-
-
Notifications
You must be signed in to change notification settings - Fork 68
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement ABAC #102
Implement ABAC #102
Conversation
a99621c
to
522985c
Compare
Codecov Report
@@ Coverage Diff @@
## master #102 +/- ##
==========================================
+ Coverage 86.41% 86.45% +0.03%
==========================================
Files 20 20
Lines 2841 2849 +8
==========================================
+ Hits 2455 2463 +8
Misses 386 386
Continue to review full report at Codecov.
|
That's correct. Object maps work in 0.11.1. I'll put out a 0.12.0 soon. |
This is not necessary and you run the risk of not properly sanitizing your input (e.g. if I'd suggest something like this:
assuming |
Thanks, @GopherJ Since json string is usually derived from a struct, so we are less likely to see sanitize problems here, I think we can keep this style first and when |
I agree maybe we don't need to validate, rhai will return an error if it's not the correct format |
True... Rhai is sandboxed meaning that you can't really harm the system other than getting a syntax error. |
in abac r_sub, r_obj, r_act can be object use push_constant to avoid security problem if input is not properly sanitized
thanks @xcaptain |
#78 Because rust doesn't support variadic parameters, we finally decide to use a json string to represent a request object, it can be parsed into a json object and then do evaluation in rhai.
@GopherJ please take a look
@schungx I found
#{}
works in 0.11.1, so no need to upgrade to 0.12.0 right?