test: add normalized ASN validation coverage

refactor: normalize ASN validation value once
fix: allow ALL ASN values in policy rule validation
2026-06-17 12:57:17 +00:00 · 2026-06-16 23:48:28 +00:00 · 2026-06-16 23:46:44 +00:00 · 2026-06-16 23:44:35 +00:00 · 2026-06-16 23:39:56 +00:00 · 2026-06-14 15:02:18 -07:00
6 changed files with 381 additions and 281 deletions
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -139,7 +139,7 @@
        "@dotenvx/dotenvx": "1.69.1",
        "@esbuild-plugins/tsconfig-paths": "0.1.2",
        "@react-email/ui": "^6.5.0",
-        "@tailwindcss/postcss": "4.3.1",
+        "@tailwindcss/postcss": "4.3.0",
        "@tanstack/react-query-devtools": "5.100.14",
        "@types/better-sqlite3": "7.6.13",
        "@types/cookie-parser": "1.4.10",
@@ -151,7 +151,7 @@
        "@types/jmespath": "0.15.2",
        "@types/js-yaml": "4.0.9",
        "@types/jsonwebtoken": "9.0.10",
-        "@types/node": "25.9.3",
+        "@types/node": "25.9.1",
        "@types/nodemailer": "8.0.0",
        "@types/nprogress": "0.2.3",
        "@types/pg": "8.20.0",
@@ -165,21 +165,21 @@
        "@types/yargs": "17.0.35",
        "babel-plugin-react-compiler": "1.0.0",
        "drizzle-kit": "0.31.10",
-        "esbuild": "0.28.1",
+        "esbuild": "0.28.0",
        "esbuild-node-externals": "1.22.0",
        "eslint": "10.4.0",
-        "eslint-config-next": "16.2.9",
+        "eslint-config-next": "16.2.6",
        "postcss": "8.5.15",
-        "prettier": "3.8.4",
+        "prettier": "3.8.3",
        "react-email": "6.5.0",
-        "tailwindcss": "4.3.1",
+        "tailwindcss": "4.3.0",
        "tsc-alias": "1.8.17",
-        "tsx": "4.22.4",
+        "tsx": "4.22.3",
        "typescript": "6.0.3",
        "typescript-eslint": "8.60.0"
    },
    "overrides": {
-        "esbuild": "0.28.1",
+        "esbuild": "0.28.0",
        "dompurify": "3.4.0",
        "postcss": "8.5.15"
    }
--- a/server/lib/validators.test.ts
+++ b/server/lib/validators.test.ts
@@ -1,4 +1,7 @@
-import { isValidUrlGlobPattern } from "./validators";
+import {
+    getResourceRuleValueValidationError,
+    isValidUrlGlobPattern
+} from "./validators";
 import { assertEquals } from "@test/assert";

 function runTests() {
@@ -236,6 +239,43 @@ function runTests() {
        "Path with isolated percent sign should be invalid"
    );

+    // ASN validation tests
+    assertEquals(
+        getResourceRuleValueValidationError("ASN", "AS15169"),
+        null,
+        "Standard ASN should be valid"
+    );
+    assertEquals(
+        getResourceRuleValueValidationError("ASN", "  As15169  "),
+        null,
+        "Standard ASN should be valid with mixed case and whitespace"
+    );
+    assertEquals(
+        getResourceRuleValueValidationError("ASN", "ALL"),
+        null,
+        "ALL ASN selector should be valid"
+    );
+    assertEquals(
+        getResourceRuleValueValidationError("ASN", " all "),
+        null,
+        "ALL ASN selector should be valid with mixed case and whitespace"
+    );
+    assertEquals(
+        getResourceRuleValueValidationError("ASN", "AS0"),
+        null,
+        "AS0 alias should be valid"
+    );
+    assertEquals(
+        getResourceRuleValueValidationError("ASN", " as0 "),
+        null,
+        "AS0 alias should be valid with mixed case and whitespace"
+    );
+    assertEquals(
+        getResourceRuleValueValidationError("ASN", "not-an-asn"),
+        "Invalid ASN provided",
+        "Invalid ASN should return an error"
+    );
+
    console.log("All tests passed!");
 }

--- a/server/lib/validators.ts
+++ b/server/lib/validators.ts
@@ -100,7 +100,10 @@ export function getResourceRuleValueValidationError(
                ? null
                : "Invalid country code provided";
        case "ASN":
-            return /^AS\d+$/i.test(value.trim())
+            const normalizedValue = value.trim().toUpperCase();
+            return /^AS\d+$/.test(normalizedValue) ||
+                normalizedValue === "ALL" ||
+                normalizedValue === "AS0"
                ? null
                : "Invalid ASN provided";
        default:
--- a/src/components/newt-install-commands.tsx
+++ b/src/components/newt-install-commands.tsx
@@ -139,7 +139,6 @@ Restart=always
 RestartSec=2
 UMask=0077

-NoNewPrivileges=true
 PrivateTmp=true

 [Install]
--- a/src/components/resource-policy/policy-access-rule-validation.ts
+++ b/src/components/resource-policy/policy-access-rule-validation.ts
@@ -83,9 +83,19 @@ export function createPolicyRuleValueSchema(t: TranslateFn, match: string) {
                { message: t("rulesErrorInvalidCountryDescription") }
            );
        case "ASN":
-            return required.refine((value) => /^AS\d+$/i.test(value.trim()), {
-                message: t("rulesErrorInvalidAsnDescription")
-            });
+            return required.refine(
+                (value) => {
+                    const normalizedValue = value.trim().toUpperCase();
+                    return (
+                        /^AS\d+$/.test(normalizedValue) ||
+                        normalizedValue === "ALL" ||
+                        normalizedValue === "AS0"
+                    );
+                },
+                {
+                    message: t("rulesErrorInvalidAsnDescription")
+                }
+            );
        default:
            return required;
    }
Author	SHA1	Message	Date
copilot-swe-agent[bot]	7c15c428b3	test: add normalized ASN validation coverage	2026-06-16 23:48:28 +00:00
copilot-swe-agent[bot]	f3a52e31d1	refactor: normalize ASN validation value once	2026-06-16 23:46:44 +00:00
copilot-swe-agent[bot]	5e26ceaf02	fix: allow ALL ASN values in policy rule validation	2026-06-16 23:44:35 +00:00
copilot-swe-agent[bot]	d6fe357fcb	Initial plan	2026-06-16 23:39:56 +00:00
Owen	f9cc52ece9	Remove NoNewPrivileges Fixes https://github.com/fosrl/newt/issues/383	2026-06-14 15:02:18 -07:00