feat: Fail if standard beacon used with not equal (#198)

ajewellamz · web-flow · commit a5e943df9e41 · 2023-05-18T20:53:29.000-04:00
diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryption/src/FilterExpr.dfy b/DynamoDbEncryption/dafny/DynamoDbEncryption/src/FilterExpr.dfy
@@ -244,7 +244,7 @@ module DynamoDBFilterExpr {
     ensures ret.Success? ==> ret.value
   {
     match op {
-      case Lt | Gt | Le | Ge | Between | BeginsWith | Contains =>
+      case Ne | Lt | Gt | Le | Ge | Between | BeginsWith | Contains =>
         Failure(E("The operation '" + TokenToString(op) + "' cannot be used with a standard beacon."))
       case _ => Success(true)
     }
diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryption/test/FilterExpr.dfy b/DynamoDbEncryption/dafny/DynamoDbEncryption/test/FilterExpr.dfy
@@ -95,7 +95,7 @@ module TestDynamoDBFilterExpr {
   method {:test} TestBasicParse() {
     var context := ExprContext (
       None,
-      Some("std2 <> :A AND #Field4 = :B"),
+      Some("std2 = :A AND #Field4 = :B"),
       Some(map[
              ":A" := DDB.AttributeValue.N("1.23"),
              ":B" := DDB.AttributeValue.S("abc")
@@ -117,13 +117,13 @@ module TestDynamoDBFilterExpr {
 
     var newContext :- expect BeaconizeParsedExpr(beaconVersion, parsed, 0, context.values.value, context.names, DontUseKeys, map[]);
     var exprString := ParsedExprToString(newContext.expr);
-    expect exprString == "aws_dbe_b_std2 <> :A AND #Field4 = :B";
+    expect exprString == "aws_dbe_b_std2 = :A AND #Field4 = :B";
   }
 
     method {:test} TestNoBeaconFail() {
     var context := ExprContext (
       None,
-      Some("std2 <> :A AND #Field4 = :B"),
+      Some("std2 = :A AND #Field4 = :B"),
       Some(map[
              ":A" := DDB.AttributeValue.N("1.23"),
              ":B" := DDB.AttributeValue.S("abc")
@@ -150,15 +150,15 @@ module TestDynamoDBFilterExpr {
     var badBeacon := TestBeaconize(FullTableConfig.attributeActions, None, Some("std2 <> :A AND #Field4 = :B"), None);
     expect badBeacon.Failure?;
     expect badBeacon.error == E("Query is using encrypted field : std2.");
-    badBeacon := TestBeaconize(FullTableConfig.attributeActions, Some("std2 <> :A AND #Field4 = :B"), None, None);
+    badBeacon := TestBeaconize(FullTableConfig.attributeActions, Some("std2 = :A AND #Field4 = :B"), None, None);
     expect badBeacon.Failure?;
     expect badBeacon.error == E("Query is using encrypted field : std2.");
   }
 
   method {:test} {:vcs_split_on_every_assert} TestBasicBeacons() {
     var context := ExprContext (
       None,
-      Some("std2 <> :A AND #Field4 = :B"),
+      Some("std2 = :A AND #Field4 = :B"),
       Some(map[
              ":A" := Std2String,
              ":B" := Std4String
@@ -171,7 +171,7 @@ module TestDynamoDBFilterExpr {
     var src := GetLiteralSource([1,2,3,4,5], version);
     var beaconVersion :- expect ConvertVersionWithSource(FullTableConfig, version, src);
     var newContext :- expect Beaconize(beaconVersion, context, DontUseKeyId);
-    expect_equal(newContext.filterExpr, Some("aws_dbe_b_std2 <> :A AND #Field4 = :B"));
+    expect_equal(newContext.filterExpr, Some("aws_dbe_b_std2 = :A AND #Field4 = :B"));
     var newName := "aws_dbe_b_std4";
     expect IsValid_AttributeName(newName);
     var expectedNames: DDB.ExpressionAttributeNameMap := map["#Field4" := newName];
@@ -581,6 +581,34 @@ module TestDynamoDBFilterExpr {
     expect newItems.error == E("To use BETWEEN with a compound beacon, the part after any common prefix must be LessThanComparable : BETWEEN T_ATitle AND T_MyTitle");
   }
 
+  method {:test} TestBadStandard() {
+
+    var values : DDB.ExpressionAttributeValueMap := map [
+      ":val" := DS("foo")
+    ];
+
+    var version := GetLotsaBeacons();
+    var src := GetLiteralSource([1,2,3,4,5], version);
+    var bv :- expect ConvertVersionWithSource(FullTableConfig, version, src);
+    var newItems := FilterResults(bv, [SimpleItem], None, Some("std2 = :val"), None, Some(values));
+    expect newItems.Success?;
+    newItems := FilterResults(bv, [SimpleItem], None, Some("std2 <> :val"), None, Some(values));
+    expect newItems.Failure?;
+    expect newItems.error == E("The operation '<>' cannot be used with a standard beacon.");
+    newItems := FilterResults(bv, [SimpleItem], None, Some("std2 < :val"), None, Some(values));
+    expect newItems.Failure?;
+    expect newItems.error == E("The operation '<' cannot be used with a standard beacon.");
+    newItems := FilterResults(bv, [SimpleItem], None, Some("std2 > :val"), None, Some(values));
+    expect newItems.Failure?;
+    expect newItems.error == E("The operation '>' cannot be used with a standard beacon.");
+    newItems := FilterResults(bv, [SimpleItem], None, Some("std2 <= :val"), None, Some(values));
+    expect newItems.Failure?;
+    expect newItems.error == E("The operation '<=' cannot be used with a standard beacon.");
+    newItems := FilterResults(bv, [SimpleItem], None, Some("std2 >= :val"), None, Some(values));
+    expect newItems.Failure?;
+    expect newItems.error == E("The operation '>=' cannot be used with a standard beacon.");
+  }
+
   method {:test} TestComparisons() {
 
     var values : DDB.ExpressionAttributeValueMap := map [

Original file line number	Diff line number	Diff line change
`@@ -244,7 +244,7 @@ module DynamoDBFilterExpr {`
`244`	`244`	`ensures ret.Success? ==> ret.value`
`245`	`245`	`{`
`246`	`246`	`match op {`
`247`		`- case Lt \| Gt \| Le \| Ge \| Between \| BeginsWith \| Contains =>`
	`247`	`+ case Ne \| Lt \| Gt \| Le \| Ge \| Between \| BeginsWith \| Contains =>`
`248`	`248`	`Failure(E("The operation '" + TokenToString(op) + "' cannot be used with a standard beacon."))`
`249`	`249`	`case _ => Success(true)`
`250`	`250`	`}`