Skip to content

Commit

Permalink
Change the regexes in the experimental API to prefix matches
Browse files Browse the repository at this point in the history 
It is less powerful but removes a potential DOS vector
  • Loading branch information
@josephschorr
josephschorr committed May 6, 2024
1 parent 8e9616c commit a242e22
Showing 1 changed file with 10 additions and 10 deletions.
20 changes: 10 additions & 10 deletions authzed/api/v1/experimental_service.proto
View file
Original file line number Diff line number Diff line change
Expand Up @@ -209,17 +209,17 @@ message ExperimentalReflectSchemaResponse {

// ExpSchemaFilter is a filter that can be applied to the schema on reflection.
message ExpSchemaFilter {
// optional_definition_name_match is a regex that is matched against the definition name.
string optional_definition_name_match = 1;
// optional_definition_name_prefix is a prefix that is matched against the definition name.
string optional_definition_name_prefix = 1;

Check failure on line 213 in authzed/api/v1/experimental_service.proto

View workflow job for this annotation

GitHub Actions / Lint & Publish Draft/Branch 

Field "1" with name "optional_definition_name_prefix" on message "ExpSchemaFilter" changed option "json_name" from "optionalDefinitionNameMatch" to "optionalDefinitionNamePrefix".

Check failure on line 213 in authzed/api/v1/experimental_service.proto

View workflow job for this annotation

GitHub Actions / Lint & Publish Draft/Branch 

Field "1" on message "ExpSchemaFilter" changed name from "optional_definition_name_match" to "optional_definition_name_prefix".

// optional_caveat_name_match is a regex that is matched against the caveat name.
string optional_caveat_name_match = 2;
// optional_caveat_name_prefix is a prefix that is matched against the caveat name.
string optional_caveat_name_prefix = 2;

Check failure on line 216 in authzed/api/v1/experimental_service.proto

View workflow job for this annotation

GitHub Actions / Lint & Publish Draft/Branch 

Field "2" with name "optional_caveat_name_prefix" on message "ExpSchemaFilter" changed option "json_name" from "optionalCaveatNameMatch" to "optionalCaveatNamePrefix".

Check failure on line 216 in authzed/api/v1/experimental_service.proto

View workflow job for this annotation

GitHub Actions / Lint & Publish Draft/Branch 

Field "2" on message "ExpSchemaFilter" changed name from "optional_caveat_name_match" to "optional_caveat_name_prefix".

// optional_relation_name_match is a regex that is matched against the relation name.
string optional_relation_name_match = 3;
// optional_relation_name_prefix is a prefix that is matched against the relation name.
string optional_relation_name_prefix = 3;

Check failure on line 219 in authzed/api/v1/experimental_service.proto

View workflow job for this annotation

GitHub Actions / Lint & Publish Draft/Branch 

Field "3" with name "optional_relation_name_prefix" on message "ExpSchemaFilter" changed option "json_name" from "optionalRelationNameMatch" to "optionalRelationNamePrefix".

Check failure on line 219 in authzed/api/v1/experimental_service.proto

View workflow job for this annotation

GitHub Actions / Lint & Publish Draft/Branch 

Field "3" on message "ExpSchemaFilter" changed name from "optional_relation_name_match" to "optional_relation_name_prefix".

// optional_permission_name_match is a regex that is matched against the permission name.
string optional_permission_name_match = 4;
// optional_permission_name_prefix is a prefix that is matched against the permission name.
string optional_permission_name_prefix = 4;

Check failure on line 222 in authzed/api/v1/experimental_service.proto

View workflow job for this annotation

GitHub Actions / Lint & Publish Draft/Branch 

Field "4" with name "optional_permission_name_prefix" on message "ExpSchemaFilter" changed option "json_name" from "optionalPermissionNameMatch" to "optionalPermissionNamePrefix".

Check failure on line 222 in authzed/api/v1/experimental_service.proto

View workflow job for this annotation

GitHub Actions / Lint & Publish Draft/Branch 

Field "4" on message "ExpSchemaFilter" changed name from "optional_permission_name_match" to "optional_permission_name_prefix".
}

// ExpDefinition is the representation of a definition in the schema.
Expand Down Expand Up @@ -298,10 +298,10 @@ message ExperimentalComputablePermissionsRequest {
Consistency consistency = 1;
repeated ExpRelationReference relations = 2;

// optional_definition_name_match is a regex that is matched against the definition name(s)
// optional_definition_name_match is a prefix that is matched against the definition name(s)
// for the permissions returned.
// If not specified, will be ignored.
string optional_definition_name_match = 3;
string optional_definition_name_prefix = 3;

Check failure on line 304 in authzed/api/v1/experimental_service.proto

View workflow job for this annotation

GitHub Actions / Lint & Publish Draft/Branch 

Field "3" with name "optional_definition_name_prefix" on message "ExperimentalComputablePermissionsRequest" changed option "json_name" from "optionalDefinitionNameMatch" to "optionalDefinitionNamePrefix".

Check failure on line 304 in authzed/api/v1/experimental_service.proto

View workflow job for this annotation

GitHub Actions / Lint & Publish Draft/Branch 

Field "3" on message "ExperimentalComputablePermissionsRequest" changed name from "optional_definition_name_match" to "optional_definition_name_prefix".
}

// ExpRelationReference is a reference to a relation in the schema.
Expand Down

0 comments on commit a242e22

Please sign in to comment.