search

cedar-policy / cedar

Implementation of the Cedar Policy Language
https://www.cedarpolicy.com
Apache License 2.0
896 stars 80 forks source link

Warn non-strict CIDR notations #686

Open shaobo-he-aws opened 9 months ago

shaobo-he-aws commented 9 months ago

Describe the improvement you'd like to request

A CIDR notation is strict if its host bits are all 0s. But we allow non-strict CIDR notations, which have been a source of confusion. We should give warnings about them.

Describe alternatives you've considered

No response

Additional context

No response

Is this something that you'd be interested in working on?

memark commented 6 months ago

I can help out with this, but the extension function meta-level is a bit abstract for me.

I have found the ipaddr.rs/get_argument_check() and more specifically ipaddr.rs/validate_ip_string(), but it returns a Result.

Where would I implement a check that could return a warning for a non-strict cidr?

cdisselkoen commented 6 months ago

We don't right now have a way for extension functions to return warnings; we'd have to build one as part of this issue.

memark commented 6 months ago

I see. That's a bit over my head. Once and if the warning system is in place, I'd be happy to tackle the pure cidr validation part, if need be.