Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@solidlab/policy-engine
Advanced tools
![NPM Version](https://img.shields.io/npm/v/%40solidlab%2Fpolicy-engine)
This package provides support for both Web Access Control(WAC) and Access Control Policies(ACP) authorization.
This is the minimal interface of external functions a policy engine needs to be able to determine a result.
Due to the nature of Solid, an engine needs a way to find the parent container of a resource.
This is done through the getParent
function,
which should return the identifier of the parent container,
or undefined
if the input is a root storage container.
Besides that the engine also needs a way to receive the relevant authorization data for a resource.
In the case of WAC this would be the contents of the corresponding ACL resource.
The getAuthorizationData
should return this data if it exists,
and undefined
otherwise.
This package does not provide an implementation of this interface as this depends on the Solid server implementation.
It is recommended to have some form of caching for getAuthorizationData
.
This is the core interface for the package.
getPermissions
is used to determine the permissions,
while getPermissionsWithReport
does the same but also generates an RDF report indicating how the result was achieved.
The contents of the report depend on the type of authorization,
as this will differ between WAC and ACP.
An implementation of PolicyEngine
that converts ACL permissions to more generic permissions.
It takes into account how ACL permissions have to be interpreted.
Specifically applies the following three rules:
acl:Write
implies acl:Append
.acl:Write
on the target, and acl:Append
on the parent.acl:Write
on the target, and acl:Write
on the parent.These are the classes and interfaces specifically for WAC.
The WacRepository
interface is used to determine the WAC authorization objects
that are relevant when determining permissions for the given target.
The ManagedWacRepository
is an actual implementation that makes use of a AuthorizationManager
to achieve this goal.
The WacPolicyEngine
is an implementation of PolicyEngine
for WAC authorization.
It requires a WacRepository
to do the initial filtering.
It then uses an AccessChecker
to determine which of these authorizations are valid
and generates its result based on that.
There are several ways a WAC authorization might be valid: the credentials could have a matching agent, the agent could be part of the correct class, or the agent could be part of a matching group.
For each of those there is a separate access checker,
and the result of these can then be combined using a UnionAccessChecker
.
In practice this means you generally want to define your AccessChecker
as follows:
const accessChecker = new UnionAccessChecker([
new AgentAccessChecker(),
new AgentClassAccessChecker(),
new AgentGroupAccessChecker(),
])
These are the classes and interfaces specifically for ACP. These work similarly to the WAC classes.
The AcpRepository
interface is used to determine the ACP authorization objects
that are relevant when determining permissions for the given target.
The ManagedAcpRepository
is an actual implementation that makes use of a AuthorizationManager
to achieve this goal.
The AcpPolicyEngine
is an implementation of PolicyEngine
for ACP authorization.
It requires a AcpRepository
to do the initial filtering.
Below is an example of how these classes can be set up and used to generate a permission report. The example focuses on WAC, but would be quite similar for ACP.
// The manager is an external object, dependent on the server implementation
async function generateReport(
target: string,
credentials: Credentials,
manager: AuthorizationManager,
permissions?: string[]
): Promise<PermissionReport> {
// The AccessChecker determines if WAC authorizations are valid
const accessChecker = new UnionAccessChecker([
new AgentAccessChecker(),
new AgentClassAccessChecker(),
new AgentGroupAccessChecker(),
]);
// The engine needs a repository to get the authorizations
const wacEngine = new WacPolicyEngine(accessChecker, new ManagedWacRepository(wacManager));
// This engine will make sure the ACL permissions get interpreted correctly
const engine = new AclPermissionsEngine(wacEngine, manager);
// The engine can then generate a report for the given target and credentials
const report = await engine.getPermissionsWithReport(target, credentials, permissions);
}
The config folder contains Components.js configurations
which can be used in your project to add the necessary authorization components.
acp.json
contains the necessary parts for ACP authorization,
and wac.json
those for WAC.
urn:solidlab:policy-engine:AuthorizationManager
FAQs
![NPM Version](https://img.shields.io/npm/v/%40solidlab%2Fpolicy-engine)
The npm package @solidlab/policy-engine receives a total of 29 weekly downloads. As such, @solidlab/policy-engine popularity was classified as not popular.
We found that @solidlab/policy-engine demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.