Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

panic: Safety check panics on non-var reference heads #2649

Closed
tsandall opened this issue Aug 21, 2020 · 0 comments
Closed

panic: Safety check panics on non-var reference heads #2649

tsandall opened this issue Aug 21, 2020 · 0 comments
Assignees
@tsandall
Labels
bug
Projects
Open Policy Agent

Comments

@tsandall
Copy link
Member

This was caught by the nightly fuzz testing. To reproduce:

$ opa run
OPA 0.24.0-dev (commit b5f4c576-dirty, built at 2020-08-21T16:20:51Z)

Run 'help' to see a list of commands and check for updates.

> f([][0]) { true }
panic: interface conversion: ast.Value is *ast.Array, not ast.Var [recovered]
        panic: interface conversion: ast.Value is *ast.Array, not ast.Var

goroutine 1 [running]:
github.com/open-policy-agent/opa/ast.(*Compiler).compile.func1()
        /home/torin/src/opa/ast/compile.go:881 +0x73
panic(0xbdbc20, 0xc0003c32f0)
        /usr/lib/go-1.13/src/runtime/panic.go:679 +0x1b2
github.com/open-policy-agent/opa/ast.outputVarsForTerms.func1(0xc0004b4ea0, 0xc0004ea300)
        /home/torin/src/opa/ast/compile.go:2481 +0x1db
github.com/open-policy-agent/opa/ast.WalkTerms.func1(0xc6d700, 0xc0004b4ea0, 0xc0005526c0)
        /home/torin/src/opa/ast/visit.go:181 +0x42
github.com/open-policy-agent/opa/ast.(*GenericVisitor).Walk(0xc0004ea588, 0xc6d700, 0xc0004b4ea0)
        /home/torin/src/opa/ast/visit.go:270 +0x5b
github.com/open-policy-agent/opa/ast.(*GenericVisitor).Walk(0xc0004ea588, 0xc9cbc0, 0xc0003783c0)
        /home/torin/src/opa/ast/visit.go:320 +0x195
github.com/open-policy-agent/opa/ast.WalkTerms(0xc9cbc0, 0xc0003783c0, 0xc0004ea5d0)
        /home/torin/src/opa/ast/visit.go:185 +0x70

The problem seems to be that these references are not being rewritten.
@tsandall tsandall added the bug label Aug 21, 2020
@tsandall tsandall added this to TODO (Things That Should Be Done) in Open Policy Agent via automation Aug 21, 2020
@tsandall tsandall moved this from TODO (Things That Should Be Done) to In Progress in Open Policy Agent Aug 21, 2020
@tsandall tsandall self-assigned this Aug 21, 2020
tsandall added a commit to tsandall/opa that referenced this issue Aug 25, 2020
@tsandall
ast: Fix compiler to expand exprs in rule args
8a411ef 
Previously the compiler was not rewriting expr terms in the rule
args. In particular, this meant that indirect refs were not being
rewritten. This would lead to panics in the safety check which assume
that indirect refs have been rewritten (in other words, that reference
heads are always variables.)

This commit just updates the expr term rewriting to process rule args
as it does for the rule head key and value terms.

Fixes open-policy-agent#2649

Signed-off-by: Torin Sandall <torinsandall@gmail.com>
Open Policy Agent automation moved this from In Progress to Done Aug 25, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tsandall tsandall

Labels
bug
Projects
Open Policy Agent
  
Done
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tsandall