update aws_policy_equal.c

jeffreyaven · jeffreyaven · commit 0900a7e7064b · 2025-07-09T14:03:41.000+10:00
diff --git a/src/aws_policy_equal/aws_policy_equal.c b/src/aws_policy_equal/aws_policy_equal.c
@@ -110,7 +110,28 @@ static cJSON_bool aws_policy_compare_items(const cJSON *a, const cJSON *b, int p
     }
     
     // If either is NULL or they have different types, they're not equal
-    if ((a == NULL) || (b == NULL) || ((a->type & 0xFF) != (b->type & 0xFF))) {
+    if ((a == NULL) || (b == NULL)) {
+        return 0;
+    }
+    
+    // Special case for comparing array with single value
+    if (((a->type & 0xFF) == cJSON_Array && (b->type & 0xFF) == cJSON_String) ||
+        ((a->type & 0xFF) == cJSON_String && (b->type & 0xFF) == cJSON_Array)) {
+        
+        const cJSON *array = ((a->type & 0xFF) == cJSON_Array) ? a : b;
+        const cJSON *string = ((a->type & 0xFF) == cJSON_String) ? a : b;
+        
+        // Only valid if array has exactly one element
+        if (cJSON_GetArraySize(array) != 1) {
+            return 0;
+        }
+        
+        // Compare the single array element with the string
+        return aws_policy_compare_items(cJSON_GetArrayItem(array, 0), string, parent_is_unordered);
+    }
+    
+    // Normal case - types must match
+    if ((a->type & 0xFF) != (b->type & 0xFF)) {
         return 0;
     }
     
diff --git a/test/aws_policy_equal.sql b/test/aws_policy_equal.sql
@@ -54,7 +54,7 @@ SELECT '5_01', aws_policy_equal(
 -- Test for external ID policy example from your conversation
 SELECT '6_01', aws_policy_equal(
     '{"Version":"2012-10-17","Statement":[{"Condition":{"StringEquals":{"sts:ExternalId":"0000"}},"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::414351767826:role/unity-catalog-prod-UCMasterRole-14S5ZJVKOTYTL"}}]}',
-    '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":["arn:aws:iam::414351767826:role/unity-catalog-prod-UCMasterRole-14S5ZJVKOTYTL"]},"Action":"sts:AssumeRole","Condition":{"StringEquals":{"sts:ExternalId":"0000"}}}]}'
+    '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":"arn:aws:iam::414351767826:role/unity-catalog-prod-UCMasterRole-14S5ZJVKOTYTL"},"Action":"sts:AssumeRole","Condition":{"StringEquals":{"sts:ExternalId":"0000"}}}]}'
 ) = 1;
 
 -- Test for complex policy with multiple statements and different ordering
