arian/anubis-mirror
1
0
Fork 0
mirror of https://github.com/TecharoHQ/anubis.git synced 2026-04-26 01:52:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: rename and/or to all/any

Browse Source 
Signed-off-by: Xe Iaso <me@xeiaso.net>
This commit is contained in:
Xe Iaso
2025-04-25 10:52:45 -04:00
parent 65cbc6922c
commit 92a3e5ba81
10 changed files with 41 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files
data/apps/git-client.yaml
+10 -3
View File
@@ -1,7 +1,14 @@
- name: allow-git-clients - name: allow-git-clients
action: ALLOW action: ALLOW
expression: expression:
and: all:
- userAgent.startsWith("git/") || userAgent.contains("libgit") || userAgent.startsWith("go-git") || userAgent.startsWith("JGit/") || userAgent.startsWith("JGit-")
- > - >
"Git-Protocol" in headers && headers["Git-Protocol"] == "version=2" (
userAgent.startsWith("git/") ||
userAgent.contains("libgit") ||
userAgent.startsWith("go-git") ||
userAgent.startsWith("JGit/") ||
userAgent.startsWith("JGit-")
)
- '"Git-Protocol" in headers'
- headers["Git-Protocol"] == "version=2"
data/clients/go-get.yaml
+1 -1
View File
@@ -1,7 +1,7 @@
- name: go-get - name: go-get
action: ALLOW action: ALLOW
expression: expression:
and: all:
- userAgent.startsWith("Go-http-client/") - userAgent.startsWith("Go-http-client/")
- '"go-get" in query' - '"go-get" in query'
- query["go-get"] == "1" - query["go-get"] == "1"
data/common/allow-api-like.yaml
+1 -1
View File
@@ -1,6 +1,6 @@
- name: allow-api-routes - name: allow-api-routes
action: ALLOW action: ALLOW
expression: expression:
and: all:
- '!(method == "HEAD" || method == "GET")' - '!(method == "HEAD" || method == "GET")'
- path.startsWith("/api/") - path.startsWith("/api/")
lib/policy/celchecker.go
+10 -5
View File
@@ -28,18 +28,23 @@ func NewCELChecker(cfg *config.ExpressionOrList) (*CELChecker, error) {
if cfg.Expression != "" { if cfg.Expression != "" {
src = cfg.Expression src = cfg.Expression
var iss *cel.Issues var iss *cel.Issues
ast, iss = env.Compile(src) interm, iss := env.Compile(src)
if iss != nil {
return nil, iss.Err()
}
ast, iss = env.Check(interm)
if iss != nil { if iss != nil {
return nil, iss.Err() return nil, iss.Err()
} }
} }
if len(cfg.And) != 0 { if len(cfg.All) != 0 {
ast, err = expressions.Join(env, expressions.JoinAnd, cfg.And...) ast, err = expressions.Join(env, expressions.JoinAnd, cfg.All...)
} }
if len(cfg.Or) != 0 { if len(cfg.Any) != 0 {
ast, err = expressions.Join(env, expressions.JoinOr, cfg.Or...) ast, err = expressions.Join(env, expressions.JoinOr, cfg.Any...)
} }
if err != nil { if err != nil {
lib/policy/config/expressionorlist.go
+7 -7
View File
@@ -14,8 +14,8 @@ var (
type ExpressionOrList struct { type ExpressionOrList struct {
Expression string `json:"-"` Expression string `json:"-"`
And []string `json:"and"` All []string `json:"all"`
Or []string `json:"or"` Any []string `json:"any"`
} }
func (eol ExpressionOrList) Equal(rhs *ExpressionOrList) bool { func (eol ExpressionOrList) Equal(rhs *ExpressionOrList) bool {
@@ -23,11 +23,11 @@ func (eol ExpressionOrList) Equal(rhs *ExpressionOrList) bool {
return false return false
} }
if !slices.Equal(eol.And, rhs.And) { if !slices.Equal(eol.All, rhs.All) {
return false return false
} }
if !slices.Equal(eol.Or, rhs.Or) { if !slices.Equal(eol.Any, rhs.Any) {
return false return false
} }
@@ -44,8 +44,8 @@ func (eol *ExpressionOrList) UnmarshalJSON(data []byte) error {
if err := json.Unmarshal(data, &val); err != nil { if err := json.Unmarshal(data, &val); err != nil {
return err return err
} }
eol.And = val.And eol.All = val.All
eol.Or = val.Or eol.Any = val.Any
return nil return nil
} }
@@ -54,7 +54,7 @@ func (eol *ExpressionOrList) UnmarshalJSON(data []byte) error {
} }
func (eol *ExpressionOrList) Valid() error { func (eol *ExpressionOrList) Valid() error {
if len(eol.And) != 0 && len(eol.Or) != 0 { if len(eol.All) != 0 && len(eol.Any) != 0 {
return ErrExpressionCantHaveBoth return ErrExpressionCantHaveBoth
} }
lib/policy/config/expressionorlist_test.go
+6 -6
View File
@@ -24,10 +24,10 @@ func TestExpressionOrListUnmarshal(t *testing.T) {
{ {
name: "object-and", name: "object-and",
inp: `{ inp: `{
"and": ["\"User-Agent\" in headers"] "all": ["\"User-Agent\" in headers"]
}`, }`,
result: &ExpressionOrList{ result: &ExpressionOrList{
And: []string{ All: []string{
`"User-Agent" in headers`, `"User-Agent" in headers`,
}, },
}, },
@@ -35,10 +35,10 @@ func TestExpressionOrListUnmarshal(t *testing.T) {
{ {
name: "object-or", name: "object-or",
inp: `{ inp: `{
"or": ["\"User-Agent\" in headers"] "any": ["\"User-Agent\" in headers"]
}`, }`,
result: &ExpressionOrList{ result: &ExpressionOrList{
Or: []string{ Any: []string{
`"User-Agent" in headers`, `"User-Agent" in headers`,
}, },
}, },
@@ -46,8 +46,8 @@ func TestExpressionOrListUnmarshal(t *testing.T) {
{ {
name: "both-or-and", name: "both-or-and",
inp: `{ inp: `{
"and": ["\"User-Agent\" in headers"], "all": ["\"User-Agent\" in headers"],
"or": ["\"User-Agent\" in headers"] "any": ["\"User-Agent\" in headers"]
}`, }`,
validErr: ErrExpressionCantHaveBoth, validErr: ErrExpressionCantHaveBoth,
}, },
lib/policy/config/testdata/bad/multiple_expression_types.json
Vendored
+2 -2
View File
@@ -4,11 +4,11 @@
"name": "multiple-expression-types", "name": "multiple-expression-types",
"action": "ALLOW", "action": "ALLOW",
"expression": { "expression": {
"and": [ "all": [
"userAgent.startsWith(\"git/\") || userAgent.contains(\"libgit\")", "userAgent.startsWith(\"git/\") || userAgent.contains(\"libgit\")",
"\"Git-Protocol\" in headers && headers[\"Git-Protocol\"] == \"version=2\"\n" "\"Git-Protocol\" in headers && headers[\"Git-Protocol\"] == \"version=2\"\n"
], ],
"or": [ "any": [
"userAgent.startsWith(\"evilbot/\")" "userAgent.startsWith(\"evilbot/\")"
] ]
} }
lib/policy/config/testdata/bad/multiple_expression_types.yaml
Vendored
+2 -2
View File
@@ -2,9 +2,9 @@ bots:
- name: multiple-expression-types - name: multiple-expression-types
action: ALLOW action: ALLOW
expression: expression:
and: all:
- userAgent.startsWith("git/") || userAgent.contains("libgit") - userAgent.startsWith("git/") || userAgent.contains("libgit")
- > - >
"Git-Protocol" in headers && headers["Git-Protocol"] == "version=2" "Git-Protocol" in headers && headers["Git-Protocol"] == "version=2"
or: any:
- userAgent.startsWith("evilbot/") - userAgent.startsWith("evilbot/")
lib/policy/config/testdata/good/git_client.json
Vendored
+1 -1
View File
@@ -4,7 +4,7 @@
"name": "allow-git-clients", "name": "allow-git-clients",
"action": "ALLOW", "action": "ALLOW",
"expression": { "expression": {
"and": [ "all": [
"userAgent.startsWith(\"git/\") || userAgent.contains(\"libgit\")", "userAgent.startsWith(\"git/\") || userAgent.contains(\"libgit\")",
"\"Git-Protocol\" in headers && headers[\"Git-Protocol\"] == \"version=2\"" "\"Git-Protocol\" in headers && headers[\"Git-Protocol\"] == \"version=2\""
] ]
lib/policy/config/testdata/good/git_client.yaml
Vendored
+1 -1
View File
@@ -2,7 +2,7 @@ bots:
- name: allow-git-clients - name: allow-git-clients
action: ALLOW action: ALLOW
expression: expression:
and: all:
- userAgent.startsWith("git/") || userAgent.contains("libgit") - userAgent.startsWith("git/") || userAgent.contains("libgit")
- > - >
"Git-Protocol" in headers && headers["Git-Protocol"] == "version=2" "Git-Protocol" in headers && headers["Git-Protocol"] == "version=2"