feat(tvix/castore/protos): add more granular validation methods
Similar to cl/9715, this makes the validation checks more granular, introducing a Validate on all *Node. A check for symlink targets is added too. Once merged, it can also be used from tvix/store/protos. Change-Id: I0909a89fadcd74b74ef0c9a8a1f22658fccc83b0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9716 Reviewed-by: Connor Brewster <cbrewster@hey.com> Tested-by: BuildkiteCI
This commit is contained in:
parent
532f414da6
commit
0b18be3b57
2 changed files with 104 additions and 29 deletions
|
@ -4,6 +4,7 @@ import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"encoding/base64"
|
"encoding/base64"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
|
||||||
"google.golang.org/protobuf/proto"
|
"google.golang.org/protobuf/proto"
|
||||||
"lukechampine.com/blake3"
|
"lukechampine.com/blake3"
|
||||||
)
|
)
|
||||||
|
@ -50,6 +51,68 @@ func isValidName(n []byte) bool {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Validate ensures a DirectoryNode has a valid name and correct digest len.
|
||||||
|
func (n *DirectoryNode) Validate() error {
|
||||||
|
if len(n.Digest) != 32 {
|
||||||
|
return fmt.Errorf("invalid digest length for %s, expected %d, got %d", n.Name, 32, len(n.Digest))
|
||||||
|
}
|
||||||
|
|
||||||
|
if !isValidName(n.Name) {
|
||||||
|
return fmt.Errorf("invalid node name: %s", n.Name)
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Validate ensures a FileNode has a valid name and correct digest len.
|
||||||
|
func (n *FileNode) Validate() error {
|
||||||
|
if len(n.Digest) != 32 {
|
||||||
|
return fmt.Errorf("invalid digest length for %s, expected %d, got %d", n.Name, 32, len(n.Digest))
|
||||||
|
}
|
||||||
|
|
||||||
|
if !isValidName(n.Name) {
|
||||||
|
return fmt.Errorf("invalid node name: %s", n.Name)
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Validate ensures a SymlinkNode has a valid name and target.
|
||||||
|
func (n *SymlinkNode) Validate() error {
|
||||||
|
if len(n.Target) == 0 || bytes.Contains(n.Target, []byte{0}) {
|
||||||
|
return fmt.Errorf("invalid symlink target: %s", n.Target)
|
||||||
|
}
|
||||||
|
|
||||||
|
if !isValidName(n.Name) {
|
||||||
|
return fmt.Errorf("invalid node name: %s", n.Name)
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Validate ensures a node is valid, by dispatching to the per-type validation functions.
|
||||||
|
func (n *Node) Validate() error {
|
||||||
|
if node := n.GetDirectory(); node != nil {
|
||||||
|
if err := node.Validate(); err != nil {
|
||||||
|
return fmt.Errorf("SymlinkNode failed validation: %w", err)
|
||||||
|
}
|
||||||
|
} else if node := n.GetFile(); node != nil {
|
||||||
|
if err := node.Validate(); err != nil {
|
||||||
|
return fmt.Errorf("FileNode failed validation: %w", err)
|
||||||
|
}
|
||||||
|
} else if node := n.GetSymlink(); node != nil {
|
||||||
|
if err := node.Validate(); err != nil {
|
||||||
|
return fmt.Errorf("SymlinkNode failed validation: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
} else {
|
||||||
|
// this would only happen if we introduced a new type
|
||||||
|
return fmt.Errorf("no specific node found")
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
// Validate thecks the Directory message for invalid data, such as:
|
// Validate thecks the Directory message for invalid data, such as:
|
||||||
// - violations of name restrictions
|
// - violations of name restrictions
|
||||||
// - invalid digest lengths
|
// - invalid digest lengths
|
||||||
|
@ -87,21 +150,14 @@ func (d *Directory) Validate() error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Loop over all Directories, Files and Symlinks individually.
|
// Loop over all Directories, Files and Symlinks individually,
|
||||||
// Check the name for validity, check a potential digest for length,
|
// check them for validity, then check for sorting in the current list, and
|
||||||
// then check for sorting in the current list, and uniqueness across all three lists.
|
// uniqueness across all three lists.
|
||||||
for _, directoryNode := range d.Directories {
|
for _, directoryNode := range d.Directories {
|
||||||
directoryName := directoryNode.GetName()
|
directoryName := directoryNode.GetName()
|
||||||
|
|
||||||
// check name for validity
|
if err := directoryNode.Validate(); err != nil {
|
||||||
if !isValidName(directoryName) {
|
return fmt.Errorf("DirectoryNode %s failed validation: %w", directoryName, err)
|
||||||
return fmt.Errorf("invalid name for DirectoryNode: %v", directoryName)
|
|
||||||
}
|
|
||||||
|
|
||||||
// check digest to be 32 bytes
|
|
||||||
digestLen := len(directoryNode.GetDigest())
|
|
||||||
if digestLen != 32 {
|
|
||||||
return fmt.Errorf("invalid digest length for DirectoryNode: %d", digestLen)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// ensure names are sorted
|
// ensure names are sorted
|
||||||
|
@ -119,15 +175,8 @@ func (d *Directory) Validate() error {
|
||||||
for _, fileNode := range d.Files {
|
for _, fileNode := range d.Files {
|
||||||
fileName := fileNode.GetName()
|
fileName := fileNode.GetName()
|
||||||
|
|
||||||
// check name for validity
|
if err := fileNode.Validate(); err != nil {
|
||||||
if !isValidName(fileName) {
|
return fmt.Errorf("FileNode %s failed validation: %w", fileName, err)
|
||||||
return fmt.Errorf("invalid name for FileNode: %v", fileName)
|
|
||||||
}
|
|
||||||
|
|
||||||
// check digest to be 32 bytes
|
|
||||||
digestLen := len(fileNode.GetDigest())
|
|
||||||
if digestLen != 32 {
|
|
||||||
return fmt.Errorf("invalid digest length for FileNode: %d", digestLen)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// ensure names are sorted
|
// ensure names are sorted
|
||||||
|
@ -144,9 +193,8 @@ func (d *Directory) Validate() error {
|
||||||
for _, symlinkNode := range d.Symlinks {
|
for _, symlinkNode := range d.Symlinks {
|
||||||
symlinkName := symlinkNode.GetName()
|
symlinkName := symlinkNode.GetName()
|
||||||
|
|
||||||
// check name for validity
|
if err := symlinkNode.Validate(); err != nil {
|
||||||
if !isValidName(symlinkName) {
|
return fmt.Errorf("SymlinkNode %s failed validation: %w", symlinkName, err)
|
||||||
return fmt.Errorf("invalid name for SymlinkNode: %v", symlinkName)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// ensure names are sorted
|
// ensure names are sorted
|
||||||
|
|
|
@ -122,7 +122,7 @@ func TestDirectoryValidate(t *testing.T) {
|
||||||
Symlinks: []*castorev1pb.SymlinkNode{},
|
Symlinks: []*castorev1pb.SymlinkNode{},
|
||||||
}
|
}
|
||||||
|
|
||||||
assert.ErrorContains(t, d.Validate(), "invalid name")
|
assert.ErrorContains(t, d.Validate(), "invalid node name")
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
d := castorev1pb.Directory{
|
d := castorev1pb.Directory{
|
||||||
|
@ -135,7 +135,7 @@ func TestDirectoryValidate(t *testing.T) {
|
||||||
Symlinks: []*castorev1pb.SymlinkNode{},
|
Symlinks: []*castorev1pb.SymlinkNode{},
|
||||||
}
|
}
|
||||||
|
|
||||||
assert.ErrorContains(t, d.Validate(), "invalid name")
|
assert.ErrorContains(t, d.Validate(), "invalid node name")
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
d := castorev1pb.Directory{
|
d := castorev1pb.Directory{
|
||||||
|
@ -149,7 +149,7 @@ func TestDirectoryValidate(t *testing.T) {
|
||||||
Symlinks: []*castorev1pb.SymlinkNode{},
|
Symlinks: []*castorev1pb.SymlinkNode{},
|
||||||
}
|
}
|
||||||
|
|
||||||
assert.ErrorContains(t, d.Validate(), "invalid name")
|
assert.ErrorContains(t, d.Validate(), "invalid node name")
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
d := castorev1pb.Directory{
|
d := castorev1pb.Directory{
|
||||||
|
@ -161,7 +161,7 @@ func TestDirectoryValidate(t *testing.T) {
|
||||||
}},
|
}},
|
||||||
}
|
}
|
||||||
|
|
||||||
assert.ErrorContains(t, d.Validate(), "invalid name")
|
assert.ErrorContains(t, d.Validate(), "invalid node name")
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
d := castorev1pb.Directory{
|
d := castorev1pb.Directory{
|
||||||
|
@ -173,7 +173,7 @@ func TestDirectoryValidate(t *testing.T) {
|
||||||
}},
|
}},
|
||||||
}
|
}
|
||||||
|
|
||||||
assert.ErrorContains(t, d.Validate(), "invalid name")
|
assert.ErrorContains(t, d.Validate(), "invalid node name")
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
|
@ -191,6 +191,33 @@ func TestDirectoryValidate(t *testing.T) {
|
||||||
assert.ErrorContains(t, d.Validate(), "invalid digest length")
|
assert.ErrorContains(t, d.Validate(), "invalid digest length")
|
||||||
})
|
})
|
||||||
|
|
||||||
|
t.Run("invalid symlink targets", func(t *testing.T) {
|
||||||
|
{
|
||||||
|
d := castorev1pb.Directory{
|
||||||
|
Directories: []*castorev1pb.DirectoryNode{},
|
||||||
|
Files: []*castorev1pb.FileNode{},
|
||||||
|
Symlinks: []*castorev1pb.SymlinkNode{{
|
||||||
|
Name: []byte("foo"),
|
||||||
|
Target: []byte{},
|
||||||
|
}},
|
||||||
|
}
|
||||||
|
|
||||||
|
assert.ErrorContains(t, d.Validate(), "invalid symlink target")
|
||||||
|
}
|
||||||
|
{
|
||||||
|
d := castorev1pb.Directory{
|
||||||
|
Directories: []*castorev1pb.DirectoryNode{},
|
||||||
|
Files: []*castorev1pb.FileNode{},
|
||||||
|
Symlinks: []*castorev1pb.SymlinkNode{{
|
||||||
|
Name: []byte("foo"),
|
||||||
|
Target: []byte{0x66, 0x6f, 0x6f, 0},
|
||||||
|
}},
|
||||||
|
}
|
||||||
|
|
||||||
|
assert.ErrorContains(t, d.Validate(), "invalid symlink target")
|
||||||
|
}
|
||||||
|
})
|
||||||
|
|
||||||
t.Run("sorting", func(t *testing.T) {
|
t.Run("sorting", func(t *testing.T) {
|
||||||
// "b" comes before "a", bad.
|
// "b" comes before "a", bad.
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in a new issue