script review: introduce None policy

2024-12-13 21:50:19 -08:00 · 2024-12-13 21:50:19 -08:00 · 346f49610d
commit 346f49610d
parent ae6e968135
3 changed files with 16 additions and 10 deletions
--- a/pkg/model/policy.go
+++ b/pkg/model/policy.go
@ -5,10 +5,11 @@ import "time"
 type Policy int32

 const (
-	ScriptPolicyAllowed Policy = 0
-	ScriptPolicyBlocked Policy = 1
-	ScriptPolicyDelete  Policy = 2
-	ScriptPolicyReplace Policy = 3
+	ScriptPolicyNone    Policy = 0 // not yet reviewed
+	ScriptPolicyAllowed Policy = 1
+	ScriptPolicyBlocked Policy = 2
+	ScriptPolicyDelete  Policy = 3
+	ScriptPolicyReplace Policy = 4
 )

 type ScriptPolicy struct {
--- a/validation/api/src/lib.rs
+++ b/validation/api/src/lib.rs
@ -29,10 +29,11 @@ pub struct ScriptResponse{
 #[derive(serde::Deserialize)]
 #[repr(i32)]
 pub enum Policy{
-	Allowed=0,
-	Blocked=1,
-	Delete=2,
-	Replace=3,
+	None=0, // not yet reviewed
+	Allowed=1,
+	Blocked=2,
+	Delete=3,
+	Replace=4,
 }

 pub struct ScriptPolicyHashRequest{
--- a/validation/src/validator.rs
+++ b/validation/src/validator.rs
@ -5,6 +5,7 @@ use crate::nats_types::ValidateRequest;
 const SCRIPT_CONCURRENCY:usize=16;

 enum Policy{
+	None,
 	Allowed,
 	Blocked,
 	Delete,
@ -71,7 +72,7 @@ impl Validator{
 		for &script_ref in &script_refs{
 			if let Some(script)=dom.get_by_ref(script_ref){
 				if let Some(rbx_dom_weak::types::Variant::String(source))=script.properties.get("Source"){
-					script_map.insert(source.clone(),Policy::Blocked);
+					script_map.insert(source.clone(),Policy::None);
 				}
 			}
 		}
@ -91,6 +92,7 @@ impl Validator{

 			// write the policy to the script_map, fetching the replacement code if necessary
 			*replacement=match script_policy.Policy{
+				api::Policy::None=>Policy::None,
 				api::Policy::Allowed=>Policy::Allowed,
 				api::Policy::Blocked=>Policy::Blocked,
 				api::Policy::Delete=>Policy::Delete,
@ -113,7 +115,9 @@ impl Validator{
 				if let Some(rbx_dom_weak::types::Variant::String(source))=script.properties.get_mut("Source"){
 					match script_map.get(source.as_str()){
 						Some(Policy::Blocked)=>return Err(ValidateError::Blocked),
-						None=>return Err(ValidateError::NotAllowed),
+						None
+						|Some(Policy::None)
+						=>return Err(ValidateError::NotAllowed),
 						Some(Policy::Allowed)=>(),
 						Some(Policy::Delete)=>{
 							modified=true;