Merge pull request #17 from cedar-policy/bug/hakanson/16

bug: highlight issue with quoted string #16
cedar-policy · Oct 31, 2024 · 6ae232d · 6ae232d
2 parents ceb6345 + 7882041
commit 6ae232d
Show file tree

Hide file tree

Showing 12 changed files with 340 additions and 192 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,10 @@
 
 All notable changes to this project will be documented in this file.
 
+## v0.4.1 2024-10-31
+
+- Fix highlight issue with quoted string
+
 ## v0.4.0 2024-04-20
 
 - Add Cedar human-readable schema support

diff --git a/dist/prism-cedar.min.js b/dist/prism-cedar.min.js
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "prism-cedar",
-  "version": "0.4.0",
+  "version": "0.4.1",
   "description": "Prism support for Cedar policy and Cedar human-readable schema syntax",
   "author": "cedar-policy",
   "license": "Apache-2.0",
@@ -21,8 +21,8 @@
   ],
   "devDependencies": {
     "esbuild": "^0.19.12",
-    "prettier": "^3.2.5",
-    "vitest": "^1.5.0"
+    "prettier": "^3.3.3",
+    "vitest": "^1.6.0"
   },
   "files": [
     "LICENSE",

diff --git a/src/prism-cedar.js b/src/prism-cedar.js
@@ -12,8 +12,7 @@ Prism.languages['cedar'] = {
     greedy: true,
   },
   string: {
-    pattern: /(^|[^\\])"(?:\\.|[^\\"\r\n])*"(?!\s*:)/,
-    lookbehind: true,
+    pattern: /(["])(?:\\(?:\r\n|[\s\S])|(?!\1)[^\\\r\n])*\1/,
     greedy: true,
   },
   keyword: /\b(?<!\.)(?:permit|forbid|when|unless)\b/,
@@ -32,14 +31,15 @@ Prism.languages['cedar'] = {
     },
   ],
   'class-name': [
-    {
-      pattern: /\b(?:([_a-zA-Z][_a-zA-Z0-9]*::)*[_a-zA-Z][_a-zA-Z0-9]*)(?=::)/, // (?=::")
-    },
     {
       pattern: /(\s+is\s+)([_a-zA-Z][_a-zA-Z0-9]*::)*[_a-zA-Z][_a-zA-Z0-9]*/,
       greedy: true, // since "is" is defined above as operator
       lookbehind: true,
     },
+    {
+      pattern: /\b(?:([_a-zA-Z][_a-zA-Z0-9]*::)*[_a-zA-Z][_a-zA-Z0-9]*)(?=::)/, // (?=::"),
+      greedy: true,
+    },
   ],
   builtin: /\b(?:ip|decimal)(?=\()/,
   function: [
@@ -68,8 +68,7 @@ Prism.languages['cedarschema'] = {
     greedy: true,
   },
   string: {
-    pattern: /(^|[^\\])"(?:\\.|[^\\"\r\n])*"/,
-    lookbehind: true,
+    pattern: /(["])(?:\\(?:\r\n|[\s\S])|(?!\1)[^\\\r\n])*\1/,
     greedy: true,
   },
   operator: /=/,

diff --git a/test/data/namespaces.cedarschema b/test/data/namespaces.cedarschema
@@ -35,3 +35,24 @@ namespace N2 {
 
 // no namespace
 entity Y;
+
+// numeronym namespace (like k8s or i18n)
+namespace k8s {
+  entity User in Group;
+  entity Group;
+  entity Resource {
+    metadata?: String
+  };
+  action "list" appliesTo {
+    principal: [k8s::User],
+    resource: [k8s::Resource],
+    context: {}
+  };  
+  action "update" appliesTo {
+    principal: [k8s::User],
+    resource: [k8s::Resource],
+    context: {
+      oldObject?: String
+    }
+  };
+}
diff --git a/test/data/namespaces.html b/test/data/namespaces.html
@@ -35,3 +35,24 @@
 
 <span class="token comment">// no namespace</span>
 <span class="token keyword">entity</span> Y<span class="token punctuation">;</span>
+
+<span class="token comment">// numeronym namespace (like k8s or i18n)</span>
+<span class="token namespace-declaration"><span class="token keyword">namespace</span> <span class="token namespace">k8s</span></span> <span class="token punctuation">{</span>
+  <span class="token keyword">entity</span> User <span class="token keyword">in</span> Group<span class="token punctuation">;</span>
+  <span class="token keyword">entity</span> Group<span class="token punctuation">;</span>
+  <span class="token keyword">entity</span> Resource <span class="token punctuation">{</span>
+    <span class="token property">metadata</span>?: String
+  <span class="token punctuation">}</span><span class="token punctuation">;</span>
+  <span class="token keyword">action</span> <span class="token string">"list"</span> <span class="token keyword">appliesTo</span> <span class="token punctuation">{</span>
+    <span class="token property">principal</span>: <span class="token punctuation">[</span><span class="token entity-type"><span class="token namespace">k8s::</span><span class="token namespace"></span><span class="token namespace"></span><span class="token namespace"></span><span class="token namespace"></span><span class="token namespace"></span><span class="token namespace"></span><span class="token namespace"></span><span class="token namespace"></span>User</span><span class="token punctuation">]</span><span class="token punctuation">,</span>
+    <span class="token property">resource</span>: <span class="token punctuation">[</span><span class="token entity-type"><span class="token namespace">k8s::</span><span class="token namespace"></span><span class="token namespace"></span><span class="token namespace"></span><span class="token namespace"></span><span class="token namespace"></span><span class="token namespace"></span><span class="token namespace"></span><span class="token namespace"></span><span class="token namespace"></span><span class="token namespace"></span><span class="token namespace"></span><span class="token namespace"></span>Resource</span><span class="token punctuation">]</span><span class="token punctuation">,</span>
+    <span class="token property">context</span>: <span class="token punctuation">{</span><span class="token punctuation">}</span>
+  <span class="token punctuation">}</span><span class="token punctuation">;</span>  
+  <span class="token keyword">action</span> <span class="token string">"update"</span> <span class="token keyword">appliesTo</span> <span class="token punctuation">{</span>
+    <span class="token property">principal</span>: <span class="token punctuation">[</span><span class="token entity-type"><span class="token namespace">k8s::</span><span class="token namespace"></span><span class="token namespace"></span><span class="token namespace"></span><span class="token namespace"></span><span class="token namespace"></span><span class="token namespace"></span><span class="token namespace"></span><span class="token namespace"></span>User</span><span class="token punctuation">]</span><span class="token punctuation">,</span>
+    <span class="token property">resource</span>: <span class="token punctuation">[</span><span class="token entity-type"><span class="token namespace">k8s::</span><span class="token namespace"></span><span class="token namespace"></span><span class="token namespace"></span><span class="token namespace"></span><span class="token namespace"></span><span class="token namespace"></span><span class="token namespace"></span><span class="token namespace"></span><span class="token namespace"></span><span class="token namespace"></span><span class="token namespace"></span><span class="token namespace"></span>Resource</span><span class="token punctuation">]</span><span class="token punctuation">,</span>
+    <span class="token property">context</span>: <span class="token punctuation">{</span>
+      <span class="token property">oldObject</span>?: String
+    <span class="token punctuation">}</span>
+  <span class="token punctuation">}</span><span class="token punctuation">;</span>
+<span class="token punctuation">}</span>
diff --git a/test/data/numeronym.cedar b/test/data/numeronym.cedar
@@ -0,0 +1,8 @@
+// inspired by https://www.cedarpolicy.com/blog/cedar-for-kubernetes
+forbid (
+    principal is k8s::User,
+    action in [k8s::Action::"list", k8s::Action::"update"],
+    resource is k8s::Resource
+) when {
+    principal in k8s::Group::"block-list"
+};
diff --git a/test/data/numeronym.html b/test/data/numeronym.html
@@ -0,0 +1,8 @@
+<span class="token comment">// inspired by https://www.cedarpolicy.com/blog/cedar-for-kubernetes</span>
+<span class="token keyword">forbid</span> <span class="token punctuation">(</span>
+    <span class="token variable">principal</span> <span class="token operator">is</span> <span class="token class-name">k8s::User</span><span class="token punctuation">,</span>
+    <span class="token variable">action</span> <span class="token operator">in</span> <span class="token punctuation">[</span><span class="token class-name">k8s::Action</span>::<span class="token string">"list"</span><span class="token punctuation">,</span> <span class="token class-name">k8s::Action</span>::<span class="token string">"update"</span><span class="token punctuation">]</span><span class="token punctuation">,</span>
+    <span class="token variable">resource</span> <span class="token operator">is</span> <span class="token class-name">k8s::Resource</span>
+<span class="token punctuation">)</span> <span class="token keyword">when</span> <span class="token punctuation">{</span>
+    <span class="token variable">principal</span> <span class="token operator">in</span> <span class="token class-name">k8s::Group</span>::<span class="token string">"block-list"</span>
+<span class="token punctuation">}</span><span class="token punctuation">;</span>
diff --git a/test/data/quotes.cedar b/test/data/quotes.cedar
@@ -1,4 +1,12 @@
 // you "must" be 54" tall to ride (wink)
-@id("54\" rule") // 54" is 4' 6" 
+@id("54\" rule") // 54" is 4' 6"
 forbid (principal, action, resource)
-when { resource.restriction == "54\"" && principal.height < 54 };
+when
+{
+  resource.restriction == "54\"" &&
+  principal.height < 54 &&
+  principal.attrSet.contains({
+    "key": "height", 
+    "values": ["54\"", "4' 6\""]
+  })
+};
diff --git a/test/data/quotes.html b/test/data/quotes.html
@@ -1,4 +1,12 @@
 <span class="token comment">// you "must" be 54" tall to ride (wink)</span>
-@id<span class="token punctuation">(</span><span class="token string">"54\" rule"</span><span class="token punctuation">)</span> <span class="token comment">// 54" is 4' 6" </span>
+@id<span class="token punctuation">(</span><span class="token string">"54\" rule"</span><span class="token punctuation">)</span> <span class="token comment">// 54" is 4' 6"</span>
 <span class="token keyword">forbid</span> <span class="token punctuation">(</span><span class="token variable">principal</span><span class="token punctuation">,</span> <span class="token variable">action</span><span class="token punctuation">,</span> <span class="token variable">resource</span><span class="token punctuation">)</span>
-<span class="token keyword">when</span> <span class="token punctuation">{</span> <span class="token variable">resource</span>.restriction <span class="token operator">==</span> <span class="token string">"54\""</span> <span class="token operator">&amp;&amp;</span> <span class="token variable">principal</span>.height <span class="token operator">&lt;</span> <span class="token number">54</span> <span class="token punctuation">}</span><span class="token punctuation">;</span>
+<span class="token keyword">when</span>
+<span class="token punctuation">{</span>
+  <span class="token variable">resource</span>.restriction <span class="token operator">==</span> <span class="token string">"54\""</span> <span class="token operator">&amp;&amp;</span>
+  <span class="token variable">principal</span>.height <span class="token operator">&lt;</span> <span class="token number">54</span> <span class="token operator">&amp;&amp;</span>
+  <span class="token variable">principal</span>.attrSet.<span class="token function">contains</span><span class="token punctuation">(</span><span class="token punctuation">{</span>
+    <span class="token string">"key"</span>: <span class="token string">"height"</span><span class="token punctuation">,</span> 
+    <span class="token string">"values"</span>: <span class="token punctuation">[</span><span class="token string">"54\""</span><span class="token punctuation">,</span> <span class="token string">"4' 6\""</span><span class="token punctuation">]</span>
+  <span class="token punctuation">}</span><span class="token punctuation">)</span>
+<span class="token punctuation">}</span><span class="token punctuation">;</span>
diff --git a/test/static/index.html b/test/static/index.html
@@ -125,14 +125,34 @@ <h3>is.cedar</h3>
   // false - `ExampleCo::User` and `User` are different entity types
   ExampleCo::User::"alice" is User
 };
+</code></pre>
+
+    <h3>numeronym.cedar</h3>
+    <pre><code class="language-cedar">
+// inspired by https://www.cedarpolicy.com/blog/cedar-for-kubernetes
+forbid (
+    principal is k8s::User,
+    action in [k8s::Action::"list", k8s::Action::"update"],
+    resource is k8s::Resource
+) when {
+    principal in k8s::Group::"block-list"
+};
 </code></pre>
 
     <h3>quotes.cedar</h3>
     <pre><code class="language-cedar">
 // you "must" be 54" tall to ride (wink)
-@id("54\" rule") // 54" is 4' 6" 
+@id("54\" rule") // 54" is 4' 6"
 forbid (principal, action, resource)
-when { resource.restriction == "54\"" && principal.height &lt; 54 };
+when
+{
+  resource.restriction == "54\"" &&
+  principal.height &lt; 54 &&
+  principal.attrSet.contains({
+    "key": "height", 
+    "values": ["54\"", "4' 6\""]
+  })
+};
 </code></pre>
 
     <h3>template.cedar</h3>
@@ -207,6 +227,26 @@ <h3>namespaces.cedarschema</h3>
 // no namespace
 entity Y;
 
+// numeronym namespace (like k8s or i18n)
+namespace k8s {
+  entity User in Group;
+  entity Group;
+  entity Resource {
+    metadata?: String
+  };
+  action "list" appliesTo {
+    principal: [k8s::User],
+    resource: [k8s::Resource],
+    context: {}
+  };  
+  action "update" appliesTo {
+    principal: [k8s::User],
+    resource: [k8s::Resource],
+    context: {
+      oldObject?: String
+    }
+  };
+}
 </code></pre>
 
     <!-- END generated code -->