cedar_policy_validator/diagnostics/
validation_warnings.rs

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
/*
 * Copyright Cedar Contributors
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

//! Defines warnings returned by the validator.

// Shorthand macro for setting the diagnostic severity to Warning.
// We can use `#[diagnostic(severity(warning))]` once we don't need to use
// `cedar_policy::impl_diagnostic_from_source_loc` anymore.
macro_rules! impl_diagnostic_warning {
    () => {
        fn severity(&self) -> Option<miette::Severity> {
            Some(miette::Severity::Warning)
        }
    };
}

use cedar_policy_core::{ast::PolicyID, impl_diagnostic_from_source_loc_opt_field, parser::Loc};
use miette::Diagnostic;
use thiserror::Error;

/// Warning for strings containing mixed scripts
#[derive(Debug, Clone, PartialEq, Error, Eq, Hash)]
#[error("for policy `{policy_id}`, string `\"{string}\"` contains mixed scripts")]
pub struct MixedScriptString {
    /// Source location
    pub source_loc: Option<Loc>,
    /// Policy ID where the warning occurred
    pub policy_id: PolicyID,
    /// String containing mixed scripts
    pub string: String,
}

impl Diagnostic for MixedScriptString {
    impl_diagnostic_from_source_loc_opt_field!(source_loc);
    impl_diagnostic_warning!();
}

/// Warning for strings containing BIDI control characters
#[derive(Debug, Clone, PartialEq, Error, Eq, Hash)]
#[error("for policy `{policy_id}`, string `\"{string}\"` contains BIDI control characters")]
pub struct BidiCharsInString {
    /// Source location
    pub source_loc: Option<Loc>,
    /// Policy ID where the warning occurred
    pub policy_id: PolicyID,
    /// String containing BIDI control characters
    pub string: String,
}

impl Diagnostic for BidiCharsInString {
    impl_diagnostic_from_source_loc_opt_field!(source_loc);
    impl_diagnostic_warning!();
}

/// Warning for identifiers containing BIDI control characters
#[derive(Debug, Clone, PartialEq, Error, Eq, Hash)]
#[error("for policy `{policy_id}`, identifier `{id}` contains BIDI control characters")]
pub struct BidiCharsInIdentifier {
    /// Source location
    pub source_loc: Option<Loc>,
    /// Policy ID where the warning occurred
    pub policy_id: PolicyID,
    /// Identifier containing BIDI control characters
    pub id: String,
}

impl Diagnostic for BidiCharsInIdentifier {
    impl_diagnostic_from_source_loc_opt_field!(source_loc);
    impl_diagnostic_warning!();
}

/// Warning for identifiers containing mixed scripts
#[derive(Debug, Clone, PartialEq, Error, Eq, Hash)]
#[error("for policy `{policy_id}`, identifier `{id}` contains mixed scripts")]
pub struct MixedScriptIdentifier {
    /// Source location
    pub source_loc: Option<Loc>,
    /// Policy ID where the warning occurred
    pub policy_id: PolicyID,
    /// Identifier containing mixed scripts
    pub id: String,
}
impl Diagnostic for MixedScriptIdentifier {
    impl_diagnostic_from_source_loc_opt_field!(source_loc);
    impl_diagnostic_warning!();
}

/// Warning for identifiers containing confusable characters
#[derive(Debug, Clone, PartialEq, Error, Eq, Hash)]
#[error("for policy `{policy_id}`, identifier `{id}` contains characters that fall outside of the General Security Profile for Identifiers")]
pub struct ConfusableIdentifier {
    /// Source location
    pub source_loc: Option<Loc>,
    /// Policy ID where the warning occurred
    pub policy_id: PolicyID,
    /// Identifier containing confusable characters
    pub id: String,
}

impl Diagnostic for ConfusableIdentifier {
    impl_diagnostic_from_source_loc_opt_field!(source_loc);
    impl_diagnostic_warning!();
}

/// Warning for policies that are impossible (evaluate to `false` for all valid requests)
#[derive(Debug, Clone, PartialEq, Error, Eq, Hash)]
#[error("for policy `{policy_id}`, policy is impossible: the policy expression evaluates to false for all valid requests")]
pub struct ImpossiblePolicy {
    /// Source location
    pub source_loc: Option<Loc>,
    /// Policy ID where the warning occurred
    pub policy_id: PolicyID,
}

impl Diagnostic for ImpossiblePolicy {
    impl_diagnostic_from_source_loc_opt_field!(source_loc);
    impl_diagnostic_warning!();
}