search

wso2 / balana

Apache License 2.0
122 stars 108 forks source link

NullPointerException when use VariableReference inside of AttributeAssignmentExpression #149

Open MiguelAng86 opened 3 years ago

MiguelAng86 commented 3 years ago

Description: When I use a VariableReference inside of AttributeAssignmentExpression to avoid duplicate code, the code throw a NullPointerException.

I saw that this explote in the class VariableReference, line 164. The reason is that in the getReferencedDefinition() method of the same class, the manager variable is null when the VariableReference is used inside of a Advice or Obligation Expression.

Steps to reproduce: This case it can reproduce if it modify the TestPolicy_0003.xml with this xml:

<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="TestPolicy0001"
        RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"
        Version="1.0">
    <Description>Advance Test policy 0003. This has been written for jira COMMONS-97.
        Use case : Users who is from asela.com can only see read patient data whose registered email is
        from asela.com domain.  Advice is returned with patient id of the permitted patient data.
        First XPath evaluation is done with respect to multiple:content-selector. This would creates
        the multiple XACML request. Then each XACML request is evaluated with Attribute selector.
        Here content element has been bounded with custom namespace and prefix
    </Description>
    <PolicyDefaults>
        <XPathVersion>http://www.w3.org/TR/1999/REC-xpath-19991116</XPathVersion>
    </PolicyDefaults>
    <VariableDefinition VariableId="test">
        <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
            <AttributeSelector MustBePresent="false"
                               ContextSelectorId="urn:oasis:names:tc:xacml:3.0:content-selector"
                               Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
                               Path="/ak:patient/ak:patientId/text()"
                               DataType="http://www.w3.org/2001/XMLSchema#string"/>
        </Apply>
    </VariableDefinition>
    <Target>
        <AnyOf>
            <AllOf>
                <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
                    <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
                    <AttributeDesignator MustBePresent="false"
                                         Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"
                                         AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
                                         DataType="http://www.w3.org/2001/XMLSchema#string"/>
                </Match>
            </AllOf>
        </AnyOf>
    </Target>
    <Rule RuleId="rule1" Effect="Permit">
    <Description>Rule to match value in content element using XPath</Description>
        <Target>
            <AnyOf>
                <AllOf>
                    <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">@asela.com</AttributeValue>
                        <AttributeSelector MustBePresent="false"
                                           ContextSelectorId="urn:oasis:names:tc:xacml:3.0:content-selector"
                                           Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
                                           Path="//ak:email/text()"
                                           DataType="http://www.w3.org/2001/XMLSchema#string"/>
                    </Match>
                </AllOf>
            </AnyOf>
        </Target>
        <Condition>
            <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
                <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">@asela.com</AttributeValue>
                <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
                    <AttributeSelector MustBePresent="false"
                            ContextSelectorId="urn:oasis:names:tc:xacml:3.0:content-selector"
                            Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
                            Path="/ak:patient/ak:patientContact/ak:email/text()"
                            DataType="http://www.w3.org/2001/XMLSchema#string"/>
                </Apply>
            </Apply>
        </Condition>
        <AdviceExpressions>
            <AdviceExpression AdviceId="patientId" AppliesTo="Permit">
                <AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:example:attribute:text">
                    <VariableReference VariableId="test"/>
                </AttributeAssignmentExpression>
            </AdviceExpression>
        </AdviceExpressions>
    </Rule>
    <Rule RuleId="rule2" Effect="Deny">
        <Description>Deny rule</Description>
    </Rule>
</Policy>

Thank you in advance. Regards.