npm - aws-iam-language-server - Versions diffs - 0.0.14 → 0.0.15 - Mend

aws-iam-language-server 0.0.14 → 0.0.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/package.json +1 -1
package/readme.md +1 -0
package/src/handlers/diagnostics/diagnostics.js +4 -2
package/src/handlers/diagnostics/sid.d.ts +1 -1
package/src/handlers/diagnostics/sid.js +11 -2

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "aws-iam-language-server",
-  "version": "0.0.14",
+  "version": "0.0.15",
   "type": "module",
   "bin": "./src/server.js",
   "publisher": "MichaelBarney",

package/readme.md CHANGED Viewed

@@ -78,6 +78,7 @@ This language server will provide diagnostics for some IAM policy issues, includ
 - no missing keys in a statement, (effect, action, resource or effect, action, principal)
 - no duplicate keys in a statement (including "not" variants like action/not action)
 - ensuring `Sid` uniqueness within a policy document
+- `Sid` values are valid (alphanumeric for identity policies, allow spaces in resource policies)
 - effect has a valid value
 - defined actions are valid, or wildcards resolve to valid actions
 - arn parts are valid (partition, region, account id)

package/src/handlers/diagnostics/diagnostics.js CHANGED Viewed

@@ -34,9 +34,10 @@ async function handleStandardDiagnostics(policyDocument) {
     const resourceValidator = new ResourceValidator();
     const conditionValidator = new ConditionValidator();
     for (const statement of policyDocument.statements) {
+        const isResourcePolicy = statement.entries.some((e) => e.key === 'Principal' || e.key === 'NotPrincipal');
         for (const entry of statement.entries) {
             if (entry.key === 'Sid') {
-                diagnostics = diagnostics.concat(sidValidator.validate(entry));
+                diagnostics = diagnostics.concat(sidValidator.validate(entry, isResourcePolicy));
             }
             else if (entry.key === 'Effect') {
                 diagnostics = diagnostics.concat(effectValidator.validate(entry));
@@ -81,9 +82,10 @@ async function handleHclBlockDiagnostics(policyDocument) {
     const resourceValidator = new ResourceValidator();
     const conditionValidator = new ConditionValidator();
     for (const statement of policyDocument.statements) {
+        const isResourcePolicy = statement.entries.some((e) => e.key === 'principals' || e.key === 'not_principals');
         for (const entry of statement.entries) {
             if (entry.key === 'sid') {
-                diagnostics = diagnostics.concat(sidValidator.validate(entry));
+                diagnostics = diagnostics.concat(sidValidator.validate(entry, isResourcePolicy));
             }
             else if (entry.key === 'effect') {
                 diagnostics = diagnostics.concat(effectValidator.validate(entry));

package/src/handlers/diagnostics/sid.d.ts CHANGED Viewed

@@ -4,5 +4,5 @@ import { ElementValidator } from './base.ts';
 export declare class SidValidator extends ElementValidator {
     #private;
     constructor();
-    validate(entry: StatementEntry): Array<Diagnostic>;
+    validate(entry: StatementEntry, isResourcePolicy?: boolean): Array<Diagnostic>;
 }

package/src/handlers/diagnostics/sid.js CHANGED Viewed

@@ -1,21 +1,30 @@
 import { ElementValidator } from "./base.js";
 import { createDiagnostic } from "./utils.js";
+const strictSidPattern = /^[A-Za-z0-9]*$/;
+const resourcePolicySidPattern = /^[A-Za-z0-9 ]*$/;
 export class SidValidator extends ElementValidator {
     #sids = {};
     constructor() {
         super();
         this.#sids = {};
     }
-    validate(entry) {
+    validate(entry, isResourcePolicy = false) {
         const diagnostics = super.validate(entry);
         const sidValue = entry.values[0]?.text;
         if (!sidValue)
-            return [];
+            return diagnostics;
         if (sidValue in this.#sids) {
             diagnostics.push(createDiagnostic(`Duplicate statement id value "${sidValue}"`, entry.valueRange));
             diagnostics.push(createDiagnostic(`Duplicate statement id value "${sidValue}"`, this.#sids[sidValue].valueRange));
         }
         this.#sids[sidValue] = entry;
+        const pattern = isResourcePolicy ? resourcePolicySidPattern : strictSidPattern;
+        if (!pattern.test(sidValue)) {
+            const message = isResourcePolicy
+                ? 'Sid must contain only ASCII letters (A-Z, a-z), digits (0-9), and spaces'
+                : 'Sid must contain only ASCII letters (A-Z, a-z) and digits (0-9)';
+            diagnostics.push(createDiagnostic(message, entry.values[0].range));
+        }
         return diagnostics;
     }
 }