-
Notifications
You must be signed in to change notification settings - Fork 59
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Fixed JSON validation schema for trust data #75
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
we might want to push this to develop as it fails for bandit due to known issues fixed on develop. Could do a standard release tomorrow afternoon
connaisseur/res/snapshot_schema.json
Outdated
@@ -20,7 +20,7 @@ | |||
"meta": { | |||
"type": "object", | |||
"patternProperties": { | |||
"^(root|targets(\/\\w*)?)$": { | |||
"^(root|targets(\/[\\w_:\\.-]*)?)$": { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is this the spec?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
According to the spec, it can be any string. https://github.com/theupdateframework/tuf/blob/f7695dace85444041489b83d5a66cd39c761bbd6/tuf/formats.py#L113
So i guess i'll change it to "^(root|targets(\/.*)?)$"
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We definitely should exempt some characters, like /
(i.e. [^/]
) or null bytes. I clearly vote for listing allowed characters explicitly and not use .
though, otherwise you must be very certain to have thought of all characters to exempt.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok so back to \w_:\.-
? these are all that came to my mind
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would say so. We could add +
, ;
, ~
and the like, but I wouldn't assume anyone does that. What do others think? @annekebr @Starkteetje
Also, \w
includes _
, and .
does not need to be escaped when inside []
. (Inside a character class, each character stands for itself, except \w
and the like, and -
which denotes ranges unless it appears at the beginning or end of the character class.)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
AnyString allows whitespace, so we certainly dont want that
Doing docker trust key generate something
I get
key name "hallo du" must start with lowercase alphanumeric characters and can include "-" or "_" after the first character
key name "hallo++du" must start with lowercase alphanumeric characters and can include "-" or "_" after the first character
key name "halloDu" must start with lowercase alphanumeric characters and can include "-" or "_" after the first character
so I guess, dash and underscore are sufficient in addition to lowercase alphanum
connaisseur/res/targets_schema.json
Outdated
@@ -75,7 +75,7 @@ | |||
}, | |||
"name": { | |||
"type": "string", | |||
"pattern": "^targets\/\\w*$" | |||
"pattern": "^targets\/[\\w_:\\.-]*$" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
see above
d1a16c3
to
65b5c0d
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
see my code comment
bb117cb
to
ffe58f8
Compare
The JSON validation schema for the trust data doesn't allow special characters like '-' in delegation names, thus failing the validation even though it should be valid. This has been fixed. fixes #74
ffe58f8
to
544e820
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm!
The JSON validation schema for the trust data doesn't allow special characters like '-' in delegation names, thus failing the validation even though it should be valid. This has been fixed.
fixes #74