From e5dc76b05406ece7e2c1a9567bb18a47d7873793 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 8 Apr 2020 15:39:23 -0600 Subject: caddyhttp: CEL matcher checks return type; slight refactor As per https://github.com/caddyserver/caddy/issues/3051#issuecomment-611200414 --- go.mod | 1 + go.sum | 1 + modules/caddyhttp/celmatcher.go | 15 ++++++++------- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/go.mod b/go.mod index 4964196..9560db6 100644 --- a/go.mod +++ b/go.mod @@ -10,6 +10,7 @@ require ( github.com/cenkalti/backoff/v4 v4.0.2 // indirect github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-acme/lego/v3 v3.5.0 + github.com/gogo/protobuf v1.3.1 github.com/google/cel-go v0.4.1 github.com/jsternberg/zap-logfmt v1.2.0 github.com/klauspost/compress v1.10.3 diff --git a/go.sum b/go.sum index 7c8ca5b..2c18aae 100644 --- a/go.sum +++ b/go.sum @@ -249,6 +249,7 @@ github.com/gofrs/uuid v3.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRx github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= +github.com/gogo/protobuf v1.3.1 h1:DqDEcV5aeaTmdFBePNpYsp3FlcVH/2ISVVM9Qf8PSls= github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/goji/httpauth v0.0.0-20160601135302-2da839ab0f4d/go.mod h1:nnjvkQ9ptGaCkuDUx6wNykzzlUixGxvkme+H/lnzb+A= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58= diff --git a/modules/caddyhttp/celmatcher.go b/modules/caddyhttp/celmatcher.go index ddaf418..8d183c1 100644 --- a/modules/caddyhttp/celmatcher.go +++ b/modules/caddyhttp/celmatcher.go @@ -24,6 +24,7 @@ import ( "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" + "github.com/gogo/protobuf/proto" "github.com/google/cel-go/cel" "github.com/google/cel-go/checker/decls" "github.com/google/cel-go/common/types" @@ -99,16 +100,16 @@ func (m *MatchExpression) Provision(_ caddy.Context) error { return fmt.Errorf("setting up CEL environment: %v", err) } - // parse the expression - parsed, issues := env.Parse(m.expandedExpr) + // parse and type-check the expression + checked, issues := env.Compile(m.expandedExpr) if issues != nil && issues.Err() != nil { - return fmt.Errorf("parsing CEL program: %s", issues.Err()) + return fmt.Errorf("compiling CEL program: %s", issues.Err()) } - // type-check it - checked, issues := env.Check(parsed) - if issues != nil && issues.Err() != nil { - return fmt.Errorf("type-checking CEL program: %s", issues.Err()) + // request matching is a boolean operation, so we don't really know + // what to do if the expression returns a non-boolean type + if !proto.Equal(checked.ResultType(), decls.Bool) { + return fmt.Errorf("CEL request matcher expects return type of bool, not %s", checked.ResultType()) } // compile the "program" -- cgit v1.2.3