cedar-policy · khieta · Jul 9, 2024 · Jul 5, 2024 · Jul 5, 2024 · Jul 9, 2024
diff --git a/cedar-policy/CHANGELOG.md b/cedar-policy/CHANGELOG.md
@@ -22,7 +22,7 @@ Cedar Language Version: 4.0
 
 ### Changed
 
-- The API around `Request::new` has changed to remove the `Option`s 
+- The API around `Request::new` has changed to remove the `Option`s
   around the entity type arguments.
 - Significantly reworked all public-facing error types to address some issues
   and improve consistency. See issue #745.
@@ -35,6 +35,7 @@ Cedar Language Version: 4.0
 - Changed JSON schema parser so that `Set`, `Entity`, `Record`, and `Extension`
   can be common type names; updated the error message when common type names
   conflict with built-in primitive type names (#974, partially resolving #973)
+- Changed FFI to error on typos or unexpected fields in the input JSON.
 
 ### Removed
 

diff --git a/cedar-policy/src/ffi/is_authorized.rs b/cedar-policy/src/ffi/is_authorized.rs
@@ -460,6 +460,7 @@ pub enum PartialAuthorizationAnswer {
 #[cfg_attr(feature = "wasm", derive(tsify::Tsify))]
 #[cfg_attr(feature = "wasm", tsify(into_wasm_abi, from_wasm_abi))]
 #[serde(rename_all = "camelCase")]
+#[serde(deny_unknown_fields)]
 pub struct AuthorizationCall {
     /// The principal taking action
     principal: EntityUid,
@@ -766,6 +767,7 @@ impl From<Links> for Vec<Link> {
 #[cfg_attr(feature = "wasm", derive(tsify::Tsify))]
 #[cfg_attr(feature = "wasm", tsify(into_wasm_abi, from_wasm_abi))]
 #[serde(rename_all = "camelCase")]
+#[serde(deny_unknown_fields)]
 struct RecvdSlice {
     policies: PolicySet,
     /// JSON object containing the entities data, in "natural JSON" form -- same

diff --git a/cedar-policy/src/ffi/mod.rs b/cedar-policy/src/ffi/mod.rs
@@ -22,3 +22,4 @@ mod utils;
 pub use utils::*;
 mod validate;
 pub use validate::*;
+mod tests;
diff --git a/cedar-policy/src/ffi/tests.rs b/cedar-policy/src/ffi/tests.rs
@@ -0,0 +1,90 @@
+#[cfg(test)]
+mod ffi_tests {
+    use crate::ffi::{is_authorized_json, validate_json};
+    use cool_asserts::assert_matches;
+
+    #[test]
+    fn test_fail_unknown_field_policy_slice() {
+        let json = serde_json::json!({
+            "principal": {
+             "type": "User",
+             "id": "alice"
+            },
+            "action": {
+             "type": "Photo",
+             "id": "view"
+            },
+            "resource": {
+             "type": "Photo",
+             "id": "door"
+            },
+            "context": {},
+            "slice": {
+             "policies": {},
+             "templatePolicies": {},
+             "entities": []
+            }
+        });
+
+        assert_matches!(is_authorized_json(json), Err(e) => {
+            assert!(e.to_string().contains("expected one of"));
+        });
+    }
+
+    #[test]
+    fn test_fail_unknown_field_request() {
+        let json = serde_json::json!({
+            "principal": {
+             "type": "User",
+             "id": "alice"
+            },
+            "action": {
+             "type": "Photo",
+             "id": "view"
+            },
+            "resource": {
+             "type": "Photo",
+             "id": "door"
+            },
+            "context": {},
+            "slice": {
+             "policies": {},
+             "entities": []
+            },
+            "enableRequestValidation": "foo",
+        });
+
+        assert_matches!(is_authorized_json(json), Err(e) => {
+            assert!(e.to_string().contains("expected one of"));
+        });
+    }
+
+    #[test]
+    fn test_fail_unknown_field_validation() {
+        let json = serde_json::json!({
+          "schema": { "json": { "": {
+            "entityTypes": {
+              "User": {
+                "memberOfTypes": [ ]
+              },
+              "Photo": {
+                "memberOfTypes": [ ]
+              }
+            },
+            "actions": {
+              "viewPhoto": {
+                "appliesTo": {
+                  "resourceTypes": [ "Photo" ],
+                  "principalTypes": [ "User" ]
+                }
+              }
+            }
+          }}},
+          "Policies": "forbid(principal, action, resource);permit(principal == Photo::\"photo.jpg\", action == Action::\"viewPhoto\", resource == User::\"alice\");"
+        });
+
+        assert_matches!(validate_json(json), Err(e) => {
+            assert!(e.to_string().contains("expected one of"));
+        });
+    }
+}
diff --git a/cedar-policy/src/ffi/validate.rs b/cedar-policy/src/ffi/validate.rs
@@ -104,6 +104,7 @@ pub fn validate_json_str(json: &str) -> Result<String, serde_json::Error> {
 #[cfg_attr(feature = "wasm", derive(tsify::Tsify))]
 #[cfg_attr(feature = "wasm", tsify(into_wasm_abi, from_wasm_abi))]
 #[serde(rename_all = "camelCase")]
+#[serde(deny_unknown_fields)]
 pub struct ValidationCall {
     /// Validation settings
     #[serde(default)]
@@ -154,6 +155,7 @@ impl ValidationCall {
 #[cfg_attr(feature = "wasm", derive(tsify::Tsify))]
 #[cfg_attr(feature = "wasm", tsify(into_wasm_abi, from_wasm_abi))]
 #[serde(rename_all = "camelCase")]
+#[serde(deny_unknown_fields)]
 pub struct ValidationSettings {
     /// Whether validation is enabled. If this flag is set to `false`, then
     /// only parsing is performed. The default value is `true`.