throw ParserError.scopeMissingEntityType(field);
|
|
263
299
|
}
|
|
264
300
|
|
|
265
301
|
if (scope.op === "in") {
|
|
@@ -267,15 +303,19 @@ function mapScopeToEntity(scope: CedarScopeConstraint): PolicyEntity | null {
|
|
|
267
303
|
const entity = normalizeEntityRef(scope.entity);
|
|
268
304
|
return { type: entity.type, id: entity.id };
|
|
269
305
|
}
|
|
270
|
-
|
|
271
|
-
|
|
306
|
+
if ("slot" in scope) {
|
|
307
|
+
throw ParserError.scopeSlotNotSupported("in", field);
|
|
308
|
+
}
|
|
309
|
+
throw ParserError.scopeMissingEntityList(field);
|
|
272
310
|
}
|
|
273
311
|
|
|
274
|
-
|
|
312
|
+
throw ParserError.scopeUnsupportedOp((scope as { op: string }).op, field);
|
|
275
313
|
}
|
|
276
314
|
|
|
277
315
|
/**
|
|
278
316
|
* Map action scope to action string(s)
|
|
317
|
+
*
|
|
318
|
+
* Throws ParserError for malformed constraints to prevent silent misinterpretation.
|
|
279
319
|
*/
|
|
280
320
|
function mapActionScope(scope: CedarActionConstraint): string | string[] {
|
|
281
321
|
if (scope.op === "All") {
|
|
@@ -283,8 +323,11 @@ function mapActionScope(scope: CedarActionConstraint): string | string[] {
|
|
|
283
323
|
}
|
|
284
324
|
|
|
285
325
|
if (scope.op === "==") {
|
|
286
|
-
|
|
287
|
-
|
|
326
|
+
if ("entity" in scope) {
|
|
327
|
+
const entity = normalizeEntityRef(scope.entity);
|
|
328
|
+
return entity.id;
|
|
329
|
+
}
|
|
330
|
+
throw ParserError.actionMissingEntity("==");
|
|
288
331
|
}
|
|
289
332
|
|
|
290
333
|
if (scope.op === "in") {
|
|
@@ -296,9 +339,10 @@ function mapActionScope(scope: CedarActionConstraint): string | string[] {
|
|
|
296
339
|
const entity = normalizeEntityRef(scope.entity);
|
|
297
340
|
return entity.id;
|
|
298
341
|
}
|
|
342
|
+
throw ParserError.actionMissingEntities();
|
|
299
343
|
}
|
|
300
344
|
|
|
301
|
-
|
|
345
|
+
throw ParserError.actionUnsupportedOp((scope as { op: string }).op);
|
|
302
346
|
}
|
|
303
347
|
|
|
304
348
|
/**
|
|
@@ -324,9 +368,11 @@ function mapConditions(conditions: CedarCondition[]): {
|
|
|
324
368
|
}
|
|
325
369
|
}
|
|
326
370
|
|
|
371
|
+
// Store raw conditions as a valid JSON array instead of joining with " && "
|
|
372
|
+
// This ensures downstream systems can parse the rawCondition field
|
|
327
373
|
return {
|
|
328
374
|
conditions: result,
|
|
329
|
-
rawCondition: rawParts.length > 0 ? rawParts.join("
|
|
375
|
+
rawCondition: rawParts.length > 0 ? `[${rawParts.join(",")}]` : undefined,
|
|
330
376
|
};
|
|
331
377
|
}
|
|
332
378
|
|
|
@@ -412,9 +458,10 @@ function mapLike(args: { left: CedarExpr; pattern: Array<"Wildcard" | { Literal:
|
|
|
412
458
|
if (!field) return null;
|
|
413
459
|
|
|
414
460
|
// Convert pattern to string (e.g., ["Wildcard", { Literal: "foo" }, "Wildcard"] -> "*foo*")
|
|
461
|
+
// Escape literal * characters to distinguish from wildcards on round-trip
|
|
415
462
|
const patternStr = args.pattern.map(p => {
|
|
416
463
|
if (p === "Wildcard") return "*";
|
|
417
|
-
if (typeof p === "object" && "Literal" in p) return p.Literal;
|
|
464
|
+
if (typeof p === "object" && "Literal" in p) return p.Literal.replace(/\*/g, "\\*");
|
|
418
465
|
return "";
|
|
419
466
|
}).join("");
|
|
420
467
|
|