From 09a6c16687d6592563589b180c300d0d4bb737cb Mon Sep 17 00:00:00 2001 From: Oliver Calder Date: Fri, 20 Sep 2024 00:01:08 -0500 Subject: [PATCH] i/p/requestrules: ignore internally duplicate pattern variants when adding rules Signed-off-by: Oliver Calder --- .../prompting/requestrules/requestrules.go | 3 +++ .../requestrules/requestrules_test.go | 24 +++++++++++++++++++ 2 files changed, 27 insertions(+) diff --git a/interfaces/prompting/requestrules/requestrules.go b/interfaces/prompting/requestrules/requestrules.go index f6d43a5a3b1..6830cee5d8a 100644 --- a/interfaces/prompting/requestrules/requestrules.go +++ b/interfaces/prompting/requestrules/requestrules.go @@ -461,6 +461,9 @@ func (rdb *RuleDB) addRulePermissionToTree(rule *Rule, permission string) []prom switch { case !exists: newVariantEntries[variantStr] = newEntry + case conflictingVariantEntry.RuleID == rule.ID: + // Rule has duplicate variant, so ignore it + return case rdb.isRuleWithIDExpired(conflictingVariantEntry.RuleID, rule.Timestamp): expiredRules[conflictingVariantEntry.RuleID] = true newVariantEntries[variantStr] = newEntry diff --git a/interfaces/prompting/requestrules/requestrules_test.go b/interfaces/prompting/requestrules/requestrules_test.go index 77ff288ed30..413c95ce161 100644 --- a/interfaces/prompting/requestrules/requestrules_test.go +++ b/interfaces/prompting/requestrules/requestrules_test.go @@ -617,6 +617,30 @@ func addRuleFromTemplate(c *C, rdb *requestrules.RuleDB, template *addRuleConten return rdb.AddRule(partial.User, partial.Snap, partial.Interface, constraints, partial.Outcome, partial.Lifespan, partial.Duration) } +func (s *requestrulesSuite) TestAddRuleDuplicateVariants(c *C) { + rdb, err := requestrules.New(s.defaultNotifyRule) + c.Assert(err, IsNil) + + ruleContents := &addRuleContents{ + User: s.defaultUser, + Snap: "nextcloud", + Interface: "home", + PathPattern: "/home/test/{{foo/{bar,baz},123},{123,foo{/bar,/baz}}}", + Permissions: []string{"read"}, + Outcome: prompting.OutcomeAllow, + Lifespan: prompting.LifespanForever, + Duration: "", + } + + var addedRules []*requestrules.Rule + rule, err := addRuleFromTemplate(c, rdb, ruleContents, ruleContents) + c.Check(err, IsNil) + c.Check(rule, NotNil) + addedRules = append(addedRules, rule) + s.checkWrittenRuleDB(c, addedRules) + s.checkNewNoticesSimple(c, nil, rule) +} + func (s *requestrulesSuite) TestAddRuleErrors(c *C) { rdb, err := requestrules.New(s.defaultNotifyRule) c.Assert(err, IsNil)