packages/KubeOS
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

KubeOS: add validation for non-empty strings in Vec<String> fields

Browse Source 
Signed-off-by: Yuhang Wei <weiyuhang3@huawei.com>
This commit is contained in:
Yuhang Wei 2024-12-16 11:06:13 +08:00
parent 5b1485f627
commit 5f294483fc
2 changed files with 103 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
0006-fix-kbimg-add-validation-for-non-empty-strings-in-Ve.patch Normal file
View File

@ -0,0 +1,95 @@
From 66582ff8ad70b7bef1f21e0491e5750cbe1ec7a6 Mon Sep 17 00:00:00 2001
From: Yuhang Wei <weiyuhang3@huawei.com>
Date: Mon, 16 Dec 2024 10:14:03 +0800
Subject: [PATCH] fix(kbimg): add validation for non-empty strings in
Vec<String> fields
Signed-off-by: Yuhang Wei <weiyuhang3@huawei.com>
---
KubeOS-Rust/kbimg/src/commands.rs | 37 ++++++++++++++++++++++++++++
KubeOS-Rust/kbimg/src/scripts_gen.rs | 3 +++
2 files changed, 40 insertions(+)
diff --git a/KubeOS-Rust/kbimg/src/commands.rs b/KubeOS-Rust/kbimg/src/commands.rs
index 24fc1031..bcf9feb0 100644
--- a/KubeOS-Rust/kbimg/src/commands.rs
+++ b/KubeOS-Rust/kbimg/src/commands.rs
@@ -117,6 +117,7 @@ pub struct User {
pub passwd: String,
#[serde(default, deserialize_with = "reject_empty_option_string")]
pub primary_group: Option<String>,
+ #[serde(default, deserialize_with = "reject_empty_opt_vec_string")]
pub groups: Option<Vec<String>>,
}
@@ -138,6 +139,7 @@ pub struct Grub {
#[derive(Deserialize, Debug, Clone)]
pub struct SystemdService {
+ #[serde(default, deserialize_with = "reject_empty_vec_string")]
pub name: Vec<String>,
}
@@ -155,6 +157,7 @@ pub struct DiskPartition {
#[derive(Deserialize, Debug, Clone)]
pub struct PersistMkdir {
+ #[serde(default, deserialize_with = "reject_empty_vec_string")]
pub name: Vec<String>,
}
@@ -240,3 +243,37 @@ where
}
Ok(value)
}
+
+fn reject_empty_opt_vec_string<'de, D>(deserializer: D) -> Result<Option<Vec<String>>, D::Error>
+where
+ D: serde::Deserializer<'de>,
+{
+ let value: Option<Vec<String>> = Deserialize::deserialize(deserializer)?;
+ if let Some(ref value) = value {
+ if value.is_empty() {
+ return Err(serde::de::Error::custom("Vec<String> field should not be empty"));
+ }
+ for v in value {
+ if v.trim().is_empty() {
+ return Err(serde::de::Error::custom("String in Vec<String> should not be an empty string"));
+ }
+ }
+ }
+ Ok(value)
+}
+
+fn reject_empty_vec_string<'de, D>(deserializer: D) -> Result<Vec<String>, D::Error>
+where
+ D: serde::Deserializer<'de>,
+{
+ let value: Vec<String> = Deserialize::deserialize(deserializer)?;
+ if value.is_empty() {
+ return Err(serde::de::Error::custom("Vec<String> field should not be empty"));
+ }
+ for v in &value {
+ if v.trim().is_empty() {
+ return Err(serde::de::Error::custom("String in Vec<String> should not be an empty string"));
+ }
+ }
+ Ok(value)
+}
diff --git a/KubeOS-Rust/kbimg/src/scripts_gen.rs b/KubeOS-Rust/kbimg/src/scripts_gen.rs
index 4f9abd24..9993af1c 100644
--- a/KubeOS-Rust/kbimg/src/scripts_gen.rs
+++ b/KubeOS-Rust/kbimg/src/scripts_gen.rs
@@ -261,6 +261,9 @@ pub(crate) fn gen_create_img(file: &mut dyn Write, legacy_bios: bool, config: &C
let mut mkdir_persist: String = String::new();
if let Some(persist_mkdir) = &config.persist_mkdir {
for name in &persist_mkdir.name {
+ if name.is_empty() {
+ continue;
+ }
mkdir_persist.push_str(&format!(" mkdir -p \"${{TMP_MOUNT_PATH}}\"/{}\n", name));
}
}
--
2.39.5 (Apple Git-154)

9
KubeOS.spec
View File

@ -2,7 +2,7 @@
Name: KubeOS Name: KubeOS
Version: 1.0.8 Version: 1.0.8
Release: 3 Release: 4
Summary: O&M platform used to update the whole OS as an entirety Summary: O&M platform used to update the whole OS as an entirety
License: Mulan PSL v2 License: Mulan PSL v2
Source0: https://gitee.com/openeuler/KubeOS/repository/archive/v%{version}.tar.gz Source0: https://gitee.com/openeuler/KubeOS/repository/archive/v%{version}.tar.gz
@ -11,6 +11,7 @@ Patch2: 0002-fix-kbimg-incorrect-remove-chroot-script-path.patch
Patch3: 0003-fix-admin-container-correct-path-for-copying-files-i.patch Patch3: 0003-fix-admin-container-correct-path-for-copying-files-i.patch
Patch4: 0004-fix-kbimg-add-info-log-for-successful-image-creation.patch Patch4: 0004-fix-kbimg-add-info-log-for-successful-image-creation.patch
Patch5: 0005-fix-kbimg-enforce-non-empty-strings-for-required-fie.patch Patch5: 0005-fix-kbimg-enforce-non-empty-strings-for-required-fie.patch
Patch6: 0006-fix-kbimg-add-validation-for-non-empty-strings-in-Ve.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: make rust cargo openssl-devel BuildRequires: make rust cargo openssl-devel
@ -75,6 +76,12 @@ install -p -m 0600 ./KubeOS-Rust/kbimg/kbimg.toml %{buildroot}/opt/kubeOS/script
rm -rfv %{buildroot} rm -rfv %{buildroot}
%changelog %changelog
* Mon Dec 16 2024 Yuhang Wei<weiyuhang3@huawei.com> - 1.0.8-4
- Type:requirement
- CVE:NA
- SUG:restart
- DESC:enforce non-empty vec strings for required fields
* Fri Dec 13 2024 Yuhang Wei<weiyuhang3@huawei.com> - 1.0.8-3 * Fri Dec 13 2024 Yuhang Wei<weiyuhang3@huawei.com> - 1.0.8-3
- Type:requirement - Type:requirement
- CVE:NA - CVE:NA