Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Socket
Sign inDemoInstall

@lifeomic/abac

Package Overview
Dependencies
Maintainers
2
Versions
42
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@lifeomic/abac - npm Package Compare versions

Comparing version 1.3.0 to 2.0.0

dist/index.js.map
dist/schemas/index.js.map
lib/index.js
lib/index.js.map
lib/schemas/Comparison.json
lib/schemas/index.js
lib/schemas/index.js.map
lib/schemas/OperationNames.json
lib/schemas/Policy.json
lib/schemas/Rule.json
lib/schemas/Rules.json
module/index.js
module/index.js.map
module/schemas/Comparison.json
module/schemas/index.js
module/schemas/index.js.map
module/schemas/OperationNames.json
module/schemas/Policy.json
module/schemas/Rule.json
module/schemas/Rules.json

352

dist/index.js
'use strict';
var _asyncToGenerator2 = require('babel-runtime/helpers/asyncToGenerator');
var _asyncToGenerator3 = _interopRequireDefault(_asyncToGenerator2);
var _keys = require('babel-runtime/core-js/object/keys');

@@ -11,10 +7,2 @@

var _slicedToArray2 = require('babel-runtime/helpers/slicedToArray');
var _slicedToArray3 = _interopRequireDefault(_slicedToArray2);
var _getIterator2 = require('babel-runtime/core-js/get-iterator');
var _getIterator3 = _interopRequireDefault(_getIterator2);
var _entries = require('babel-runtime/core-js/object/entries');

@@ -58,52 +46,31 @@

var _iteratorNormalCompletion = true;
var _didIteratorError = false;
var _iteratorError = undefined;
for (const policy of policies) {
validate(policy);
(0, _entries2.default)(policy.rules).forEach(([operation, rules]) => {
if (rules === true) {
// It is safe to ignore the injection attach here because the operation
// name has been validated by the policy schema before getting this far
// eslint-disable-next-line security/detect-object-injection
result[operation] = true;
try {
for (var _iterator = (0, _getIterator3.default)(policies), _step; !(_iteratorNormalCompletion = (_step = _iterator.next()).done); _iteratorNormalCompletion = true) {
const policy = _step.value;
validate(policy);
(0, _entries2.default)(policy.rules).forEach(([operation, rules]) => {
if (rules === true) {
// It is safe to ignore the injection attach here because the operation
// name has been validated by the policy schema before getting this far
// eslint-disable-next-line security/detect-object-injection
} else if (result[operation]) {
// It is safe to ignore the injection attach here because the operation
// name has been validated by the policy schema before getting this far
// eslint-disable-next-line security/detect-object-injection
if (result[operation] !== true) {
// It is safe to ignore the injection attach here because the operation
// name has been validated by the policy schema before getting this far
// eslint-disable-next-line security/detect-object-injection
result[operation] = true;
// It is safe to ignore the injection attach here because the operation
// name has been validated by the policy schema before getting this far
// eslint-disable-next-line security/detect-object-injection
} else if (result[operation]) {
// It is safe to ignore the injection attach here because the operation
// name has been validated by the policy schema before getting this far
// eslint-disable-next-line security/detect-object-injection
if (result[operation] !== true) {
// It is safe to ignore the injection attach here because the operation
// name has been validated by the policy schema before getting this far
// eslint-disable-next-line security/detect-object-injection
result[operation].push(...rules);
}
} else {
// It is safe to ignore the injection attach here because the operation
// name has been validated by the policy schema before getting this far
// eslint-disable-next-line security/detect-object-injection
result[operation] = [...rules];
result[operation].push(...rules);
}
});
}
} catch (err) {
_didIteratorError = true;
_iteratorError = err;
} finally {
try {
if (!_iteratorNormalCompletion && _iterator.return) {
_iterator.return();
} else {
// It is safe to ignore the injection attach here because the operation
// name has been validated by the policy schema before getting this far
// eslint-disable-next-line security/detect-object-injection
result[operation] = [...rules];
}
} finally {
if (_didIteratorError) {
throw _iteratorError;
}
}
});
}

@@ -121,32 +88,11 @@

const path = name.split('.');
var _iteratorNormalCompletion2 = true;
var _didIteratorError2 = false;
var _iteratorError2 = undefined;
try {
for (var _iterator2 = (0, _getIterator3.default)(path), _step2; !(_iteratorNormalCompletion2 = (_step2 = _iterator2.next()).done); _iteratorNormalCompletion2 = true) {
const field = _step2.value;
if (attributes) {
// It is safe to ignore the injection attach here because the attribute
// name has been validated by the policy schema before getting this far
// eslint-disable-next-line security/detect-object-injection
attributes = attributes[field];
} else {
return undefined;
}
for (const field of path) {
if (attributes) {
// It is safe to ignore the injection attach here because the attribute
// name has been validated by the policy schema before getting this far
// eslint-disable-next-line security/detect-object-injection
attributes = attributes[field];
} else {
return undefined;
}
} catch (err) {
_didIteratorError2 = true;
_iteratorError2 = err;
} finally {
try {
if (!_iteratorNormalCompletion2 && _iterator2.return) {
_iterator2.return();
}
} finally {
if (_didIteratorError2) {
throw _iteratorError2;
}
}
}

@@ -157,3 +103,3 @@

const getCompareValue = function getCompareValue(condition, attributes) {
const getCompareValue = function (condition, attributes) {
if ('target' in condition) {

@@ -191,38 +137,12 @@ return getAttribute(attributes, condition.target);

const result = {};
var _iteratorNormalCompletion3 = true;
var _didIteratorError3 = false;
var _iteratorError3 = undefined;
try {
for (var _iterator3 = (0, _getIterator3.default)((0, _entries2.default)(rule)), _step3; !(_iteratorNormalCompletion3 = (_step3 = _iterator3.next()).done); _iteratorNormalCompletion3 = true) {
const _ref = _step3.value;
var _ref2 = (0, _slicedToArray3.default)(_ref, 2);
const name = _ref2[0];
const condition = _ref2[1];
const value = getAttribute(attributes, name);
if (value === undefined) {
// It is safe to ignore the injection attach here because the attribute
// name has been validated by the policy schema before getting this far
// eslint-disable-next-line security/detect-object-injection
result[name] = condition;
} else if (!compare(condition, value, attributes)) {
return false;
}
for (const [name, condition] of (0, _entries2.default)(rule)) {
const value = getAttribute(attributes, name);
if (value === undefined) {
// It is safe to ignore the injection attach here because the attribute
// name has been validated by the policy schema before getting this far
// eslint-disable-next-line security/detect-object-injection
result[name] = condition;
} else if (!compare(condition, value, attributes)) {
return false;
}
} catch (err) {
_didIteratorError3 = true;
_iteratorError3 = err;
} finally {
try {
if (!_iteratorNormalCompletion3 && _iterator3.return) {
_iterator3.return();
}
} finally {
if (_didIteratorError3) {
throw _iteratorError3;
}
}
}

@@ -244,30 +164,9 @@

var _iteratorNormalCompletion4 = true;
var _didIteratorError4 = false;
var _iteratorError4 = undefined;
try {
for (var _iterator4 = (0, _getIterator3.default)(rules), _step4; !(_iteratorNormalCompletion4 = (_step4 = _iterator4.next()).done); _iteratorNormalCompletion4 = true) {
const rule = _step4.value;
const reducedRule = reduceRule(rule, attributes);
if (reducedRule === true) {
return true;
} else if (reducedRule) {
result.push(reducedRule);
}
for (const rule of rules) {
const reducedRule = reduceRule(rule, attributes);
if (reducedRule === true) {
return true;
} else if (reducedRule) {
result.push(reducedRule);
}
} catch (err) {
_didIteratorError4 = true;
_iteratorError4 = err;
} finally {
try {
if (!_iteratorNormalCompletion4 && _iterator4.return) {
_iterator4.return();
}
} finally {
if (_didIteratorError4) {
throw _iteratorError4;
}
}
}

@@ -285,24 +184,32 @@

*/
const reduce = (() => {
var _ref3 = (0, _asyncToGenerator3.default)(function* (policy, attributes) {
const result = {};
const reduce = async (policy, attributes) => {
return reduceSync(policy, attributes);
};
validate(policy);
(0, _entries2.default)(policy.rules).forEach(function ([operation, rules]) {
rules = reduceRules(rules, attributes);
if (rules === true || Array.isArray(rules) && rules.length > 0) {
// It is safe to ignore the injection attach here because the operation name
// comes from the policy which has been validated already.
// eslint-disable-next-line security/detect-object-injection
result[operation] = rules;
}
});
/**
* Performs a synchronous reduction for whether the given policy might
* allow the operations. This function's intended use is for
* client applications that need a simple check to disable
* or annotate UI elements.
* @param {object} policy - the policy to evaluate
* @param {object} attributes - the attributes to use for the evaluation
* @returns {object} the policy reduced to conditions involving attributes not not given
* @throws {Error} if the policy is invalid
*/
const reduceSync = (policy, attributes) => {
const result = {};
return { rules: result };
validate(policy);
(0, _entries2.default)(policy.rules).forEach(([operation, rules]) => {
rules = reduceRules(rules, attributes);
if (rules === true || Array.isArray(rules) && rules.length > 0) {
// It is safe to ignore the injection attach here because the operation name
// comes from the policy which has been validated already.
// eslint-disable-next-line security/detect-object-injection
result[operation] = rules;
}
});
return function reduce(_x, _x2) {
return _ref3.apply(this, arguments);
};
})();
return { rules: result };
};

@@ -317,37 +224,34 @@ /**

*/
const enforce = (() => {
var _ref4 = (0, _asyncToGenerator3.default)(function* (operation, policy, attributes) {
// Before using the policy, make sure it's valid
validate(policy);
const enforce = async (operation, policy, attributes) => {
// Before using the policy, make sure it's valid
validate(policy);
// It is safe to ignore the injection attach here because the operation name has been validated
// against the allowed operation names
// eslint-disable-next-line security/detect-object-injection
const rules = policy.rules && policy.rules[operation] ? policy.rules[operation] : [];
return (yield reduceRules(rules, attributes)) === true;
});
// It is safe to ignore the injection attach here because the operation name has been validated
// against the allowed operation names
// eslint-disable-next-line security/detect-object-injection
const rules = policy.rules && policy.rules[operation] ? policy.rules[operation] : [];
return reduceRules(rules, attributes) === true;
};
return function enforce(_x3, _x4, _x5) {
return _ref4.apply(this, arguments);
};
})();
/**
* Performs a synchronous check for whether the given partially
* evaluated policy allows the operation. It's intended use is for
* client applications that need a simple check to disable UI elements.
* Performs a synchronous check for whether the given policy might
* allow the operation. This function's intended use is for
* client applications that need a simple check to disable
* or annotate UI elements.
* @param {string} operation - the requested operation
* @param {object} policy - the policy to use to check access
* @param {object} attributes - the attributes to use to check access
* @returns {boolean} true iff access is allowed, and false otherwise
* @throws {Error} Error if the policy is invalid
*/
const enforceSync = (operation, policy) => {
const enforceSync = (operation, policy, attributes) => {
// Before using the policy, make sure it's valid
validate(policy);
// TODO: Add support for supplying attributes for rule evaluation
// It is safe to ignore the injection attach here because the operation name has been validated
// against the allowed operation names
// eslint-disable-next-line security/detect-object-injection
return policy.rules && policy.rules[operation] === true;
const rules = policy.rules && policy.rules[operation] ? policy.rules[operation] : [];
const reducedRules = reduceRules(rules, attributes);
return reducedRules && (reducedRules === true || reducedRules.length > 0);
};

@@ -364,39 +268,40 @@

*/
const enforceAny = (() => {
var _ref5 = (0, _asyncToGenerator3.default)(function* (operations, policy, attributes) {
var _iteratorNormalCompletion5 = true;
var _didIteratorError5 = false;
var _iteratorError5 = undefined;
const enforceAny = async (operations, policy, attributes) => {
for (const operation of operations) {
if (await enforce(operation, policy, attributes)) {
return operation;
}
}
try {
for (var _iterator5 = (0, _getIterator3.default)(operations), _step5; !(_iteratorNormalCompletion5 = (_step5 = _iterator5.next()).done); _iteratorNormalCompletion5 = true) {
const operation = _step5.value;
return false;
};
if (yield enforce(operation, policy, attributes)) {
return operation;
}
}
} catch (err) {
_didIteratorError5 = true;
_iteratorError5 = err;
} finally {
try {
if (!_iteratorNormalCompletion5 && _iterator5.return) {
_iterator5.return();
}
} finally {
if (_didIteratorError5) {
throw _iteratorError5;
}
}
}
/**
* Return the list of privileges that the given policy
* allows against the given attributes.
* @param {object} policy - the policy to use to check access
* @param {object} attributes - the attributes to use to check access
* @returns {string[]} - the list of privileges
* @throws {Error} Error if the policy is invalid
*/
const privileges = async (policy, attributes) => {
const rules = (await reduce(policy, attributes)).rules;
return (0, _entries2.default)(rules).filter(([, rules]) => rules === true).map(([privilege]) => privilege);
};
return false;
});
/**
* Synchronously return the list of privileges that the given policy
* might allow against the given attributes. This function's intended use is for
* client applications that need a simple check to disable
* or annotate UI elements.
* @param {object} policy - the policy to use to check access
* @param {object} attributes - the attributes to use to check access
* @returns {string[]} - the list of privileges
* @throws {Error} Error if the policy is invalid
*/
const privilegesSync = (policy, attributes) => {
const rules = reduceSync(policy, attributes).rules;
return (0, _entries2.default)(rules).map(([privilege]) => privilege);
};
return function enforceAny(_x6, _x7, _x8) {
return _ref5.apply(this, arguments);
};
})();
module.exports = {

@@ -408,3 +313,6 @@ validate,

enforceSync,
enforceAny
};
enforceAny,
privilegesSync,
privileges
};
//# sourceMappingURL=index.js.map

3

dist/schemas/index.js

@@ -9,2 +9,3 @@ 'use strict';

OperationNames: require('./OperationNames.json')
};
};
//# sourceMappingURL=index.js.map

85

package.json
{
"name": "@lifeomic/abac",
"version": "1.3.0",
"version": "2.0.0",
"description": "Lifeomic Attribute Based Access Control Support Module",
"main": "dist/index.js",
"main": "./dist/index.js",
"browser": "./lib/index.js",
"module": "./module/index.js",
"repository": "ssh://git@bitbucket.org/lifeomic/abac.git",

@@ -14,4 +16,8 @@ "author": "LifeOmic <development@lifeomic.com>",

"jenkins-test": "ENV=ava ava --tap | tap-xunit --package unit > test-report.xml",
"build": "babel src --out-dir dist --copy-files",
"lifeomic-publish-npm-package": "lifeomic-publish-npm-package --publish-tagged-commits-only"
"build-browser": "BABEL_ENV=browser babel ./src --out-dir ./lib --source-maps --copy-files",
"build-module": "BABEL_ENV=module babel ./src --out-dir ./module --source-maps --copy-files",
"build-node": "babel ./src --out-dir ./dist --source-maps --copy-files",
"build": "yarn build-node && yarn build-browser && yarn build-module",
"lifeomic-publish-npm-package": "lifeomic-publish-npm-package --publish-tagged-commits-only",
"clean": "rm -rf dist lib module"
},

@@ -24,2 +30,3 @@ "devDependencies": {

"babel-cli": "6.26.0",
"babel-plugin-transform-class-properties": "^6.24.1",
"babel-plugin-transform-object-rest-spread": "^6.26.0",

@@ -49,16 +56,58 @@ "babel-plugin-transform-runtime": "^6.23.0",

"babel": {
"plugins": [
"transform-object-rest-spread",
"transform-runtime"
],
"presets": [
[
"env",
{
"targets": {
"node": 6
}
}
]
]
"env": {
"development": {
"presets": [
[
"babel-preset-env",
{
"targets": {
"node": "8.10"
}
}
]
],
"plugins": [
"transform-object-rest-spread",
"transform-class-properties",
"transform-runtime"
]
},
"browser": {
"presets": [
[
"babel-preset-env",
{
"targets": {
"browsers": "last 2 versions, ie 10-11"
},
"modules": false
}
]
],
"plugins": [
"transform-object-rest-spread",
"transform-class-properties",
"transform-runtime"
]
},
"module": {
"presets": [
[
"babel-preset-env",
{
"targets": {
"node": "8.10"
},
"modules": false
}
]
],
"plugins": [
"transform-object-rest-spread",
"transform-class-properties",
"transform-runtime"
]
}
},
"sourceMaps": true
},

@@ -65,0 +114,0 @@ "dependencies": {

.snyk
project.name
yarn.lock
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc