script review: introduce None policy

This commit is contained in:
Quaternions 2024-12-13 21:50:19 -08:00
parent ae6e968135
commit 346f49610d
3 changed files with 16 additions and 10 deletions

View File

@ -5,10 +5,11 @@ import "time"
type Policy int32 type Policy int32
const ( const (
ScriptPolicyAllowed Policy = 0 ScriptPolicyNone Policy = 0 // not yet reviewed
ScriptPolicyBlocked Policy = 1 ScriptPolicyAllowed Policy = 1
ScriptPolicyDelete Policy = 2 ScriptPolicyBlocked Policy = 2
ScriptPolicyReplace Policy = 3 ScriptPolicyDelete Policy = 3
ScriptPolicyReplace Policy = 4
) )
type ScriptPolicy struct { type ScriptPolicy struct {

View File

@ -29,10 +29,11 @@ pub struct ScriptResponse{
#[derive(serde::Deserialize)] #[derive(serde::Deserialize)]
#[repr(i32)] #[repr(i32)]
pub enum Policy{ pub enum Policy{
Allowed=0, None=0, // not yet reviewed
Blocked=1, Allowed=1,
Delete=2, Blocked=2,
Replace=3, Delete=3,
Replace=4,
} }
pub struct ScriptPolicyHashRequest{ pub struct ScriptPolicyHashRequest{

View File

@ -5,6 +5,7 @@ use crate::nats_types::ValidateRequest;
const SCRIPT_CONCURRENCY:usize=16; const SCRIPT_CONCURRENCY:usize=16;
enum Policy{ enum Policy{
None,
Allowed, Allowed,
Blocked, Blocked,
Delete, Delete,
@ -71,7 +72,7 @@ impl Validator{
for &script_ref in &script_refs{ for &script_ref in &script_refs{
if let Some(script)=dom.get_by_ref(script_ref){ if let Some(script)=dom.get_by_ref(script_ref){
if let Some(rbx_dom_weak::types::Variant::String(source))=script.properties.get("Source"){ if let Some(rbx_dom_weak::types::Variant::String(source))=script.properties.get("Source"){
script_map.insert(source.clone(),Policy::Blocked); script_map.insert(source.clone(),Policy::None);
} }
} }
} }
@ -91,6 +92,7 @@ impl Validator{
// write the policy to the script_map, fetching the replacement code if necessary // write the policy to the script_map, fetching the replacement code if necessary
*replacement=match script_policy.Policy{ *replacement=match script_policy.Policy{
api::Policy::None=>Policy::None,
api::Policy::Allowed=>Policy::Allowed, api::Policy::Allowed=>Policy::Allowed,
api::Policy::Blocked=>Policy::Blocked, api::Policy::Blocked=>Policy::Blocked,
api::Policy::Delete=>Policy::Delete, api::Policy::Delete=>Policy::Delete,
@ -113,7 +115,9 @@ impl Validator{
if let Some(rbx_dom_weak::types::Variant::String(source))=script.properties.get_mut("Source"){ if let Some(rbx_dom_weak::types::Variant::String(source))=script.properties.get_mut("Source"){
match script_map.get(source.as_str()){ match script_map.get(source.as_str()){
Some(Policy::Blocked)=>return Err(ValidateError::Blocked), Some(Policy::Blocked)=>return Err(ValidateError::Blocked),
None=>return Err(ValidateError::NotAllowed), None
|Some(Policy::None)
=>return Err(ValidateError::NotAllowed),
Some(Policy::Allowed)=>(), Some(Policy::Allowed)=>(),
Some(Policy::Delete)=>{ Some(Policy::Delete)=>{
modified=true; modified=true;