Add new plugin, CC007, which parses and validates condition expressions. This addresses #123 .
It checks for things like:
left-hand-side of any boolean operation is a token denoting a variable. No numerics or quoted strings.
RHS of boolean operation matches the operation. Eg request.content Matches 20 is invalid, because Matches expects a string on the RHS. This plugin does not "know" about types of variables, so request.content > 20 will parse successfully, since the greaterthan operator accepts a numeric.
Use of single quote instead of double on any string.
Unknown or invalid operands. Eg fault.name = null is fine, fault.name = invalid_client is invalid. (The RHS should be quoted)
missing or extra parenthesis or quotes
known Operators. MatchesPath, Equals, etc. All the operators that are documented.
There is some overlap with an existing plugin, particularly CC005. While CC005 purports to look for unterminated strings, both CC005 and CC007 will flag unmatched parenthesis. We may need to adjust CC005 to reduce noise, so that each problem is flagged exactly once. CC007 may flag everything that CC005 flags, and more, in which case, CC007 may make CC005 obsolete. I haven't checked that. We may want to do that before merging.
Before this is accepted, we should talk about how this gets packaged. The grammar source is a .pegjs file, found in lib/peggy/Apigee-Condition.pegjs. Running that through the peggy package produces JavaScript. Right now, both the original source .pegjs file and the output .js file are part of this PR. There is a postinstall script that regenerates the output .js file. That seems like belt+suspenders - ship the output and also allow the postinstall to re-generate it. but I am not sure that's the right thing to do. I haven't tested the install with -g.
Add new plugin, CC007, which parses and validates condition expressions. This addresses #123 .
It checks for things like:
request.content Matches 20
is invalid, because Matches expects a string on the RHS. This plugin does not "know" about types of variables, sorequest.content > 20
will parse successfully, since the greaterthan operator accepts a numeric.fault.name = null
is fine,fault.name = invalid_client
is invalid. (The RHS should be quoted)There is some overlap with an existing plugin, particularly CC005. While CC005 purports to look for unterminated strings, both CC005 and CC007 will flag unmatched parenthesis. We may need to adjust CC005 to reduce noise, so that each problem is flagged exactly once. CC007 may flag everything that CC005 flags, and more, in which case, CC007 may make CC005 obsolete. I haven't checked that. We may want to do that before merging.
Before this is accepted, we should talk about how this gets packaged. The grammar source is a .pegjs file, found in lib/peggy/Apigee-Condition.pegjs. Running that through the peggy package produces JavaScript. Right now, both the original source .pegjs file and the output .js file are part of this PR. There is a postinstall script that regenerates the output .js file. That seems like belt+suspenders - ship the output and also allow the postinstall to re-generate it. but I am not sure that's the right thing to do. I haven't tested the install with
-g
.