An app could request capabilities like
/pub/example.com/:rw
/pub/example.com/contacts:w
In this case, /pub/example.com/contacts:w is fully covered by /pub/example.com/:rw . Ideally our Capabilities builder and validator should clean up and sanitise this case.
After the fix, these tests should be satisfied.
#[test]
fn redundant_capabilities_builder_dedup() {
let caps = Capabilities::builder()
.rw("/pub/example.com/")
.rw("/pub/example.com/") // Same capability twice
.write("/pub/example.com/subfolder") // Unnecessary capability, already covered by `/pub/example.com/`
.finish();
assert_eq!(caps.to_string(), "/pub/example.com:rw");
}
#[test]
fn redundant_caps_string_dedup() {
// Repeated capability and unnecessary capability subfolder on the str to parse
let parsed = Capabilities::try_from("/pub/example.com/:rw,/pub/example.com/:rw,/pub/example.com/subfolder:w").unwrap();
let caps = Capabilities::builder()
.rw("/pub/example.com/")
.finish();
assert_eq!(caps.to_string(), "/pub/example.com:rw");
assert_eq!(parsed.to_string(), caps.to_string());
}
An app could request capabilities like
In this case,
/pub/example.com/contacts:wis fully covered by/pub/example.com/:rw. Ideally ourCapabilitiesbuilder and validator should clean up and sanitise this case.After the fix, these tests should be satisfied.