Add basic input validation to {Meta,Target}File

Add basic checks for allowed input values during objects' serialization. Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
theupdateframework · Jun 8, 2021 · 587b12f · 587b12f
1 parent 2407c6f
commit 587b12f
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/tuf/api/metadata.py b/tuf/api/metadata.py
@@ -714,6 +714,13 @@ def from_dict(cls, meta_dict: Dict[str, Any]) -> "MetaFile":
         version = meta_dict.pop("version")
         length = meta_dict.pop("length", None)
         hashes = meta_dict.pop("hashes", None)
+
+        # Do some basic input validation
+        if version <= 0:
+            raise ValueError(f"Metafile version must be > 0, got {version}")
+        if length is not None and length <= 0:
+            raise ValueError(f"Metafile length must be > 0, got {length}")
+
         # All fields left in the meta_dict are unrecognized.
         return cls(version, length, hashes, meta_dict)
 
@@ -1014,6 +1021,13 @@ def from_dict(cls, target_dict: Dict[str, Any]) -> "TargetFile":
         """Creates TargetFile object from its dict representation."""
         length = target_dict.pop("length")
         hashes = target_dict.pop("hashes")
+
+        # Do some basic validation checks
+        if length <= 0:
+            raise ValueError(f"Targetfile length must be > 0, got {length}")
+        if not hashes:
+            raise ValueError("Missing targetfile hashes")
+
         # All fields left in the target_dict are unrecognized.
         return cls(length, hashes, target_dict)