feat(tvix/castore/protos): add more granular validation methods

Similar to cl/9715, this makes the validation checks more granular,
introducing a Validate on all *Node.

A check for symlink targets is added too.

Once merged, it can also be used from tvix/store/protos.

Change-Id: I0909a89fadcd74b74ef0c9a8a1f22658fccc83b0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/9716
Reviewed-by: Connor Brewster <cbrewster@hey.com>
Tested-by: BuildkiteCI
This commit is contained in:
Florian Klink 2023-10-13 01:02:07 +02:00 committed by flokli
parent 532f414da6
commit 0b18be3b57
2 changed files with 104 additions and 29 deletions

View file

@ -4,6 +4,7 @@ import (
"bytes" "bytes"
"encoding/base64" "encoding/base64"
"fmt" "fmt"
"google.golang.org/protobuf/proto" "google.golang.org/protobuf/proto"
"lukechampine.com/blake3" "lukechampine.com/blake3"
) )
@ -50,6 +51,68 @@ func isValidName(n []byte) bool {
return true return true
} }
// Validate ensures a DirectoryNode has a valid name and correct digest len.
func (n *DirectoryNode) Validate() error {
if len(n.Digest) != 32 {
return fmt.Errorf("invalid digest length for %s, expected %d, got %d", n.Name, 32, len(n.Digest))
}
if !isValidName(n.Name) {
return fmt.Errorf("invalid node name: %s", n.Name)
}
return nil
}
// Validate ensures a FileNode has a valid name and correct digest len.
func (n *FileNode) Validate() error {
if len(n.Digest) != 32 {
return fmt.Errorf("invalid digest length for %s, expected %d, got %d", n.Name, 32, len(n.Digest))
}
if !isValidName(n.Name) {
return fmt.Errorf("invalid node name: %s", n.Name)
}
return nil
}
// Validate ensures a SymlinkNode has a valid name and target.
func (n *SymlinkNode) Validate() error {
if len(n.Target) == 0 || bytes.Contains(n.Target, []byte{0}) {
return fmt.Errorf("invalid symlink target: %s", n.Target)
}
if !isValidName(n.Name) {
return fmt.Errorf("invalid node name: %s", n.Name)
}
return nil
}
// Validate ensures a node is valid, by dispatching to the per-type validation functions.
func (n *Node) Validate() error {
if node := n.GetDirectory(); node != nil {
if err := node.Validate(); err != nil {
return fmt.Errorf("SymlinkNode failed validation: %w", err)
}
} else if node := n.GetFile(); node != nil {
if err := node.Validate(); err != nil {
return fmt.Errorf("FileNode failed validation: %w", err)
}
} else if node := n.GetSymlink(); node != nil {
if err := node.Validate(); err != nil {
return fmt.Errorf("SymlinkNode failed validation: %w", err)
}
} else {
// this would only happen if we introduced a new type
return fmt.Errorf("no specific node found")
}
return nil
}
// Validate thecks the Directory message for invalid data, such as: // Validate thecks the Directory message for invalid data, such as:
// - violations of name restrictions // - violations of name restrictions
// - invalid digest lengths // - invalid digest lengths
@ -87,21 +150,14 @@ func (d *Directory) Validate() error {
return nil return nil
} }
// Loop over all Directories, Files and Symlinks individually. // Loop over all Directories, Files and Symlinks individually,
// Check the name for validity, check a potential digest for length, // check them for validity, then check for sorting in the current list, and
// then check for sorting in the current list, and uniqueness across all three lists. // uniqueness across all three lists.
for _, directoryNode := range d.Directories { for _, directoryNode := range d.Directories {
directoryName := directoryNode.GetName() directoryName := directoryNode.GetName()
// check name for validity if err := directoryNode.Validate(); err != nil {
if !isValidName(directoryName) { return fmt.Errorf("DirectoryNode %s failed validation: %w", directoryName, err)
return fmt.Errorf("invalid name for DirectoryNode: %v", directoryName)
}
// check digest to be 32 bytes
digestLen := len(directoryNode.GetDigest())
if digestLen != 32 {
return fmt.Errorf("invalid digest length for DirectoryNode: %d", digestLen)
} }
// ensure names are sorted // ensure names are sorted
@ -119,15 +175,8 @@ func (d *Directory) Validate() error {
for _, fileNode := range d.Files { for _, fileNode := range d.Files {
fileName := fileNode.GetName() fileName := fileNode.GetName()
// check name for validity if err := fileNode.Validate(); err != nil {
if !isValidName(fileName) { return fmt.Errorf("FileNode %s failed validation: %w", fileName, err)
return fmt.Errorf("invalid name for FileNode: %v", fileName)
}
// check digest to be 32 bytes
digestLen := len(fileNode.GetDigest())
if digestLen != 32 {
return fmt.Errorf("invalid digest length for FileNode: %d", digestLen)
} }
// ensure names are sorted // ensure names are sorted
@ -144,9 +193,8 @@ func (d *Directory) Validate() error {
for _, symlinkNode := range d.Symlinks { for _, symlinkNode := range d.Symlinks {
symlinkName := symlinkNode.GetName() symlinkName := symlinkNode.GetName()
// check name for validity if err := symlinkNode.Validate(); err != nil {
if !isValidName(symlinkName) { return fmt.Errorf("SymlinkNode %s failed validation: %w", symlinkName, err)
return fmt.Errorf("invalid name for SymlinkNode: %v", symlinkName)
} }
// ensure names are sorted // ensure names are sorted

View file

@ -122,7 +122,7 @@ func TestDirectoryValidate(t *testing.T) {
Symlinks: []*castorev1pb.SymlinkNode{}, Symlinks: []*castorev1pb.SymlinkNode{},
} }
assert.ErrorContains(t, d.Validate(), "invalid name") assert.ErrorContains(t, d.Validate(), "invalid node name")
} }
{ {
d := castorev1pb.Directory{ d := castorev1pb.Directory{
@ -135,7 +135,7 @@ func TestDirectoryValidate(t *testing.T) {
Symlinks: []*castorev1pb.SymlinkNode{}, Symlinks: []*castorev1pb.SymlinkNode{},
} }
assert.ErrorContains(t, d.Validate(), "invalid name") assert.ErrorContains(t, d.Validate(), "invalid node name")
} }
{ {
d := castorev1pb.Directory{ d := castorev1pb.Directory{
@ -149,7 +149,7 @@ func TestDirectoryValidate(t *testing.T) {
Symlinks: []*castorev1pb.SymlinkNode{}, Symlinks: []*castorev1pb.SymlinkNode{},
} }
assert.ErrorContains(t, d.Validate(), "invalid name") assert.ErrorContains(t, d.Validate(), "invalid node name")
} }
{ {
d := castorev1pb.Directory{ d := castorev1pb.Directory{
@ -161,7 +161,7 @@ func TestDirectoryValidate(t *testing.T) {
}}, }},
} }
assert.ErrorContains(t, d.Validate(), "invalid name") assert.ErrorContains(t, d.Validate(), "invalid node name")
} }
{ {
d := castorev1pb.Directory{ d := castorev1pb.Directory{
@ -173,7 +173,7 @@ func TestDirectoryValidate(t *testing.T) {
}}, }},
} }
assert.ErrorContains(t, d.Validate(), "invalid name") assert.ErrorContains(t, d.Validate(), "invalid node name")
} }
}) })
@ -191,6 +191,33 @@ func TestDirectoryValidate(t *testing.T) {
assert.ErrorContains(t, d.Validate(), "invalid digest length") assert.ErrorContains(t, d.Validate(), "invalid digest length")
}) })
t.Run("invalid symlink targets", func(t *testing.T) {
{
d := castorev1pb.Directory{
Directories: []*castorev1pb.DirectoryNode{},
Files: []*castorev1pb.FileNode{},
Symlinks: []*castorev1pb.SymlinkNode{{
Name: []byte("foo"),
Target: []byte{},
}},
}
assert.ErrorContains(t, d.Validate(), "invalid symlink target")
}
{
d := castorev1pb.Directory{
Directories: []*castorev1pb.DirectoryNode{},
Files: []*castorev1pb.FileNode{},
Symlinks: []*castorev1pb.SymlinkNode{{
Name: []byte("foo"),
Target: []byte{0x66, 0x6f, 0x6f, 0},
}},
}
assert.ErrorContains(t, d.Validate(), "invalid symlink target")
}
})
t.Run("sorting", func(t *testing.T) { t.Run("sorting", func(t *testing.T) {
// "b" comes before "a", bad. // "b" comes before "a", bad.
{ {