farmbot_os/farmbot_celery_script/lib/farmbot_celery_script/compiler/identifier_sanitizer.ex

defmodule FarmbotCeleryScript.Compiler.IdentifierSanitizer do
  @moduledoc """
  Responsible for ensuring variable names in Sequences are clean.
  This is done because identifiers are `unquote`d and the user controls
  the data inside them. To prevent things like
  `"System.cmd("rm -rf /*/**")"` being evaluated, all identifiers
  are sanitized by prepending a token and hashing the value.
  """

  @token "unsafe_"

  @doc """
  Takes an unsafe string, and returns a safe variable name.
  """
  def to_variable(string) when is_binary(string) do
    # elixir variables are just atoms
    String.to_atom(@token <> Base.url_encode64(string, padding: false))
  end

  @doc "Takes an encoded safe variable name and returns the original unsafe string."
  def to_string(<<@token <> encoded>>) do
    Base.url_decode64!(encoded, padding: false)
  end
end
Change FarmbotCeleryScript Namespace 2019-03-05 10:14:01 -07:00			`defmodule FarmbotCeleryScript.Compiler.IdentifierSanitizer do`
Implement new CeleryScript Runtime environment. This is obviously a rather large change warranting an essay describing it. A Brief overview Basically the old implementation had quite a few down sides preventing it from really working as intended, especially with the addition of the variables feature. Here is the shortlist of things that needed addressing: * No scoping between sequences. What this essentially means is that a sequence that executes another sequence is unable to add data to the calle. This is important for using Variables. * Error recovery certain nodes have a high likelyhood of failing such as anything that interfaces the firmware. Much focus was spent ensuring that errors would be recoverable when desired. * Complexity of control flow asts versus action asts. Nodes such as `if` will always work in the same way regardless of the state of the rest of the system meaning there is no reason for it to have a special implementation per environment. on the other hand `move_absolute` is bound to a specific part of the system. Seperating these concerns allows for better testing of each piece independently. A More In Depth overview The core of this change resolves around 1 really big change resulting in many more small changes. This change is the CeleryScript `compiler`. The TLDR of this system is that now CeleryScript ASTs are deterministicly compiled to Elixir's AST and executed. Doing this has some big benifits as described below. 1) CeleryScript "runtime" environment is now much simpiler in favor of a somewhat complex "compile time" environment. Basically instead of EVERY single CeleryScript AST having a custom runtime implementation, only a subset of ASTs that require external services such as the Firmware, Database, HTTP, etc require having a runtime implementation. This subset of ASTs are called `SysCalls`. Also the runtime implementations are compiled to a single function call that can be implemented instead of needing to have a contextual environment and making decisions at runtime to evaluate variables and the like. 2) Static analysis is now possible. This means an incorrectly crafted sequence can be validated at compile time rather than getting half way through a sequence before finding the error. 3) Having the "external services" separated leads to better plugability. There is now a behaviour to be implemented for the subset of syscalls that are system specific. 2019-02-20 12:57:45 -07:00			`@moduledoc """`
			`Responsible for ensuring variable names in Sequences are clean.`
Update docs for variable sanitizer 2019-12-17 15:37:13 -07:00			This is done because identifiers are `unquote`d and the user controls
[UNSTABLE] Fix pattern matches in do_update_resource 2020-05-11 09:59:36 -06:00			`the data inside them. To prevent things like`
Update docs for variable sanitizer 2019-12-17 15:37:13 -07:00			`"System.cmd("rm -rf //*")"` being evaluated, all identifiers
			`are sanitized by prepending a token and hashing the value.`
Implement new CeleryScript Runtime environment. This is obviously a rather large change warranting an essay describing it. A Brief overview Basically the old implementation had quite a few down sides preventing it from really working as intended, especially with the addition of the variables feature. Here is the shortlist of things that needed addressing: * No scoping between sequences. What this essentially means is that a sequence that executes another sequence is unable to add data to the calle. This is important for using Variables. * Error recovery certain nodes have a high likelyhood of failing such as anything that interfaces the firmware. Much focus was spent ensuring that errors would be recoverable when desired. * Complexity of control flow asts versus action asts. Nodes such as `if` will always work in the same way regardless of the state of the rest of the system meaning there is no reason for it to have a special implementation per environment. on the other hand `move_absolute` is bound to a specific part of the system. Seperating these concerns allows for better testing of each piece independently. A More In Depth overview The core of this change resolves around 1 really big change resulting in many more small changes. This change is the CeleryScript `compiler`. The TLDR of this system is that now CeleryScript ASTs are deterministicly compiled to Elixir's AST and executed. Doing this has some big benifits as described below. 1) CeleryScript "runtime" environment is now much simpiler in favor of a somewhat complex "compile time" environment. Basically instead of EVERY single CeleryScript AST having a custom runtime implementation, only a subset of ASTs that require external services such as the Firmware, Database, HTTP, etc require having a runtime implementation. This subset of ASTs are called `SysCalls`. Also the runtime implementations are compiled to a single function call that can be implemented instead of needing to have a contextual environment and making decisions at runtime to evaluate variables and the like. 2) Static analysis is now possible. This means an incorrectly crafted sequence can be validated at compile time rather than getting half way through a sequence before finding the error. 3) Having the "external services" separated leads to better plugability. There is now a behaviour to be implemented for the subset of syscalls that are system specific. 2019-02-20 12:57:45 -07:00			`"""`

			`@token "unsafe_"`

			`@doc """`
			`Takes an unsafe string, and returns a safe variable name.`
			`"""`
			`def to_variable(string) when is_binary(string) do`
Update docs for variable sanitizer 2019-12-17 15:37:13 -07:00			`# elixir variables are just atoms`
Implement new CeleryScript Runtime environment. This is obviously a rather large change warranting an essay describing it. A Brief overview Basically the old implementation had quite a few down sides preventing it from really working as intended, especially with the addition of the variables feature. Here is the shortlist of things that needed addressing: * No scoping between sequences. What this essentially means is that a sequence that executes another sequence is unable to add data to the calle. This is important for using Variables. * Error recovery certain nodes have a high likelyhood of failing such as anything that interfaces the firmware. Much focus was spent ensuring that errors would be recoverable when desired. * Complexity of control flow asts versus action asts. Nodes such as `if` will always work in the same way regardless of the state of the rest of the system meaning there is no reason for it to have a special implementation per environment. on the other hand `move_absolute` is bound to a specific part of the system. Seperating these concerns allows for better testing of each piece independently. A More In Depth overview The core of this change resolves around 1 really big change resulting in many more small changes. This change is the CeleryScript `compiler`. The TLDR of this system is that now CeleryScript ASTs are deterministicly compiled to Elixir's AST and executed. Doing this has some big benifits as described below. 1) CeleryScript "runtime" environment is now much simpiler in favor of a somewhat complex "compile time" environment. Basically instead of EVERY single CeleryScript AST having a custom runtime implementation, only a subset of ASTs that require external services such as the Firmware, Database, HTTP, etc require having a runtime implementation. This subset of ASTs are called `SysCalls`. Also the runtime implementations are compiled to a single function call that can be implemented instead of needing to have a contextual environment and making decisions at runtime to evaluate variables and the like. 2) Static analysis is now possible. This means an incorrectly crafted sequence can be validated at compile time rather than getting half way through a sequence before finding the error. 3) Having the "external services" separated leads to better plugability. There is now a behaviour to be implemented for the subset of syscalls that are system specific. 2019-02-20 12:57:45 -07:00			`String.to_atom(@token <> Base.url_encode64(string, padding: false))`
			`end`

			`@doc "Takes an encoded safe variable name and returns the original unsafe string."`
			`def to_string(<<@token <> encoded>>) do`
			`Base.url_decode64!(encoded, padding: false)`
			`end`
			`end`