From e5dc76b05406ece7e2c1a9567bb18a47d7873793 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 8 Apr 2020 15:39:23 -0600 Subject: caddyhttp: CEL matcher checks return type; slight refactor As per https://github.com/caddyserver/caddy/issues/3051#issuecomment-611200414 --- modules/caddyhttp/celmatcher.go | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) (limited to 'modules') diff --git a/modules/caddyhttp/celmatcher.go b/modules/caddyhttp/celmatcher.go index ddaf418..8d183c1 100644 --- a/modules/caddyhttp/celmatcher.go +++ b/modules/caddyhttp/celmatcher.go @@ -24,6 +24,7 @@ import ( "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" + "github.com/gogo/protobuf/proto" "github.com/google/cel-go/cel" "github.com/google/cel-go/checker/decls" "github.com/google/cel-go/common/types" @@ -99,16 +100,16 @@ func (m *MatchExpression) Provision(_ caddy.Context) error { return fmt.Errorf("setting up CEL environment: %v", err) } - // parse the expression - parsed, issues := env.Parse(m.expandedExpr) + // parse and type-check the expression + checked, issues := env.Compile(m.expandedExpr) if issues != nil && issues.Err() != nil { - return fmt.Errorf("parsing CEL program: %s", issues.Err()) + return fmt.Errorf("compiling CEL program: %s", issues.Err()) } - // type-check it - checked, issues := env.Check(parsed) - if issues != nil && issues.Err() != nil { - return fmt.Errorf("type-checking CEL program: %s", issues.Err()) + // request matching is a boolean operation, so we don't really know + // what to do if the expression returns a non-boolean type + if !proto.Equal(checked.ResultType(), decls.Bool) { + return fmt.Errorf("CEL request matcher expects return type of bool, not %s", checked.ResultType()) } // compile the "program" -- cgit v1.2.3