m

ajewellamz · ajewellamz · commit 468682b37509 · 2025-08-13T10:13:36.000-04:00
diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryption/src/FilterExpr.dfy b/DynamoDbEncryption/dafny/DynamoDbEncryption/src/FilterExpr.dfy
@@ -1832,51 +1832,42 @@ module DynamoDBFilterExpr {
   // old_context : filterExpr = "(X = :x)" values = {":x" := "aaa"}
   // new_context : filterExpr = "X = :x" values = {":x" := "bbb"}
   // output : filterExpr = "(X = :x) OR (X = :xAA)" values = {":x" := "aaa", "xAA" := "bbb"}
-  method AddContext(old_context : ExprContext, new_context : ExprContext) returns (output : Result<ExprContext, Error>)
+  method AddContext(old_values : DDB.ExpressionAttributeValueMap, new_filter : string, new_values : DDB.ExpressionAttributeValueMap)
+    returns (output : Result<(string, DDB.ExpressionAttributeValueMap), Error>)
   {
-    if old_context.filterExpr.None? || new_context.filterExpr.None? || old_context.values.None? || new_context.values.None? || new_context.values == old_context.values {
-      return Success(old_context);
-    }
-    var new_values := SortedSets.ComputeSetToSequence(new_context.values.value.Keys);
-    SequenceIsSafeBecauseItIsInMemory(new_values);
+    var new_value_keys := SortedSets.ComputeSetToSequence(new_values.Keys);
+    SequenceIsSafeBecauseItIsInMemory(new_value_keys);
     var allUnchanged := true;
-    for i : uint64 := 0 to |new_values| as uint64
+    for i : uint64 := 0 to |new_value_keys| as uint64
     {
-      if new_values[i] !in old_context.values.value {
+      if new_value_keys[i] !in old_values {
         allUnchanged := false;
         break;
       }
-      if new_context.values.value[new_values[i]] != old_context.values.value[new_values[i]] {
+      if new_values[new_value_keys[i]] != old_values[new_value_keys[i]] {
         allUnchanged := false;
         break;
       }
     }
     if allUnchanged {
-      return Success(old_context);
+      return Success((new_filter, old_values));
     }
 
-    var result_values := old_context.values.value;
-    var result_filter := new_context.filterExpr.value;
-    for i : uint64 := 0 to |new_values| as uint64
+    var result_values := old_values;
+    var result_filter := new_filter;
+    for i : uint64 := 0 to |new_value_keys| as uint64
     {
-      var key := new_values[i];
-      if key in old_context.values.value && new_context.values.value[key] != old_context.values.value[key] {
-        if old_context.keyExpr.Some? {
-          var keyInIndex := String.HasSubString(old_context.keyExpr.value, key);
-          if keyInIndex.Some? {
-            return Failure(E("The value " + key + " is referenced by both the KeyConditionExpression and the FilterExpression, which is not allowed."));
-          }
-        }
+      var key := new_value_keys[i];
+      if key in old_values && new_values[key] != old_values[key] {
         if 0 == |key| {
           return Failure(E("Unexpected zero length key in ExpressionAttributeValueMap"));
         }
-        var new_key :- MakeNewName(key, result_values, new_context.values.value[key]);
-        result_values := result_values[new_key := new_context.values.value[key]];
-        result_filter := String.SearchAndReplaceAll(result_filter, key, new_key);
+        var new_key :- MakeNewName(key, result_values, new_values[key]);
+        result_values := result_values[new_key := new_values[key]];
+        result_filter := String.SearchAndReplaceAllNot(result_filter, key, new_key, String.AlphaNumericUnder);
       }
     }
-    result_filter := old_context.filterExpr.value + " OR (" + result_filter + ")";
-    return Success(old_context.(filterExpr := Some(result_filter), values := Some(result_values)));
+    return Success((result_filter, result_values));
   }
 
   // Call Beaconize, possibly multiple times if fewer queries than buckets
@@ -1894,28 +1885,52 @@ module DynamoDBFilterExpr {
     ensures b.ValidState()
     modifies b.Modifies()
   {
-    if queries == b.numBuckets || (b.numBuckets - bucket) <= queries || context.filterExpr.None? {
+    if queries == b.numBuckets || (b.numBuckets - bucket) <= queries || context.filterExpr.None? || context.values.None? {
       output := Beaconize(b, context, keyId, bucket);
     } else {
       var curr_bucket : BucketNumber := bucket;
-      var tmpOutput : ExprContext := context;
+      var exprs : seq<string> := [];
+      var values : DDB.ExpressionAttributeValueMap := map[];
+      var keyExpr : Option<DDB.KeyExpression> := None;
+      var names : Option<DDB.ExpressionAttributeNameMap> := None;
+
       while curr_bucket < b.numBuckets
         invariant b.ValidState()
+        invariant curr_bucket == bucket || 0 < |exprs|
       {
         var localOut :- Beaconize(b, context, keyId, curr_bucket);
         if curr_bucket == bucket {
-          var old_filter := localOut.filterExpr.UnwrapOr("");
-          tmpOutput := localOut.(filterExpr := Some("(" + old_filter + ")"));
+          exprs := [localOut.filterExpr.UnwrapOr("")];
+          values := localOut.values.UnwrapOr(map[]);
+          keyExpr := localOut.keyExpr;
+          names := localOut.names;
         } else {
-          tmpOutput :- AddContext(tmpOutput, localOut);
+          var tmpOutput :- AddContext(values, localOut.filterExpr.UnwrapOr(""), localOut.values.UnwrapOr(map[]));
+          var (expr, value) := tmpOutput;
+          if expr !in exprs {
+            exprs := exprs + [expr];
+          }
+          values := value;
         }
         if (b.numBuckets - curr_bucket) <= queries {
           break;
         } else {
           curr_bucket := curr_bucket + queries;
         }
       }
-      return Success(tmpOutput);
+      var result_filter : string;
+      SequenceIsSafeBecauseItIsInMemory(exprs);
+      var exprs_size : uint64 := |exprs| as uint64;
+      assert 0 < exprs_size;
+      if exprs_size == 1 {
+        result_filter := exprs[0];
+      } else {
+        result_filter := "(" + exprs[0] + ")";
+        for i := 1 to exprs_size {
+          result_filter := result_filter + " OR (" + exprs[i] + ")";
+        }
+      }
+      return Success(ExprContext(keyExpr, Some(result_filter), Some(values), names));
     }
   }
 
diff --git a/TestVectors/dafny/DDBEncryption/src/TestVectors.dfy b/TestVectors/dafny/DDBEncryption/src/TestVectors.dfy
@@ -633,32 +633,38 @@ module {:options "-functionSyntax:4"} DdbEncryptionTestVectors {
     method BucketTests()
     {
       print "BucketTests\n";
-      // BucketTest3(); Not doing anything yet
+      BucketTest3();
       BucketTest1();
       BucketTest2();
     }
 
-    // method PrintScanTrans(trans : DynamoDbEncryptionTransforms.DynamoDbEncryptionTransformsClient, q : DDB.ScanInput)
-    //   requires trans.ValidState()
-    //   ensures trans.ValidState()
-    //   modifies trans.Modifies
-    // {
-    //   var input := Trans.ScanInputTransformInput(sdkInput := q);
-    //   var res :- expect trans.ScanInputTransform(input);
-    //   print "\nScanInputTransform\n", q, "\n", res.transformedInput, "\n";
-    // }
-
-    // method BucketTest3()
-    // {
-    //   expect "bucket_encrypt" in largeEncryptionConfigs;
-    //   var config := largeEncryptionConfigs["bucket_encrypt"];
-    //   var configs := Types.DynamoDbTablesEncryptionConfig (tableEncryptionConfigs := map[TableName := config.config]);
-    //   assume {:axiom} false;
-    //   var trans :- expect DynamoDbEncryptionTransforms.DynamoDbEncryptionTransforms(configs);
-
-    //   PrintScanTrans(trans, GetBucketScan2("Attr2", "Attr3"));
-    //   PrintScanTrans(trans, GetBucketScan2("Attr3", "Attr2"));
-    // }
+    method TestScanTrans(trans : DynamoDbEncryptionTransforms.DynamoDbEncryptionTransformsClient, q : DDB.ScanInput, expected : string)
+      requires trans.ValidState()
+      ensures trans.ValidState()
+      modifies trans.Modifies
+    {
+      var input := Trans.ScanInputTransformInput(sdkInput := q);
+      var res :- expect trans.ScanInputTransform(input);
+      if res.transformedInput.FilterExpression != Some(expected) {
+        print "Transform should have been\n", expected, "\nbut was\n", res.transformedInput.FilterExpression, "\n";
+      }
+    }
+
+    method BucketTest3()
+    {
+      expect "bucket_encrypt" in largeEncryptionConfigs;
+      var config := largeEncryptionConfigs["bucket_encrypt"];
+      var configs := Types.DynamoDbTablesEncryptionConfig (tableEncryptionConfigs := map[TableName := config.config]);
+      assume {:axiom} false;
+      var trans :- expect DynamoDbEncryptionTransforms.DynamoDbEncryptionTransforms(configs);
+
+      TestScanTrans(trans, GetBucketScan1(5), "Attr6 = :attr6");
+      TestScanTrans(trans, GetBucketScan1(1), "(aws_dbe_b_Attr2 = :attr2) OR (aws_dbe_b_Attr2 = :attr2AA)");
+      TestScanTrans(trans, GetBucketScan2(5, 1), "(Attr6 = :attr6 AND aws_dbe_b_Attr2 = :attr2) OR (Attr6 = :attr6 AND aws_dbe_b_Attr2 = :attr2AA)");
+      TestScanTrans(trans, GetBucketScan2(2, 3), "(aws_dbe_b_Attr3 = :attr3 AND aws_dbe_b_Attr4 = :attr4) OR (aws_dbe_b_Attr3 = :attr3AA AND aws_dbe_b_Attr4 = :attr4AA) OR (aws_dbe_b_Attr3 = :attr3AB AND aws_dbe_b_Attr4 = :attr4AB) OR (aws_dbe_b_Attr3 = :attr3 AND aws_dbe_b_Attr4 = :attr4AC) OR (aws_dbe_b_Attr3 = :attr3AA AND aws_dbe_b_Attr4 = :attr4)");
+      TestScanTrans(trans, GetBucketScan3(1, 2, 3), "(aws_dbe_b_Attr2 = :attr2 AND aws_dbe_b_Attr3 = :attr3 AND aws_dbe_b_Attr4 = :attr4) OR (aws_dbe_b_Attr2 = :attr2AA AND aws_dbe_b_Attr3 = :attr3AA AND aws_dbe_b_Attr4 = :attr4AA) OR (aws_dbe_b_Attr2 = :attr2 AND aws_dbe_b_Attr3 = :attr3AB AND aws_dbe_b_Attr4 = :attr4AB) OR (aws_dbe_b_Attr2 = :attr2AA AND aws_dbe_b_Attr3 = :attr3 AND aws_dbe_b_Attr4 = :attr4AC) OR (aws_dbe_b_Attr2 = :attr2 AND aws_dbe_b_Attr3 = :attr3AA AND aws_dbe_b_Attr4 = :attr4)");
+    }
+
     // Fill table with 100 records. Different RecNum, same data otherwise
     // Make a variety of bucketed queries. Ensure that
     // 1) Every item is returned exactly once
@@ -693,24 +699,17 @@ module {:options "-functionSyntax:4"} DdbEncryptionTestVectors {
       TestBucketQueries(rClient, 3, GetBucketQuery35F(), "bucket query 35F", false);
       TestBucketQueries(rClient, 4, GetBucketQuery45F(), "bucket query 45F", false);
 
-      var scanCount1 := 0;
-      var scanCount2 := 0;
-      var scanCount3 := 0;
       var scanCount4 := 0;
       var scanCount5 := 0;
-      var scanCount6 := 2;
       TestBucketScan(rClient, GetBucketScan6(0,1,2,3,4,5));
       TestBucketScan(rClient, GetBucketScan6(5,4,3,2,1,0));
       for i := 0 to 6 {
-        scanCount1 := scanCount1 + 1;
         TestBucketScan(rClient, GetBucketScan1(i));
         for j := 0 to 6 {
           if i != j {
-            scanCount2 := scanCount2 + 1;
             TestBucketScan(rClient, GetBucketScan2(i, j));
             for k := 0 to 6 {
               if i != k && j != k {
-                scanCount3 := scanCount3 + 1;
                 TestBucketScan(rClient, GetBucketScan3(i, j, k));
               }
               for l := 0 to 6 {
@@ -733,7 +732,6 @@ module {:options "-functionSyntax:4"} DdbEncryptionTestVectors {
           }
         }
       }
-      print "Full Bucket Scan Tests : ", scanCount1, " ",  scanCount2, " ",  scanCount3, " ",  scanCount4, " ",  scanCount5, " ", scanCount6, "\n";
     }
 
     // As BucketTest1, but with custom bucket selector
