main/awall/check-against-definition-type-mismatch.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80

From 041b4b69c4e36a24342cfc3ce2e1a7a7307ad492 Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Tue, 1 Jul 2014 11:27:52 +0300
Subject: check against definition type mismatch (objects vs. arrays)

fixes #3098

diff --git a/awall/policy.lua b/awall/policy.lua
index efd52e0..093390d 100644
--- a/awall/policy.lua
+++ b/awall/policy.lua
@@ -11,7 +11,9 @@ local raise = require('awall.uerror').raise
 
 local util = require('awall.util')
 local contains = util.contains
+local keys = util.keys
 local listpairs = util.listpairs
+local map = util.map
 
 
 local json = require('cjson')
@@ -29,7 +31,7 @@ end
 function PolicyConfig:expand()
 
    local function expand(value)
-      if type(value) == 'table' then return util.map(value, expand) end
+      if type(value) == 'table' then return map(value, expand) end
 
       local visited = {}
       local pattern = '%$(%a[%w_]*)'
@@ -212,22 +214,37 @@ function PolicySet:load()
 	       input[cls] = objs
 	       for k, v in pairs(objs) do source[cls][k] = name end
 
-	    elseif objs[1] then
-	       local last = #input[cls]
-	       util.extend(input[cls], objs)
-	       for i = 1,#objs do source[cls][last + i] = name end
-
 	    else
-	       for k, v in pairs(objs) do
-		  input[cls][k] = v
-		  source[cls][k] = name
+	       local fk = next(input[cls])
+	       map(
+		  keys(objs),
+		  function(k)
+		     if type(k) ~= type(fk) then
+			raise(
+			   'Type mismatch in '..cls..' definitions ('..
+			      name..', '..source[cls][fk]..')'
+			)
+		     end
+		  end
+	       )
+
+	       if objs[1] then
+		  local last = #input[cls]
+		  util.extend(input[cls], objs)
+		  for i = 1,#objs do source[cls][last + i] = name end
+
+	       else
+		  for k, v in pairs(objs) do
+		     input[cls][k] = v
+		     source[cls][k] = name
+		  end
 	       end
 	    end
 	 end
       end
    end
 
-   return PolicyConfig(input, source, util.keys(imported))
+   return PolicyConfig(input, source, keys(imported))
 end
 
 return PolicySet
-- 
cgit v0.10.1