jcasbin | Error due to double quotes in Policy Definition

casbin / jcasbin

An authorization library that supports access control models like ACL, RBAC, ABAC in Java

https://casbin.org

Apache License 2.0

2.4k stars 464 forks source link

jcasbin | Error due to double quotes in Policy Definition #184

Closed rachnaaggarwal closed 3 years ago

rachnaaggarwal commented 3 years ago

Hello, I am trying to do a POC on using ABAC via "jcasbin" and I am facing an issue related to the CSV Parsing of the policy. I am using the 1.8.1 version where the CSV Parser logic was changed (#158). My policy includes double quotes and CSV Parser is failing with the following error: java.io.IOException: (line 1) invalid char between encapsulated token and delimiter

Here is the policy file: p,"\"test1\".equals(r.sub)","r.obj","PUT"

Could you please help with this?

rachnaaggarwal commented 3 years ago

@shy1st Yes, that is perfectly fine!

Thanks, Rachna

shy1st commented 3 years ago

@rachnaaggarwal Sorry, there may be some problems with what I said before. This may not be our problem. Please add a space to “p," like this: p, "\"test1\".equals(r.sub)","r.obj","PUT"

rachnaaggarwal commented 3 years ago

@shy1st adding a space worked!

Thanks, Rachna

hsluoyz commented 3 years ago

@shy1st why need to add space? I think that line without space is still valid CSV?

hsluoyz commented 3 years ago

We need to support space in .csv policy file.

shy1st commented 3 years ago

It support the space, I have been consulting for information on the Internet recently, but I still don't know why this doesn't split fields.The CSV parser will only treat it as a field. p,"\"test1\".equals(r.sub)","r.obj","PUT"

hsluoyz commented 3 years ago

@shy1st my bad. I mean we should support CSV without space. Plz send issue to Apache Commons for this question.

shy1st commented 3 years ago

@hsluoyz I think this statement just doesn't follow the rules of CSV and doesn't need support.

hsluoyz commented 3 years ago

@rachnaaggarwal your CSV line is invalid CSV. The following is correct:

p,"""test1"".equals(r.sub)","r.obj","PUT"

https://stackoverflow.com/questions/17808511/properly-escape-a-double-quote-in-csv

RFC-4180, paragraph "If double-quotes are used to enclose fields, then a double-quote appearing inside a field must be escaped by preceding it with another double quote."

Also see: https://csvjson.com/csv2json

rachnaaggarwal commented 3 years ago

@rachnaaggarwal your CSV line is invalid CSV. The following is correct:
p,"""test1"".equals(r.sub)","r.obj","PUT"
https://stackoverflow.com/questions/17808511/properly-escape-a-double-quote-in-csv

RFC-4180, paragraph "If double-quotes are used to enclose fields, then a double-quote appearing inside a field must be escaped by preceding it with another double quote."

Also see: https://csvjson.com/csv2json

I see, thanks for looking into this!