we don't allow unresolved xlats

it helps to return errors when there are error cases.

Disallow "foo." for list existence.  Arguably "foo.[*]" is better.
the xlat condition / expression parser already replaces a bare
existence check with a %exists() wrapper.  So the run-time code
doesn't need to expand the entire thing.

diff --git a/src/lib/unlang/compile.c b/src/lib/unlang/compile.c
index 185d56a173f507da2d7be60c377468c0cccf7e53..4bb99e6ffde90c3aa6bb1f7a458e4187e96a3197 100644 (file)
--- a/src/lib/unlang/compile.c
+++ b/src/lib/unlang/compile.c
@@ -3554,8 +3554,9 @@ static unlang_t *compile_if_subsection(unlang_t *parent, unlang_compile_t *unlan
                        .attr = {
                                .dict_def = xr_rules.tr_rules->dict_def,
                                .list_def = request_attr_request,
-                               .allow_unresolved = true,
-                               .allow_unknown = true,
+                               .allow_unresolved = false,
+                               .allow_unknown = false,
+                               .allow_wildcard = true,
                        },
                        .literals_safe_for = unlang_ctx->rules->literals_safe_for,
                };
@@ -3584,6 +3585,8 @@ static unlang_t *compile_if_subsection(unlang_t *parent, unlang_compile_t *unlan
                        return NULL;
                }
 
+               fr_assert(!xlat_needs_resolving(head));
+
                is_truthy = xlat_is_truthy(head, &value);
 
                /*

diff --git a/src/lib/unlang/xlat_tokenize.c b/src/lib/unlang/xlat_tokenize.c
index e5b6cd1ce655ef163ae373523b752274998e09da..ed099b02532d6336e0b08f0bf5a0e49334256e94 100644 (file)
--- a/src/lib/unlang/xlat_tokenize.c
+++ b/src/lib/unlang/xlat_tokenize.c
@@ -1950,6 +1950,7 @@ int xlat_resolve(xlat_exp_head_t *head, xlat_res_rules_t const *xr_rules)
                                fr_strerror_printf_push("Failed resolving attribute: %c%s%c",
                                                        fr_token_quote[node->quote], node->fmt, fr_token_quote[node->quote]);
                        }
+                       return -1;
                }
 
                xlat_flags_merge(&our_flags, &node->flags);
@@ -1957,6 +1958,8 @@ int xlat_resolve(xlat_exp_head_t *head, xlat_res_rules_t const *xr_rules)
 
        head->flags = our_flags;
 
+       fr_assert(!head->flags.needs_resolving);
+
        return 0;
 }
 

diff --git a/src/tests/keywords/list-existence b/src/tests/keywords/list-existence
index 57c36d8d817a14f44f1f72a0396943f839cac225..309abade2a6e9c4d2ef26648345503f11e4ff094 100644 (file)
--- a/src/tests/keywords/list-existence
+++ b/src/tests/keywords/list-existence
@@ -1,24 +1,12 @@
 #
 #  List existence checks are "is the list empty" checks.
 #
-if (session-state.) {
-       test_fail
-}
-
 if (session-state.[*]) {
        test_fail
 }
 
-if (session-state.) {
-       test_fail
-}
-
 session-state.User-Name := 'foo'
 
-if (!session-state.) {
-       test_fail
-}
-
 if (!session-state.[*]) {
        test_fail
 }