Slim down the SQL policy verifier and separate it from datalog_policy_verifier. #755
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![copybara-service[bot]](https://avatars.githubusercontent.com/in/44061?s=60&v=4){kind=small}
copybara-service
bot
force-pushed
the
test_479677692
branch
2 times, most recently
from
2c9d849 to
7ee871f
Compare
copybara-service
bot
force-pushed
the
test_479677692
branch
from
7ee871f to
0ebccbb
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Slim down the SQL policy verifier and separate it from datalog_policy_verifier.
In the early days of Raksha, we created the
datalog_policy_verifier. This was before we understood that the Souffle language and the Souffle internal architecture meant that we would have to create a separate library per policy interface, and that having one Souffle library to serve all of our needs probably wasn't going to cut it.Others coming to the Raksha project saw the name and, quite reasonably, believed it was the generic Raksha analysis rather than a SQL-verifier-specific analysis. Attempts to use this library as a generic policy library made it bloated and tangled.
This commit attempts to move us to a better state by separating out the SQL policy verifier into a separate
sql_policy_verifier_interfaceand associatedsql_policy_verifier. This allows slimming down that library and extracting it from the tangle. Thedatalog_policy_verifieris now not used for any production purpose, and we can clean it up at our leisure.Fixes #747
See #728