!93 KubeOS: add validation for non-empty strings in Vec fields

From: @weiy6 Reviewed-by: @li-yuanrong Signed-off-by: @li-yuanrong
2024-12-16 03:27:41 +00:00 · 2024-12-16 03:27:41 +00:00 · 66515fa274
commit 66515fa274
parent 2da7f5dd5f 5f294483fc
2 changed files with 103 additions and 1 deletions
--- a/0006-fix-kbimg-add-validation-for-non-empty-strings-in-Ve.patch
+++ b/0006-fix-kbimg-add-validation-for-non-empty-strings-in-Ve.patch
@ -0,0 +1,95 @@
+From 66582ff8ad70b7bef1f21e0491e5750cbe1ec7a6 Mon Sep 17 00:00:00 2001
+From: Yuhang Wei <weiyuhang3@huawei.com>
+Date: Mon, 16 Dec 2024 10:14:03 +0800
+Subject: [PATCH] fix(kbimg): add validation for non-empty strings in
+ Vec<String> fields
+
+Signed-off-by: Yuhang Wei <weiyuhang3@huawei.com>
+---
+ KubeOS-Rust/kbimg/src/commands.rs    | 37 ++++++++++++++++++++++++++++
+ KubeOS-Rust/kbimg/src/scripts_gen.rs |  3 +++
+ 2 files changed, 40 insertions(+)
+
+diff --git a/KubeOS-Rust/kbimg/src/commands.rs b/KubeOS-Rust/kbimg/src/commands.rs
+index 24fc1031..bcf9feb0 100644
+--- a/KubeOS-Rust/kbimg/src/commands.rs
+++ b/KubeOS-Rust/kbimg/src/commands.rs
+@@ -117,6 +117,7 @@ pub struct User {
+     pub passwd: String,
+     #[serde(default, deserialize_with = "reject_empty_option_string")]
+     pub primary_group: Option<String>,
+    #[serde(default, deserialize_with = "reject_empty_opt_vec_string")]
+     pub groups: Option<Vec<String>>,
+ }
+ 
+@@ -138,6 +139,7 @@ pub struct Grub {
+ 
+ #[derive(Deserialize, Debug, Clone)]
+ pub struct SystemdService {
+    #[serde(default, deserialize_with = "reject_empty_vec_string")]
+     pub name: Vec<String>,
+ }
+ 
+@@ -155,6 +157,7 @@ pub struct DiskPartition {
+ 
+ #[derive(Deserialize, Debug, Clone)]
+ pub struct PersistMkdir {
+    #[serde(default, deserialize_with = "reject_empty_vec_string")]
+     pub name: Vec<String>,
+ }
+ 
+@@ -240,3 +243,37 @@ where
+     }
+     Ok(value)
+ }
+
+fn reject_empty_opt_vec_string<'de, D>(deserializer: D) -> Result<Option<Vec<String>>, D::Error>
+where
+    D: serde::Deserializer<'de>,
+{
+    let value: Option<Vec<String>> = Deserialize::deserialize(deserializer)?;
+    if let Some(ref value) = value {
+        if value.is_empty() {
+            return Err(serde::de::Error::custom("Vec<String> field should not be empty"));
+        }
+        for v in value {
+            if v.trim().is_empty() {
+                return Err(serde::de::Error::custom("String in Vec<String> should not be an empty string"));
+            }
+        }
+    }
+    Ok(value)
+}
+
+fn reject_empty_vec_string<'de, D>(deserializer: D) -> Result<Vec<String>, D::Error>
+where
+    D: serde::Deserializer<'de>,
+{
+    let value: Vec<String> = Deserialize::deserialize(deserializer)?;
+    if value.is_empty() {
+        return Err(serde::de::Error::custom("Vec<String> field should not be empty"));
+    }
+    for v in &value {
+        if v.trim().is_empty() {
+            return Err(serde::de::Error::custom("String in Vec<String> should not be an empty string"));
+        }
+    }
+    Ok(value)
+}
+diff --git a/KubeOS-Rust/kbimg/src/scripts_gen.rs b/KubeOS-Rust/kbimg/src/scripts_gen.rs
+index 4f9abd24..9993af1c 100644
+--- a/KubeOS-Rust/kbimg/src/scripts_gen.rs
+++ b/KubeOS-Rust/kbimg/src/scripts_gen.rs
+@@ -261,6 +261,9 @@ pub(crate) fn gen_create_img(file: &mut dyn Write, legacy_bios: bool, config: &C
+     let mut mkdir_persist: String = String::new();
+     if let Some(persist_mkdir) = &config.persist_mkdir {
+         for name in &persist_mkdir.name {
+            if name.is_empty() {
+                continue;
+            }
+             mkdir_persist.push_str(&format!("    mkdir -p \"${{TMP_MOUNT_PATH}}\"/{}\n", name));
+         }
+     }
+-- 
+2.39.5 (Apple Git-154)
+
--- a/KubeOS.spec
+++ b/KubeOS.spec
@ -2,7 +2,7 @@

 Name:           KubeOS
 Version:        1.0.8
-Release:        3
+Release:        4
 Summary:        O&M platform used to update the whole OS as an entirety
 License:        Mulan PSL v2
 Source0:        https://gitee.com/openeuler/KubeOS/repository/archive/v%{version}.tar.gz
@ -11,6 +11,7 @@ Patch2:         0002-fix-kbimg-incorrect-remove-chroot-script-path.patch
 Patch3:         0003-fix-admin-container-correct-path-for-copying-files-i.patch
 Patch4:         0004-fix-kbimg-add-info-log-for-successful-image-creation.patch
 Patch5:         0005-fix-kbimg-enforce-non-empty-strings-for-required-fie.patch
+Patch6:         0006-fix-kbimg-add-validation-for-non-empty-strings-in-Ve.patch

 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  make rust cargo openssl-devel
@ -75,6 +76,12 @@ install -p -m 0600 ./KubeOS-Rust/kbimg/kbimg.toml %{buildroot}/opt/kubeOS/script
 rm -rfv %{buildroot}

 %changelog
+* Mon Dec 16 2024 Yuhang Wei<weiyuhang3@huawei.com> - 1.0.8-4
+- Type:requirement
+- CVE:NA
+- SUG:restart
+- DESC:enforce non-empty vec strings for required fields
+
 * Fri Dec 13 2024 Yuhang Wei<weiyuhang3@huawei.com> - 1.0.8-3
 - Type:requirement
 - CVE:NA