GO-2025-3921: Coder accepts an APIKey beyond the linked OIDC expiry if there is no refresh token in github.com/coder/coder

regosql

package

v2.21.1 Latest Latest Go to latest Published: Apr 23, 2025 License: AGPL-3.0 Imports: 7 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/coder/coder

Links

Open Source Insights

Documentation ¶

Overview ¶

Package regosql converts rego queries into SQL WHERE clauses. This is so the rego queries can be used to filter the results of a SQL query.

Index ¶

func AuditLogConverter() *sqltypes.VariableConverter
func ConvertRegoAst(cfg ConvertConfig, partial *rego.PartialQueries) (sqltypes.BooleanNode, error)
func DefaultVariableConverter() *sqltypes.VariableConverter
func NoACLConverter() *sqltypes.VariableConverter
func TemplateConverter() *sqltypes.VariableConverter
func UserConverter() *sqltypes.VariableConverter
func WorkspaceConverter() *sqltypes.VariableConverter
type ACLGroupVar
- func ACLGroupMatcher(fieldReference sqltypes.VariableMatcher, structSQL string, structPath []string) ACLGroupVar
type ConvertConfig

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AuditLogConverter ¶ added in v2.14.0

func AuditLogConverter() *sqltypes.VariableConverter

func ConvertRegoAst ¶

func ConvertRegoAst(cfg ConvertConfig, partial *rego.PartialQueries) (sqltypes.BooleanNode, error)

ConvertRegoAst converts partial rego queries into a single SQL where clause. If the query equates to "true" then the user should have access.

func DefaultVariableConverter ¶

func DefaultVariableConverter() *sqltypes.VariableConverter

func NoACLConverter ¶

func NoACLConverter() *sqltypes.VariableConverter

NoACLConverter should be used when the target SQL table does not contain group or user ACL columns.

func TemplateConverter ¶

func TemplateConverter() *sqltypes.VariableConverter

func UserConverter ¶

func UserConverter() *sqltypes.VariableConverter

func WorkspaceConverter ¶ added in v2.8.0

func WorkspaceConverter() *sqltypes.VariableConverter

Types ¶

type ACLGroupVar ¶

type ACLGroupVar struct {
	StructSQL string
	// input.object.group_acl -> ["input", "object", "group_acl"]
	StructPath []string

	// FieldReference handles referencing the subfields, which could be
	// more variables. We pass one in as the global one might not be correctly
	// scoped.
	FieldReference sqltypes.VariableMatcher

	// Instance fields
	Source    sqltypes.RegoSource
	GroupNode sqltypes.Node
}

ACLGroupVar is a variable matcher that handles group_acl and user_acl. The sql type is a jsonb object with the following structure:

"group_acl": {
 "<group_name>": ["<actions>"]
}

This is a custom variable matcher as json objects have arbitrary complexity.

func ACLGroupMatcher ¶

func ACLGroupMatcher(fieldReference sqltypes.VariableMatcher, structSQL string, structPath []string) ACLGroupVar

func (ACLGroupVar) ContainsSQL ¶

func (g ACLGroupVar) ContainsSQL(cfg *sqltypes.SQLGenerator, other sqltypes.Node) (string, error)

func (ACLGroupVar) ConvertVariable ¶

func (g ACLGroupVar) ConvertVariable(rego ast.Ref) (sqltypes.Node, bool)

func (ACLGroupVar) SQLString ¶

func (g ACLGroupVar) SQLString(cfg *sqltypes.SQLGenerator) string

func (ACLGroupVar) UseAs ¶

func (ACLGroupVar) UseAs() sqltypes.Node

type ConvertConfig ¶

type ConvertConfig struct {
	// VariableConverter is called each time a var is encountered. This creates
	// the SQL ast for the variable. Without this, the SQL generator does not
	// know how to convert rego variables into SQL columns.
	VariableConverter sqltypes.VariableMatcher
}

ConvertConfig is required to generate SQL from the rego queries.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
sqltypes Package sqltypes contains the types used to convert rego queries into SQL.	Package sqltypes contains the types used to convert rego queries into SQL.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL