From 45f26888bef3f99eee5f94e2d5bda41ec63192a4 Mon Sep 17 00:00:00 2001 From: Vladimir Dronnikov Date: Tue, 12 Mar 2024 06:08:50 +0300 Subject: [PATCH] =?UTF-8?q?increase=20severity=20for=20"{:=3F}=20!?= =?UTF-8?q?=E2=8A=86=20allowed:=20{:=3F}"=20(#2648)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Firstyear --- server/lib/src/server/access/create.rs | 4 ++-- server/lib/src/server/access/mod.rs | 24 ++++++++++++------------ 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/server/lib/src/server/access/create.rs b/server/lib/src/server/access/create.rs index 627a52823..892358ce6 100644 --- a/server/lib/src/server/access/create.rs +++ b/server/lib/src/server/access/create.rs @@ -140,8 +140,8 @@ fn create_filter_entry<'a>( let allowed_classes: BTreeSet<&str> = accr.acp.classes.iter().map(|s| s.as_str()).collect(); if !create_attrs.is_subset(&allowed_attrs) { - security_access!("create_attrs is not a subset of allowed"); - security_access!("create: {:?} !⊆ allowed: {:?}", create_attrs, allowed_attrs); + security_error!("create_attrs is not a subset of allowed"); + security_error!("create: {:?} !⊆ allowed: {:?}", create_attrs, allowed_attrs); false } else if !create_classes.is_subset(&allowed_classes) { security_error!("create_classes is not a subset of allowed"); diff --git a/server/lib/src/server/access/mod.rs b/server/lib/src/server/access/mod.rs index 9275cb3e1..96caf2838 100644 --- a/server/lib/src/server/access/mod.rs +++ b/server/lib/src/server/access/mod.rs @@ -484,24 +484,24 @@ pub trait AccessControlsTransaction<'a> { ModifyResult::Grant => true, ModifyResult::Allow { pres, rem, cls } => { if !requested_pres.is_subset(&pres) { - security_access!("requested_pres is not a subset of allowed"); - security_access!( + security_error!("requested_pres is not a subset of allowed"); + security_error!( "requested_pres: {:?} !⊆ allowed: {:?}", requested_pres, pres ); false } else if !requested_rem.is_subset(&rem) { - security_access!("requested_rem is not a subset of allowed"); - security_access!( + security_error!("requested_rem is not a subset of allowed"); + security_error!( "requested_rem: {:?} !⊆ allowed: {:?}", requested_rem, rem ); false } else if !requested_classes.is_subset(&cls) { - security_access!("requested_classes is not a subset of allowed"); - security_access!( + security_error!("requested_classes is not a subset of allowed"); + security_error!( "requested_classes: {:?} !⊆ allowed: {:?}", requested_classes, cls @@ -617,24 +617,24 @@ pub trait AccessControlsTransaction<'a> { ModifyResult::Grant => true, ModifyResult::Allow { pres, rem, cls } => { if !requested_pres.is_subset(&pres) { - security_access!("requested_pres is not a subset of allowed"); - security_access!( + security_error!("requested_pres is not a subset of allowed"); + security_error!( "requested_pres: {:?} !⊆ allowed: {:?}", requested_pres, pres ); false } else if !requested_rem.is_subset(&rem) { - security_access!("requested_rem is not a subset of allowed"); - security_access!( + security_error!("requested_rem is not a subset of allowed"); + security_error!( "requested_rem: {:?} !⊆ allowed: {:?}", requested_rem, rem ); false } else if !requested_classes.is_subset(&cls) { - security_access!("requested_classes is not a subset of allowed"); - security_access!( + security_error!("requested_classes is not a subset of allowed"); + security_error!( "requested_classes: {:?} !⊆ allowed: {:?}", requested_classes, cls