ProjectSegfault/go-away
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

conditions: verify that AST condition result is bool

Browse Source
This commit is contained in:
WeebDataHoarder
2025-05-01 00:50:37 +02:00
parent a9f03267b6
commit fccaa64fad
3 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/challenge/register.go
View File

@@ -11,6 +11,7 @@ import (
"github.com/go-jose/go-jose/v4/jwt" "github.com/go-jose/go-jose/v4/jwt"
"github.com/goccy/go-yaml/ast" "github.com/goccy/go-yaml/ast"
"github.com/google/cel-go/cel" "github.com/google/cel-go/cel"
"github.com/google/cel-go/common/types"
"io" "io"
"math/rand/v2" "math/rand/v2"
"net/http" "net/http"
@@ -71,6 +72,13 @@ func (r Register) Create(state StateInterface, name string, pol policy.Challenge
if err != nil { if err != nil {
return nil, 0, fmt.Errorf("error compiling conditions: %v", err) return nil, 0, fmt.Errorf("error compiling conditions: %v", err)
} }
if out := ast.OutputType(); out == nil {
return nil, 0, fmt.Errorf("error compiling conditions: no output")
} else if out != types.BoolType {
return nil, 0, fmt.Errorf("error compiling conditions: output type is not bool")
}
reg.Condition, err = http_cel.ProgramAst(state.ProgramEnv(), ast) reg.Condition, err = http_cel.ProgramAst(state.ProgramEnv(), ast)
if err != nil { if err != nil {
return nil, 0, fmt.Errorf("error compiling program: %v", err) return nil, 0, fmt.Errorf("error compiling program: %v", err)

6
lib/rule.go
View File

@@ -71,6 +71,12 @@ func NewRuleState(state challenge.StateInterface, r policy.Rule, replacer *strin
return RuleState{}, fmt.Errorf("error compiling conditions: %w", err) return RuleState{}, fmt.Errorf("error compiling conditions: %w", err)
} }
if out := ast.OutputType(); out == nil {
return RuleState{}, fmt.Errorf("error compiling conditions: no output")
} else if out != types.BoolType {
return RuleState{}, fmt.Errorf("error compiling conditions: output type is not bool")
}
program, err := http_cel.ProgramAst(state.ProgramEnv(), ast) program, err := http_cel.ProgramAst(state.ProgramEnv(), ast)
if err != nil { if err != nil {
return RuleState{}, fmt.Errorf("error compiling program: %w", err) return RuleState{}, fmt.Errorf("error compiling program: %w", err)

7
lib/state.go
View File

@@ -13,6 +13,7 @@ import (
"git.gammaspectra.live/git/go-away/lib/settings" "git.gammaspectra.live/git/go-away/lib/settings"
"git.gammaspectra.live/git/go-away/utils" "git.gammaspectra.live/git/go-away/utils"
"github.com/google/cel-go/cel" "github.com/google/cel-go/cel"
"github.com/google/cel-go/common/types"
"github.com/yl2chen/cidranger" "github.com/yl2chen/cidranger"
"golang.org/x/net/html" "golang.org/x/net/html"
"log/slog" "log/slog"
@@ -210,6 +211,12 @@ func NewState(p policy.Policy, opt settings.Settings, settings policy.StateSetti
return nil, fmt.Errorf("conditions %s: error compiling conditions: %v", k, err) return nil, fmt.Errorf("conditions %s: error compiling conditions: %v", k, err)
} }
if out := ast.OutputType(); out == nil {
return nil, fmt.Errorf("conditions %s: error compiling conditions: no output", k)
} else if out != types.BoolType {
return nil, fmt.Errorf("conditions %s: error compiling conditions: output type is not bool", k)
}
cond, err := cel.AstToString(ast) cond, err := cel.AstToString(ast)
if err != nil { if err != nil {
return nil, fmt.Errorf("conditions %s: error printing condition: %v", k, err) return nil, fmt.Errorf("conditions %s: error printing condition: %v", k, err)