/snapd

snap/validate: extend socket validation tests #4219

Merged
merged 5 commits into from Nov 16, 2017

Conversation

Reviewers

@zyga zyga

@jdstrand jdstrand

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
5 participants
@albertodonato @codecov-io @jdstrand @zyga @mvo5
@albertodonato
Contributor

albertodonato commented Nov 15, 2017
Edited 1 time

This addresses comments on #3916 (review) (PR was merged already)
@jdstrand

jdstrand requested changes Nov 15, 2017
View changes

Thanks for this PR! One small change and please see #3916 (comment)

snap/validate_test.go
@@ -253,6 +253,9 @@ func (s *ValidateSuite) TestValidateAppSocketsInvalidListenStreamPathRelative(c
func (s *ValidateSuite) TestValidateAppSocketsInvalidListenStreamAbstractSocket(c *C) {
app := createSampleApp()
invalidListenAddresses := []string{
+ "@snap.myapp",
+ "@snap.myapp.foo",
+ "@snap.myapp\\000.foo",
@jdstrand

jdstrand Nov 15, 2017

Contributor

I was thinking that 'myapp' was the the snap name, but it is 'mysnap'. Can you remove '@snap.myapp.foo' since it is covered below, then change the other two to be:

"@snap.mysnap",
"@snap.mysnap\\000.foo",
@albertodonato

albertodonato Nov 15, 2017

Contributor

done

albertodonato added some commits Nov 15, 2017

@albertodonato
snap/validate: extend socket validation tests 
Signed-off-by: Alberto Donato <alberto.donato@gmail.com>
52f74bb
@albertodonato
snap/validate: add SocketMode validation and test 
Signed-off-by: Alberto Donato <alberto.donato@gmail.com>
9fb1749
@codecov-io

codecov-io commented Nov 15, 2017
Edited 4 times

Codecov Report

Merging #4219 into master will increase coverage by 0.02%.
The diff coverage is 100%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #4219      +/-   ##
==========================================
+ Coverage   75.86%   75.88%   +0.02%     
==========================================
  Files         440      440              
  Lines       38247    38320      +73     
==========================================
+ Hits        29016    29080      +64     
- Misses       7218     7224       +6     
- Partials     2013     2016       +3
Impacted Files Coverage Δ
snap/validate.go 97.08% <100%> (+0.18%) ⬆️
interfaces/builtin/account_control.go 85.71% <0%> (-14.29%) ⬇️
cmd/snap-update-ns/bootstrap.go 85.36% <0%> (-1%) ⬇️
overlord/ifacestate/helpers.go 59.6% <0%> (-0.67%) ⬇️
snap/info_snap_yaml.go 93.83% <0%> (-0.39%) ⬇️
interfaces/builtin/time_control.go 100% <0%> (ø) ⬆️
interfaces/builtin/timezone_control.go 100% <0%> (ø) ⬆️
interfaces/builtin/timeserver_control.go 100% <0%> (ø) ⬆️
cmd/snap-update-ns/change.go 97.59% <0%> (ø) ⬆️
interfaces/repo.go 97.59% <0%> (+0.01%) ⬆️
... and 2 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 83636fb...cf12edd. Read the comment docs.
@jdstrand

jdstrand requested changes Nov 15, 2017
View changes

Thanks for the changes! What is here looks good.

I still would like to see a test for trying to assign a string like "abc" or "rw-rw-rw-" to SocketMode though (both should fail with my understanding of the design of the feature). The Layout code seems to be doing a decent job of this because it uses m, err := strconv.ParseUint(l.Mode, 8, 32) and returns an error if there is one (line 147 in snap/info_snap_yaml.go), but I don't see where we are doing that anywhere for SocketMode.

@albertodonato
snap: add test for invalid socket-mode in YAML 
Signed-off-by: Alberto Donato <alberto.donato@gmail.com>
fd1cf4e
@albertodonato
Contributor

albertodonato commented Nov 15, 2017

@jdstrand the code you pointed out is there because in the Layout those options' value is a string, so it needs to be converted. In the case of SocketMode, it's an os.FileMode, so a string would trigger a validation error from the json loader.

I added a test for this case.
@jdstrand

jdstrand approved these changes Nov 15, 2017
View changes

Thanks! Since the yaml is untrusted input, I wanted to make sure we had tests that verified everything was ok in case of future code changes.

@jdstrand
Contributor

jdstrand commented Nov 15, 2017
Edited 1 time

@albertodonato - I just realized that validateSocketAddrNetPort() is incomplete. Valid port range is 1-65535. It should be adjusted with tests for:

  • valid: 1, 1023, 1024, 65535 (we check 1023 and 1024 because that is the line between 'privileged ports' and 'unprivileged ports'-- snapd doesn't currently care, but if we decide to, the test is there as a cue
  • invalid: 0, 65536

It also occurred to me that the socket validation PR #3916 doesn't seem to account for two snaps requesting the same port. What will systemd do if:

  • two snaps request '8080'
  • one snap requests '8080', another requests 127.0.0.1:8080, another requests [::]:8080 and another [::1]:8080

snapd actually has everything it needs to make sure there are no conflicts there. I suggest this be fixed up in a followup PR. @mvo5, what do you think?
@jdstrand

jdstrand requested changes Nov 15, 2017
View changes

See my last comment wrt port ranges for this PR. Port conflicts are a larger issue and should be handled separately.

@albertodonato
snap/validate: add port range validation 
Signed-off-by: Alberto Donato <alberto.donato@gmail.com>
bad2cb4
@albertodonato
Contributor

albertodonato commented Nov 16, 2017

@jdstrand added port range validation
@zyga

zyga requested changes Nov 16, 2017
View changes

A few comments.

snap/info_snap_yaml_test.go
+ socket-mode: asdfasdf
+`)
+ _, err := snap.InfoFromSnapYaml(y)
+ c.Assert(err, NotNil)
@zyga

zyga Nov 16, 2017

Contributor

Nitpick: use ErrorMatches to highlight what this test is really checking.

@albertodonato

albertodonato Nov 16, 2017

Contributor

I compared the whole message, since I couldn't get the regexp to work

snap/validate.go
+// validateSocketmode checks that the socket mode is a valid file mode.
+func validateSocketMode(mode os.FileMode) error {
+ if mode > 0777 {
+ return fmt.Errorf("invalid socket mode: %04o", mode)
@zyga

zyga Nov 16, 2017

Contributor

how about cannot use socket mode ...?

@albertodonato

albertodonato Nov 16, 2017

Contributor

done

snap/validate.go
- return fmt.Errorf("socket %q has invalid %q port number %q", socket.Name, fieldName, port)
+ var val uint64
+ var err error
+ retErr := fmt.Errorf("socket %q has invalid %q port number %q", socket.Name, fieldName, port)
@zyga

zyga Nov 16, 2017

Contributor

invalid %q port number %q -- what will be the value of the first %q (field name)?

@albertodonato

albertodonato Nov 16, 2017

Contributor

it's the name of the field under validation, specifically "listen-stream"

snap/validate_test.go
+ app := createSampleApp()
+ app.Sockets["sock"].SocketMode = 1234
+ err := ValidateApp(app)
+ c.Assert(
@zyga

zyga Nov 16, 2017

Contributor

Formatting is weird here. Please put this on one line.

@albertodonato

albertodonato Nov 16, 2017

Contributor

done

@albertodonato
review comments 
Signed-off-by: Alberto Donato <alberto.donato@gmail.com>
cf12edd
@zyga

zyga approved these changes Nov 16, 2017
View changes

Thank you!

@mvo5 mvo5 merged commit cc0619a into snapcore:master Nov 16, 2017
1 check passed

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details

@albertodonato albertodonato deleted the albertodonato:socket-validation-extra-tests branch Nov 16, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment