Cherry-pick PRs for release 4.1.x (#215)

Signed-off-by: Mohamed Amine Ouali <[email protected]> Signed-off-by: Shaobo He <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Nick Smirnov <[email protected]> Co-authored-by: amzn-mdamine <[email protected]> Co-authored-by: Kesha Hietala <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Nick Smirnov <[email protected]>
cedar-policy · Sep 30, 2024 · 9e5da69 · 9e5da69
1 parent 71cad62
commit 9e5da69
Show file tree

Hide file tree

Showing 6 changed files with 61 additions and 8 deletions.
diff --git a/CedarJava/build.gradle b/CedarJava/build.gradle
@@ -5,7 +5,7 @@ buildscript {
     }
   }
   dependencies {
-    classpath "com.github.spotbugs.snom:spotbugs-gradle-plugin:6.0.21"
+    classpath "com.github.spotbugs.snom:spotbugs-gradle-plugin:6.0.23"
     classpath "gradle.plugin.com.github.sherter.google-java-format:google-java-format-gradle-plugin:0.9"
   }
 }
@@ -78,14 +78,14 @@ configurations {
 dependencies {
     // Do not upgrade to Jackson 3.x without addressing stack overflow issues in ValueDeserializer
     // The upgrade should be reviewed by AppSec
-    implementation 'com.fasterxml.jackson.core:jackson-databind:2.17.2'
+    implementation 'com.fasterxml.jackson.core:jackson-databind:2.18.0'
     implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.17.2'
     implementation 'com.fizzed:jne:4.1.1'
-    implementation 'com.google.guava:guava:33.3.0-jre'
+    implementation 'com.google.guava:guava:33.3.1-jre'
     compileOnly 'com.github.spotbugs:spotbugs-annotations:4.8.6'
     testImplementation 'net.jqwik:jqwik:1.9.0'
-    testImplementation 'org.junit.jupiter:junit-jupiter-api:5.11.0'
-    testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.11.0'
+    testImplementation 'org.junit.jupiter:junit-jupiter-api:5.11.1'
+    testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.11.1'
 }
 
 def ffiDir = '../CedarJavaFFI'

diff --git a/CedarJava/src/main/java/com/cedarpolicy/model/policy/Policy.java b/CedarJava/src/main/java/com/cedarpolicy/model/policy/Policy.java
@@ -85,6 +85,11 @@ public String toJson() throws InternalException, NullPointerException {
         return toJsonJni(policySrc);
     }
 
+    public static Policy fromJson(String policyId, String policyJson) throws InternalException, NullPointerException {
+        var policyText = fromJsonJni(policyJson);
+        return new Policy(policyText, policyId);
+    }
+
     public static Policy parseStaticPolicy(String policyStr) throws InternalException, NullPointerException {
         var policyText = parsePolicyJni(policyStr);
         return new Policy(policyText, null);
@@ -100,4 +105,5 @@ private static native String parsePolicyTemplateJni(String policyTemplateStr)
             throws InternalException, NullPointerException;
 
     private native String toJsonJni(String policyStr) throws InternalException, NullPointerException;
+    private static native String fromJsonJni(String policyJsonStr) throws InternalException, NullPointerException;
 }
diff --git a/CedarJava/src/test/java/com/cedarpolicy/PolicyTests.java b/CedarJava/src/test/java/com/cedarpolicy/PolicyTests.java
@@ -91,4 +91,22 @@ public void policyTemplateToJsonFailureTests() throws InternalException {
             assertTrue(e.getMessage().contains("expected a static policy, got a template containing the slot ?resource"));
         }
     }
+
+    @Test
+    public void policyFromJsonTest() throws InternalException {
+        assertThrows(NullPointerException.class, () -> {
+            String nullJson = null;
+            Policy.fromJson(null, nullJson);
+        });
+        assertThrows(InternalException.class, () -> {
+            String invalidJson = "effect\":\"permit\",\"principal\":{\"op\":\"All\"},\"action\":{\"op\":\"All\"}";
+            Policy.fromJson(null, invalidJson);
+        });
+
+        String validJson = "{\"effect\":\"permit\",\"principal\":{\"op\":\"All\"},\"action\":{\"op\":\"All\"},"
+                + "\"resource\":{\"op\":\"All\"},\"conditions\":[]}";
+        Policy p = Policy.fromJson(null, validJson);
+        String actualJson = p.toJson();
+        assertEquals(validJson, actualJson);
+    }
 }
diff --git a/CedarJava/src/test/resources/formatted_policy.cedar b/CedarJava/src/test/resources/formatted_policy.cedar
@@ -3,4 +3,4 @@ permit (
   action == Action::"update",
   resource
 )
-when { resource.owner == principal };
+when { resource.owner == principal };
diff --git a/CedarJavaFFI/src/interface.rs b/CedarJavaFFI/src/interface.rs
@@ -386,6 +386,34 @@ fn to_json_internal<'a>(env: &mut JNIEnv<'a>, policy_jstr: JString<'a>) -> Resul
     }
 }
 
+#[jni_fn("com.cedarpolicy.model.policy.Policy")]
+pub fn fromJsonJni<'a>(mut env: JNIEnv<'a>, _: JClass, policy_json_jstr: JString<'a>) -> jvalue {
+    match from_json_internal(&mut env, policy_json_jstr) {
+        Err(e) => jni_failed(&mut env, e.as_ref()),
+        Ok(policy_text) => policy_text.as_jni(),
+    }
+}
+
+fn from_json_internal<'a>(
+    env: &mut JNIEnv<'a>,
+    policy_json_jstr: JString<'a>,
+) -> Result<JValueOwned<'a>> {
+    if policy_json_jstr.is_null() {
+        raise_npe(env)
+    } else {
+        let policy_json_jstring = env.get_string(&policy_json_jstr)?;
+        let policy_json_string = String::from(policy_json_jstring);
+        let policy_json_value: Value = serde_json::from_str(&policy_json_string)?;
+        match Policy::from_json(None, policy_json_value) {
+            Err(e) => Err(Box::new(e)),
+            Ok(p) => {
+                let policy_text = format!("{}", p);
+                Ok(JValueGen::Object(env.new_string(&policy_text)?.into()))
+            }
+        }
+    }
+}
+
 #[jni_fn("com.cedarpolicy.value.EntityIdentifier")]
 pub fn getEntityIdentifierRepr<'a>(mut env: JNIEnv<'a>, _: JClass, obj: JObject<'a>) -> jvalue {
     match get_entity_identifier_repr_internal(&mut env, obj) {

diff --git a/CedarJavaFFI/src/tests.rs b/CedarJavaFFI/src/tests.rs
@@ -509,7 +509,7 @@ mod entity_validation_tests {
     #[test]
     #[should_panic]
     fn validate_entities_invalid_json_fails() {
-        call_cedar("ValidateEntities", "{]");
+        let result = call_cedar("ValidateEntities", "{]");
     }
 
     #[test]
@@ -540,7 +540,8 @@ mod entity_validation_tests {
         let result = call_cedar("ValidateEntities", json_data.to_string().as_str());
         assert_failure(result.clone());
 
-        assert!(result.contains("unknown field `shape44`, expected `memberOfTypes` or `shape`"));
+        assert!(result
+            .contains("unknown field `shape44`, expected one of `memberOfTypes`, `shape`, `tags`"));
     }
 
     #[test]