src/main/java/com/google/devtools/build/lib/packages/BuiltinRestriction.java - bazel - Git at Google

 // Copyright 2015 The Bazel Authors. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //    http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package com.google.devtools.build.lib.packages;

 import com.google.devtools.build.lib.cmdline.BazelModuleContext;
 import com.google.devtools.build.lib.cmdline.Label;
 import com.google.devtools.build.lib.cmdline.PackageIdentifier;
 import com.google.devtools.build.lib.cmdline.RepositoryName;
 import com.google.devtools.build.lib.vfs.PathFragment;
 import java.util.Collection;
 import net.starlark.java.eval.EvalException;
 import net.starlark.java.eval.Starlark;
 import net.starlark.java.eval.StarlarkThread;

 /** Static utility methods pertaining to restricting Starlark method invocations */
 // TODO(bazel-team): Maybe we can merge this utility class with some other existing allowlist
 // helper? But it seems like a lot of existing allowlist machinery is geared toward allowlists on
 // rule attributes rather than what .bzl you're in.
 public final class BuiltinRestriction {

   private BuiltinRestriction() {}

   /**
    * Throws {@code EvalException} if the innermost Starlark function in the given thread's call
    * stack is not defined within the builtins repository.
    *
    * @throws NullPointerException if there is no currently executing Starlark function, or the
    *     innermost Starlark function's module is not a .bzl file
    */
   public static void failIfCalledOutsideBuiltins(StarlarkThread thread) throws EvalException {
     Label currentFile = BazelModuleContext.ofInnermostBzlOrThrow(thread).label();
     if (!currentFile.getRepository().getNameWithAt().equals("@_builtins")) {
       throw Starlark.errorf(
           "file '%s' cannot use private @_builtins API", currentFile.getCanonicalForm());
     }
   }

   /**
    * Throws {@code EvalException} if the innermost Starlark function in the given thread's call
    * stack is not defined within either 1) the builtins repository, or 2) a package or subpackage of
    * an entry in the given allowlist.
    *
    * @throws NullPointerException if there is no currently executing Starlark function, or the
    *     innermost Starlark function's module is not a .bzl file
    */
   public static void failIfCalledOutsideAllowlist(
       StarlarkThread thread, Collection<PackageIdentifier> allowlist) throws EvalException {
     Label currentFile = BazelModuleContext.ofInnermostBzlOrThrow(thread).label();
     failIfLabelOutsideAllowlist(currentFile, allowlist);
   }

   /**
    * Throws {@code EvalException} if the given label is not within either 1) the builtins
    * repository, or 2) a package or subpackage of an entry in the given allowlist.
    *
    * <p>The error message identifies label as a file.
    */
   public static void failIfLabelOutsideAllowlist(
       Label label, Collection<PackageIdentifier> allowlist) throws EvalException {
     if (label.getRepository().getNameWithAt().equals("@_builtins")) {
       return;
     }
     if (allowlist.stream().noneMatch(allowedPkg -> isInPackageOrSubpackage(label, allowedPkg))) {
       throw Starlark.errorf("file '%s' cannot use private API", label.getCanonicalForm());
     }
   }

   private static boolean isInPackageOrSubpackage(Label label, PackageIdentifier packageId) {
     RepositoryName repo = label.getRepository();
     PathFragment pkg = label.getPackageFragment();
     return repo.equals(packageId.getRepository()) && pkg.startsWith(packageId.getPackageFragment());
   }
 }
	// Copyright 2015 The Bazel Authors. All rights reserved.
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.
	package com.google.devtools.build.lib.packages;

	import com.google.devtools.build.lib.cmdline.BazelModuleContext;
	import com.google.devtools.build.lib.cmdline.Label;
	import com.google.devtools.build.lib.cmdline.PackageIdentifier;
	import com.google.devtools.build.lib.cmdline.RepositoryName;
	import com.google.devtools.build.lib.vfs.PathFragment;
	import java.util.Collection;
	import net.starlark.java.eval.EvalException;
	import net.starlark.java.eval.Starlark;
	import net.starlark.java.eval.StarlarkThread;

	/** Static utility methods pertaining to restricting Starlark method invocations */
	// TODO(bazel-team): Maybe we can merge this utility class with some other existing allowlist
	// helper? But it seems like a lot of existing allowlist machinery is geared toward allowlists on
	// rule attributes rather than what .bzl you're in.
	public final class BuiltinRestriction {

	private BuiltinRestriction() {}

	/**
	* Throws {@code EvalException} if the innermost Starlark function in the given thread's call
	* stack is not defined within the builtins repository.
	*
	* @throws NullPointerException if there is no currently executing Starlark function, or the
	* innermost Starlark function's module is not a .bzl file
	*/
	public static void failIfCalledOutsideBuiltins(StarlarkThread thread) throws EvalException {
	Label currentFile = BazelModuleContext.ofInnermostBzlOrThrow(thread).label();
	if (!currentFile.getRepository().getNameWithAt().equals("@_builtins")) {
	throw Starlark.errorf(
	"file '%s' cannot use private @_builtins API", currentFile.getCanonicalForm());
	}
	}

	/**
	* Throws {@code EvalException} if the innermost Starlark function in the given thread's call
	* stack is not defined within either 1) the builtins repository, or 2) a package or subpackage of
	* an entry in the given allowlist.
	*
	* @throws NullPointerException if there is no currently executing Starlark function, or the
	* innermost Starlark function's module is not a .bzl file
	*/
	public static void failIfCalledOutsideAllowlist(
	StarlarkThread thread, Collection<PackageIdentifier> allowlist) throws EvalException {
	Label currentFile = BazelModuleContext.ofInnermostBzlOrThrow(thread).label();
	failIfLabelOutsideAllowlist(currentFile, allowlist);
	}

	/**
	* Throws {@code EvalException} if the given label is not within either 1) the builtins
	* repository, or 2) a package or subpackage of an entry in the given allowlist.
	*
	* <p>The error message identifies label as a file.
	*/
	public static void failIfLabelOutsideAllowlist(
	Label label, Collection<PackageIdentifier> allowlist) throws EvalException {
	if (label.getRepository().getNameWithAt().equals("@_builtins")) {
	return;
	}
	if (allowlist.stream().noneMatch(allowedPkg -> isInPackageOrSubpackage(label, allowedPkg))) {
	throw Starlark.errorf("file '%s' cannot use private API", label.getCanonicalForm());
	}
	}

	private static boolean isInPackageOrSubpackage(Label label, PackageIdentifier packageId) {
	RepositoryName repo = label.getRepository();
	PathFragment pkg = label.getPackageFragment();
	return repo.equals(packageId.getRepository()) && pkg.startsWith(packageId.getPackageFragment());
	}
	}