You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@mih-kopylov if you are using *, you should use keyMatch instead of keyMatch3. Using an inappropriate function will cause unexpected behavior. This is because the policy rules are not expected to become part of the penetration test against Casbin. The policy rules are totally trusted and on the same side together with the Casbin caller.
Want to prioritize this issue? Try:
Describe the bug
When having a model that uses keyMatch3 and a policy with a value that starts with
*
it gives false positivetrue
.To Reproduce
Model:
Policy:
Test:
In https://casbin.org/editor/ and in jCasbin it gives an error (
Invalid regular expression: /^*/admin/.*$/: Nothing to repeat
) orfalse
.But in golang library it gives
true
Expected behavior
It gives
false
in golang libraryhttps://editor.casbin.org/#GPXQEC6EV
Versions
github.com/casbin/casbin/v2 v2.77.2
The text was updated successfully, but these errors were encountered: