Added support for Rego (#2624)

2021-03-07 20:34:29 +02:00 · 2021-03-07 20:34:29 +02:00 · e38986f955
parent 8dbbbb35d6
commit e38986f955
14 changed files with 636 additions and 1 deletions
--- a/components.js
+++ b/components.js
--- a/components.json
+++ b/components.json
@ -1028,6 +1028,10 @@
 			"title": "Regex",
 			"owner": "RunDevelopment"
 		},
+		"rego": {
+			"title": "Rego",
+			"owner": "JordanSh"
+		},
 		"renpy": {
 			"title": "Ren'py",
 			"alias": "rpy",
--- a/components/prism-rego.js
+++ b/components/prism-rego.js
@ -0,0 +1,30 @@
+// https://www.openpolicyagent.org/docs/latest/policy-reference/
+
+Prism.languages.rego = {
+	'comment': /#.*/,
+	'property': {
+		pattern: /(^|[^\\.])(?:"(?:\\.|[^\\"\r\n])*"|`[^`]*`|\b[a-z_]\w*\b)(?=\s*:(?!=))/i,
+		lookbehind: true,
+		greedy: true
+	},
+	'string': {
+		pattern: /(^|[^\\])"(?:\\.|[^\\"\r\n])*"|`[^`]*`/,
+		lookbehind: true,
+		greedy: true
+	},
+
+	'keyword': /\b(?:as|default|else|import|package|not|null|some|with|set(?=\s*\())\b/,
+	'boolean': /\b(?:true|false)\b/,
+
+	'function': {
+		pattern: /\b[a-z_]\w*\b(?:\s*\.\s*\b[a-z_]\w*\b)*(?=\s*\()/i,
+		inside: {
+			'namespace': /\b\w+\b(?=\s*\.)/,
+			'punctuation': /\./
+		}
+	},
+
+	'number': /-?\b\d+(?:\.\d+)?(?:e[+-]?\d+)?\b/i,
+	'operator': /[-+*/%|&]|[<>:=]=?|!=|\b_\b/,
+	'punctuation': /[,;.\[\]{}()]/
+};
--- a/components/prism-rego.min.js
+++ b/components/prism-rego.min.js
@ -0,0 +1 @@
+Prism.languages.rego={comment:/#.*/,property:{pattern:/(^|[^\\.])(?:"(?:\\.|[^\\"\r\n])*"|`[^`]*`|\b[a-z_]\w*\b)(?=\s*:(?!=))/i,lookbehind:!0,greedy:!0},string:{pattern:/(^|[^\\])"(?:\\.|[^\\"\r\n])*"|`[^`]*`/,lookbehind:!0,greedy:!0},keyword:/\b(?:as|default|else|import|package|not|null|some|with|set(?=\s*\())\b/,boolean:/\b(?:true|false)\b/,function:{pattern:/\b[a-z_]\w*\b(?:\s*\.\s*\b[a-z_]\w*\b)*(?=\s*\()/i,inside:{namespace:/\b\w+\b(?=\s*\.)/,punctuation:/\./}},number:/-?\b\d+(?:\.\d+)?(?:e[+-]?\d+)?\b/i,operator:/[-+*/%|&]|[<>:=]=?|!=|\b_\b/,punctuation:/[,;.\[\]{}()]/};
--- a/examples/prism-rego.html
+++ b/examples/prism-rego.html
@ -0,0 +1,44 @@
+<h2>Full example</h2>
+<pre><code># Role-based Access Control (RBAC)
+
+# By default, deny requests.
+default allow = false
+
+# Allow admins to do anything.
+allow {
+	user_is_admin
+}
+
+# Allow the action if the user is granted permission to perform the action.
+allow {
+	# Find grants for the user.
+	some grant
+	user_is_granted[grant]
+
+	# Check if the grant permits the action.
+	input.action == grant.action
+	input.type == grant.type
+}
+
+# user_is_admin is true if...
+user_is_admin {
+
+	# for some `i`...
+	some i
+
+	# "admin" is the `i`-th element in the user->role mappings for the identified user.
+	data.user_roles[input.user][i] == "admin"
+}
+
+# user_is_granted is a set of grants for the user identified in the request.
+# The `grant` will be contained if the set `user_is_granted` for every...
+user_is_granted[grant] {
+	some i, j
+
+	# `role` assigned an element of the user_roles for this user...
+	role := data.user_roles[input.user][i]
+
+	# `grant` assigned a single grant from the grants list for 'role'...
+	grant := data.role_grants[role][j]
+}
+</code></pre>
--- a/tests/languages/rego/boolean_feature.test
+++ b/tests/languages/rego/boolean_feature.test
@ -0,0 +1,13 @@
+true
+false
+
+----------------------------------------------------
+
+[
+	["boolean", "true"],
+	["boolean", "false"]
+]
+
+----------------------------------------------------
+
+Checks for booleans.
--- a/tests/languages/rego/comment_feature.test
+++ b/tests/languages/rego/comment_feature.test
@ -0,0 +1,13 @@
+#
+# foobar
+
+----------------------------------------------------
+
+[
+	["comment", "#"],
+	["comment", "# foobar"]
+]
+
+----------------------------------------------------
+
+Checks for comments.
--- a/tests/languages/rego/function_feature.test
+++ b/tests/languages/rego/function_feature.test
@ -0,0 +1,173 @@
+object.remove({"a": {"b": {"c": 2}}, "x": 123}, {"a": 1}) == {"x": 123}
+
+output := is_set(x)
+output := intersection(set[set])
+output := regex.match(pattern, value)
+output := glob.match("*.github.com", [], "api.github.com")
+output := bits.rsh(x, s)
+output := io.jwt.verify_ps384(string, certificate)
+
+io.jwt.encode_sign({
+    "typ": "JWT",
+    "alg": "HS256"},
+    {}, {
+    "kty": "oct",
+    "k": "AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow"
+})
+
+----------------------------------------------------
+
+[
+	["function", [
+		["namespace", "object"],
+		["punctuation", "."],
+		"remove"
+	]],
+	["punctuation", "("],
+	["punctuation", "{"],
+	["property", "\"a\""],
+	["operator", ":"],
+	["punctuation", "{"],
+	["property", "\"b\""],
+	["operator", ":"],
+	["punctuation", "{"],
+	["property", "\"c\""],
+	["operator", ":"],
+	["number", "2"],
+	["punctuation", "}"],
+	["punctuation", "}"],
+	["punctuation", ","],
+	["property", "\"x\""],
+	["operator", ":"],
+	["number", "123"],
+	["punctuation", "}"],
+	["punctuation", ","],
+	["punctuation", "{"],
+	["property", "\"a\""],
+	["operator", ":"],
+	["number", "1"],
+	["punctuation", "}"],
+	["punctuation", ")"],
+	["operator", "=="],
+	["punctuation", "{"],
+	["property", "\"x\""],
+	["operator", ":"],
+	["number", "123"],
+	["punctuation", "}"],
+
+	"\r\n\r\noutput ",
+	["operator", ":="],
+	["function", ["is_set"]],
+	["punctuation", "("],
+	"x",
+	["punctuation", ")"],
+
+	"\r\noutput ",
+	["operator", ":="],
+	["function", ["intersection"]],
+	["punctuation", "("],
+	"set",
+	["punctuation", "["],
+	"set",
+	["punctuation", "]"],
+	["punctuation", ")"],
+
+	"\r\noutput ",
+	["operator", ":="],
+	["function", [
+		["namespace", "regex"],
+		["punctuation", "."],
+		"match"
+	]],
+	["punctuation", "("],
+	"pattern",
+	["punctuation", ","],
+	" value",
+	["punctuation", ")"],
+
+	"\r\noutput ",
+	["operator", ":="],
+	["function", [
+		["namespace", "glob"],
+		["punctuation", "."],
+		"match"
+	]],
+	["punctuation", "("],
+	["string", "\"*.github.com\""],
+	["punctuation", ","],
+	["punctuation", "["],
+	["punctuation", "]"],
+	["punctuation", ","],
+	["string", "\"api.github.com\""],
+	["punctuation", ")"],
+
+	"\r\noutput ",
+	["operator", ":="],
+	["function", [
+		["namespace", "bits"],
+		["punctuation", "."],
+		"rsh"
+	]],
+	["punctuation", "("],
+	"x",
+	["punctuation", ","],
+	" s",
+	["punctuation", ")"],
+
+	"\r\noutput ",
+	["operator", ":="],
+	["function", [
+		["namespace", "io"],
+		["punctuation", "."],
+		["namespace", "jwt"],
+		["punctuation", "."],
+		"verify_ps384"
+	]],
+	["punctuation", "("],
+	"string",
+	["punctuation", ","],
+	" certificate",
+	["punctuation", ")"],
+
+	["function", [
+		["namespace", "io"],
+		["punctuation", "."],
+		["namespace", "jwt"],
+		["punctuation", "."],
+		"encode_sign"
+	]],
+	["punctuation", "("],
+	["punctuation", "{"],
+
+	["property", "\"typ\""],
+	["operator", ":"],
+	["string", "\"JWT\""],
+	["punctuation", ","],
+
+	["property", "\"alg\""],
+	["operator", ":"],
+	["string", "\"HS256\""],
+	["punctuation", "}"],
+	["punctuation", ","],
+
+	["punctuation", "{"],
+	["punctuation", "}"],
+	["punctuation", ","],
+	["punctuation", "{"],
+
+	["property", "\"kty\""],
+	["operator", ":"],
+	["string", "\"oct\""],
+	["punctuation", ","],
+
+	["property", "\"k\""],
+	["operator", ":"],
+	["string", "\"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow\""],
+
+	["punctuation", "}"],
+	["punctuation", ")"]
+]
+
+----------------------------------------------------
+
+Checks for all functions.
--- a/tests/languages/rego/keyword_feature.test
+++ b/tests/languages/rego/keyword_feature.test
@ -0,0 +1,31 @@
+as
+default
+else
+import
+package
+not
+null
+some
+with
+
+set()
+
+----------------------------------------------------
+
+[
+	["keyword", "as"],
+	["keyword", "default"],
+	["keyword", "else"],
+	["keyword", "import"],
+	["keyword", "package"],
+	["keyword", "not"],
+	["keyword", "null"],
+	["keyword", "some"],
+	["keyword", "with"],
+
+	["keyword", "set"], ["punctuation", "("], ["punctuation", ")"]
+]
+
+----------------------------------------------------
+
+Checks for all keywords.
--- a/tests/languages/rego/number_feature.test
+++ b/tests/languages/rego/number_feature.test
@ -0,0 +1,23 @@
+0
+123
+3.14159
+5.0e8
+0.2E+2
+47e-5
+-1.23
+-2.34E33
+-4.34E-33
+
+----------------------------------------------------
+
+[
+	["number", "0"],
+	["number", "123"],
+	["number", "3.14159"],
+	["number", "5.0e8"],
+	["number", "0.2E+2"],
+	["number", "47e-5"],
+	["number", "-1.23"],
+	["number", "-2.34E33"],
+	["number", "-4.34E-33"]
+]
--- a/tests/languages/rego/operator_feature.test
+++ b/tests/languages/rego/operator_feature.test
@ -0,0 +1,35 @@
+:= = :
+== != < <= > >=
+ - / * %
+& |
+_
+
+----------------------------------------------------
+
+[
+	["operator", ":="],
+	["operator", "="],
+	["operator", ":"],
+
+	["operator", "=="],
+	["operator", "!="],
+	["operator", "<"],
+	["operator", "<="],
+	["operator", ">"],
+	["operator", ">="],
+
+	["operator", "+"],
+	["operator", "-"],
+	["operator", "/"],
+	["operator", "*"],
+	["operator", "%"],
+
+	["operator", "&"],
+	["operator", "|"],
+
+	["operator", "_"]
+]
+
+----------------------------------------------------
+
+Checks for operators.
--- a/tests/languages/rego/property_feature.test
+++ b/tests/languages/rego/property_feature.test
@ -0,0 +1,208 @@
+instances[instance] {
+    server := sites[_].servers[_]
+    instance := {"address": server.hostname, "name": server.name}
+} {
+    container := containers[_]
+    instance := {"address": container.ipaddress, "name": container.name}
+}
+
+apps := [
+    {
+        "name": "web",
+        "servers": ["web-0", "web-1", "web-1000", "web-1001", "web-dev"]
+    },
+    {
+        "name": "mysql",
+        "servers": ["db-0", "db-1000"]
+    },
+    {
+        "name": "mongodb",
+        "servers": ["db-dev"]
+    }
+]
+
+not allow with input as {"user": "charlie", "method": "GET"} with data.roles as {"dev": ["bob"]}
+
+allow with input as {"user": "charlie", "method": "GET"} with data.roles as {"dev": ["charlie"]}
+
+----------------------------------------------------
+
+[
+	"instances",
+	["punctuation", "["],
+	"instance",
+	["punctuation", "]"],
+	["punctuation", "{"],
+
+	"\r\n    server ",
+	["operator", ":="],
+	" sites",
+	["punctuation", "["],
+	["operator", "_"],
+	["punctuation", "]"],
+	["punctuation", "."],
+	"servers",
+	["punctuation", "["],
+	["operator", "_"],
+	["punctuation", "]"],
+
+	"\r\n    instance ",
+	["operator", ":="],
+	["punctuation", "{"],
+	["property", "\"address\""],
+	["operator", ":"],
+	" server",
+	["punctuation", "."],
+	"hostname",
+	["punctuation", ","],
+	["property", "\"name\""],
+	["operator", ":"],
+	" server",
+	["punctuation", "."],
+	"name",
+	["punctuation", "}"],
+
+	["punctuation", "}"],
+	["punctuation", "{"],
+
+	"\r\n    container ",
+	["operator", ":="],
+	" containers",
+	["punctuation", "["],
+	["operator", "_"],
+	["punctuation", "]"],
+
+	"\r\n    instance ",
+	["operator", ":="],
+	["punctuation", "{"],
+	["property", "\"address\""],
+	["operator", ":"],
+	" container",
+	["punctuation", "."],
+	"ipaddress",
+	["punctuation", ","],
+	["property", "\"name\""],
+	["operator", ":"],
+	" container",
+	["punctuation", "."],
+	"name",
+	["punctuation", "}"],
+
+	["punctuation", "}"],
+
+	"\r\n\r\napps ",
+	["operator", ":="],
+	["punctuation", "["],
+
+	["punctuation", "{"],
+
+	["property", "\"name\""],
+	["operator", ":"],
+	["string", "\"web\""],
+	["punctuation", ","],
+
+	["property", "\"servers\""],
+	["operator", ":"],
+	["punctuation", "["],
+	["string", "\"web-0\""],
+	["punctuation", ","],
+	["string", "\"web-1\""],
+	["punctuation", ","],
+	["string", "\"web-1000\""],
+	["punctuation", ","],
+	["string", "\"web-1001\""],
+	["punctuation", ","],
+	["string", "\"web-dev\""],
+	["punctuation", "]"],
+
+	["punctuation", "}"],
+	["punctuation", ","],
+
+	["punctuation", "{"],
+
+	["property", "\"name\""],
+	["operator", ":"],
+	["string", "\"mysql\""],
+	["punctuation", ","],
+
+	["property", "\"servers\""],
+	["operator", ":"],
+	["punctuation", "["],
+	["string", "\"db-0\""],
+	["punctuation", ","],
+	["string", "\"db-1000\""],
+	["punctuation", "]"],
+
+	["punctuation", "}"],
+	["punctuation", ","],
+
+	["punctuation", "{"],
+
+	["property", "\"name\""],
+	["operator", ":"],
+	["string", "\"mongodb\""],
+	["punctuation", ","],
+
+	["property", "\"servers\""],
+	["operator", ":"],
+	["punctuation", "["],
+	["string", "\"db-dev\""],
+	["punctuation", "]"],
+
+	["punctuation", "}"],
+
+	["punctuation", "]"],
+
+	["keyword", "not"],
+	" allow ",
+	["keyword", "with"],
+	" input ",
+	["keyword", "as"],
+	["punctuation", "{"],
+	["property", "\"user\""],
+	["operator", ":"],
+	["string", "\"charlie\""],
+	["punctuation", ","],
+	["property", "\"method\""],
+	["operator", ":"],
+	["string", "\"GET\""],
+	["punctuation", "}"],
+	["keyword", "with"],
+	" data",
+	["punctuation", "."],
+	"roles ",
+	["keyword", "as"],
+	["punctuation", "{"],
+	["property", "\"dev\""],
+	["operator", ":"],
+	["punctuation", "["],
+	["string", "\"bob\""],
+	["punctuation", "]"],
+	["punctuation", "}"],
+
+	"\r\n\r\nallow ",
+	["keyword", "with"],
+	" input ",
+	["keyword", "as"],
+	["punctuation", "{"],
+	["property", "\"user\""],
+	["operator", ":"],
+	["string", "\"charlie\""],
+	["punctuation", ","],
+	["property", "\"method\""],
+	["operator", ":"],
+	["string", "\"GET\""],
+	["punctuation", "}"],
+	["keyword", "with"],
+	" data",
+	["punctuation", "."],
+	"roles ",
+	["keyword", "as"],
+	["punctuation", "{"],
+	["property", "\"dev\""],
+	["operator", ":"],
+	["punctuation", "["],
+	["string", "\"charlie\""],
+	["punctuation", "]"],
+	["punctuation", "}"]
+]
--- a/tests/languages/rego/punctuation_feature.test
+++ b/tests/languages/rego/punctuation_feature.test
@ -0,0 +1,17 @@
+, ; .
+( ) [ ] { }
+
+----------------------------------------------------
+
+[
+	["punctuation", ","],
+	["punctuation", ";"],
+	["punctuation", "."],
+
+	["punctuation", "("],
+	["punctuation", ")"],
+	["punctuation", "["],
+	["punctuation", "]"],
+	["punctuation", "{"],
+	["punctuation", "}"]
+]
--- a/tests/languages/rego/string_feature.test
+++ b/tests/languages/rego/string_feature.test
@ -0,0 +1,43 @@
+""
+"foo\"bar"
+`raw-string`
+
+jwks = `{
+    "keys": [{
+        "kty":"EC",
+        "crv":"P-256",
+        "x":"z8J91ghFy5o6f2xZ4g8LsLH7u2wEpT2ntj8loahnlsE",
+        "y":"7bdeXLH61KrGWRdh7ilnbcGQACxykaPKfmBccTHIOUo"
+    }]
+}`
+
+cert = `-----BEGIN CERTIFICATE-----
+MIIBcDCCARagAwIBAgIJAMZmuGSIfvgzMAoGCCqGSM49BAMCMBMxETAPBgNVBAMM
+CHdoYXRldmVyMB4XDTE4MDgxMDE0Mjg1NFoXDTE4MDkwOTE0Mjg1NFowEzERMA8G
+A1UEAwwId2hhdGV2ZXIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATPwn3WCEXL
+mjp/bFniDwuwsfu7bASlPae2PyWhqGeWwe23Xlyx+tSqxlkXYe4pZ23BkAAscpGj
+yn5gXHExyDlKo1MwUTAdBgNVHQ4EFgQUElRjSoVgKjUqY5AXz2o74cLzzS8wHwYD
+VR0jBBgwFoAUElRjSoVgKjUqY5AXz2o74cLzzS8wDwYDVR0TAQH/BAUwAwEB/zAK
+BggqhkjOPQQDAgNIADBFAiEA4yQ/88ZrUX68c6kOe9G11u8NUaUzd8pLOtkKhniN
+OHoCIHmNX37JOqTcTzGn2u9+c8NlnvZ0uDvsd1BmKPaUmjmm
+-----END CERTIFICATE-----`
+
+----------------------------------------------------
+
+[
+	["string", "\"\""],
+	["string", "\"foo\\\"bar\""],
+	["string", "`raw-string`"],
+
+	"\r\n\r\njwks ",
+	["operator", "="],
+	["string", "`{\r\n    \"keys\": [{\r\n        \"kty\":\"EC\",\r\n        \"crv\":\"P-256\",\r\n        \"x\":\"z8J91ghFy5o6f2xZ4g8LsLH7u2wEpT2ntj8loahnlsE\",\r\n        \"y\":\"7bdeXLH61KrGWRdh7ilnbcGQACxykaPKfmBccTHIOUo\"\r\n    }]\r\n}`"],
+
+	"\r\n\r\ncert ",
+	["operator", "="],
+	["string", "`-----BEGIN CERTIFICATE-----\r\nMIIBcDCCARagAwIBAgIJAMZmuGSIfvgzMAoGCCqGSM49BAMCMBMxETAPBgNVBAMM\r\nCHdoYXRldmVyMB4XDTE4MDgxMDE0Mjg1NFoXDTE4MDkwOTE0Mjg1NFowEzERMA8G\r\nA1UEAwwId2hhdGV2ZXIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATPwn3WCEXL\r\nmjp/bFniDwuwsfu7bASlPae2PyWhqGeWwe23Xlyx+tSqxlkXYe4pZ23BkAAscpGj\r\nyn5gXHExyDlKo1MwUTAdBgNVHQ4EFgQUElRjSoVgKjUqY5AXz2o74cLzzS8wHwYD\r\nVR0jBBgwFoAUElRjSoVgKjUqY5AXz2o74cLzzS8wDwYDVR0TAQH/BAUwAwEB/zAK\r\nBggqhkjOPQQDAgNIADBFAiEA4yQ/88ZrUX68c6kOe9G11u8NUaUzd8pLOtkKhniN\r\nOHoCIHmNX37JOqTcTzGn2u9+c8NlnvZ0uDvsd1BmKPaUmjmm\r\n-----END CERTIFICATE-----`"]
+]
+
+----------------------------------------------------
+
+Checks for strings.
				`@ -0,0 +1 @@`
				Prism.languages.rego={comment:/#./,property:{pattern:/(^\|[^\\.])(?:"(?:\\.\|[^\\"\r\n])"\|`[^`]`\|\b[a-z_]\w\b)(?=\s:(?!=))/i,lookbehind:!0,greedy:!0},string:{pattern:/(^\|[^\\])"(?:\\.\|[^\\"\r\n])"\|`[^`]`/,lookbehind:!0,greedy:!0},keyword:/\b(?:as\|default\|else\|import\|package\|not\|null\|some\|with\|set(?=\s\())\b/,boolean:/\b(?:true\|false)\b/,function:{pattern:/\b[a-z_]\w\b(?:\s\.\s\b[a-z_]\w\b)(?=\s\()/i,inside:{namespace:/\b\w+\b(?=\s\.)/,punctuation:/\./}},number:/-?\b\d+(?:\.\d+)?(?:e[+-]?\d+)?\b/i,operator:/[-+/%\|&]\|[<>:=]=?\|!=\|\b_\b/,punctuation:/[,;.\[\]{}()]/};