Native OCaml Rego/OPA policy engine
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

ocaml-rego: range-check time arguments

OPA time.* builtins use int64-ns timestamps. Values outside the
int64 range now raise [time: timestamp too big] in strict mode
instead of silently overflowing through Unix.gmtime.

+13 -2
+13 -2
lib/eval.ml
··· 737 737 {!Unix.gmtime} for calendar math and a small named-zone table for the 738 738 explicit-timezone overloads (the full IANA database isn't bundled). *) 739 739 740 + (** Min / max nanosecond timestamps OPA accepts: the int64 range. *) 741 + let int64_min_ns = -9.223372036854776e18 742 + 743 + let int64_max_ns = 9.223372036854776e18 744 + 740 745 let parse_time_arg = function 741 - | Value.Number n -> (n, "UTC") 742 - | Value.Array [ Value.Number n; Value.String tz ] -> (n, tz) 746 + | Value.Number n -> 747 + if n < int64_min_ns || n > int64_max_ns then 748 + raise (Eval_error "time: timestamp too big"); 749 + (n, "UTC") 750 + | Value.Array [ Value.Number n; Value.String tz ] -> 751 + if n < int64_min_ns || n > int64_max_ns then 752 + raise (Eval_error "time: timestamp too big"); 753 + (n, tz) 743 754 | _ -> raise (Eval_error "time: invalid timestamp argument") 744 755 745 756 (** Days-of-week as Go's time package returns them. Sunday = 0. *)