-
Notifications
You must be signed in to change notification settings - Fork 271
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
api/metadata input validation: length and hashes #1451
Conversation
@@ -708,6 +720,14 @@ def __init__( | |||
hashes: Optional[Dict[str, str]] = None, | |||
unrecognized_fields: Optional[Mapping[str, Any]] = None, | |||
) -> None: | |||
|
|||
if version <= 0: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: these days I had a thought that it's probably easier to read if we use if version < 1
when doing this check.
What do you think?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I find <= 0
very readable
Even though we don't want to focus on validating the semantic behind |
I've started to agree with type checks in this situation:
The last point feels quite wrong so maybe we should check that they are str at object intialization |
b5be7e8
to
033f10a
Compare
Rebased on develop and added type checks for the dictionary key-values based on your suggestions. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks fine to me. Left a comment about a check that isn't strictly necessary anymore but if you want to keep it, that's fine too.
tuf/api/metadata.py
Outdated
if not isinstance(hashes, dict): | ||
raise TypeError(f"Hashes must be a dictionary, got {type(hashes)}") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This check could now be dropped -- the error we get from calling hashes.items()
on something that isn't a dict is not as good but it does raise an exception without extra code...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I dropped it and force pushed, we raise build-in errors anyway.
- valid length: greater than zero - valid hashes: a non-empty dictionary of type Dict[str, str] Checking the validity of hash algorithms is not part of the metadata input validation and is done by securesystemslib during hash verification. Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
The check for an empty hash dictionary is now part of the hash validation function. Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
A trailing comma makes any element a one-item tuple. Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
033f10a
to
328f637
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
Fixes #1441
Description of the changes being introduced by the pull request:
Draft since it is dependent on #1437
Adds input validation checks to
MetaFile
andTargetFile
common fields:Checking the validity of hash algorithms is not part of the metadata input validation and is done
by
securesystemslib
during hash verification.Please verify and check that the pull request fulfills the following
requirements: