Skip to content

Commit fd828aa

Browse files
josephschorrjosephschorr
committed
Change the regexes in the experimental API to prefix matches
It is less powerful but removes a potential DOS vector
1 parent 8e9616c commit fd828aa

1 file changed

Lines changed: 10 additions & 10 deletions

File tree

authzed/api/v1/experimental_service.proto

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -209,17 +209,17 @@ message ExperimentalReflectSchemaResponse {
209209

210210
// ExpSchemaFilter is a filter that can be applied to the schema on reflection.
211211
message ExpSchemaFilter {
212-
// optional_definition_name_match is a regex that is matched against the definition name.
213-
string optional_definition_name_match = 1;
212+
// optional_definition_name_filter is a prefix that is matched against the definition name.
213+
string optional_definition_name_filter = 1;
214214

215-
// optional_caveat_name_match is a regex that is matched against the caveat name.
216-
string optional_caveat_name_match = 2;
215+
// optional_caveat_name_filter is a prefix that is matched against the caveat name.
216+
string optional_caveat_name_filter = 2;
217217

218-
// optional_relation_name_match is a regex that is matched against the relation name.
219-
string optional_relation_name_match = 3;
218+
// optional_relation_name_filter is a prefix that is matched against the relation name.
219+
string optional_relation_name_filter = 3;
220220

221-
// optional_permission_name_match is a regex that is matched against the permission name.
222-
string optional_permission_name_match = 4;
221+
// optional_permission_name_filter is a prefix that is matched against the permission name.
222+
string optional_permission_name_filter = 4;
223223
}
224224

225225
// ExpDefinition is the representation of a definition in the schema.
@@ -298,10 +298,10 @@ message ExperimentalComputablePermissionsRequest {
298298
Consistency consistency = 1;
299299
repeated ExpRelationReference relations = 2;
300300

301-
// optional_definition_name_match is a regex that is matched against the definition name(s)
301+
// optional_definition_name_match is a prefix that is matched against the definition name(s)
302302
// for the permissions returned.
303303
// If not specified, will be ignored.
304-
string optional_definition_name_match = 3;
304+
string optional_definition_name_filter = 3;
305305
}
306306

307307
// ExpRelationReference is a reference to a relation in the schema.

0 commit comments

Comments
 (0)