mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-24 21:31:04 +00:00
Bug 1761537: Use yaml BaseLoader instead of SafeLoader to ensure everything is a string r=jewilde
I believe this is safe because from what I've been able to find SafeLoader is FullLoader but without the bad stuff that lets you execute arbitrary python code. We don't need (nor want) the more comlpicated data types like 'dates' and 'numbers' so we can use BaseLoader which does nothing except treat everything as a string. Depends on D142125 Differential Revision: https://phabricator.services.mozilla.com/D142126
This commit is contained in:
Tom Ritter
parent
63cb2cc07b
commit
41003c553b
@ -32,7 +32,7 @@ class TestManifest(unittest.TestCase):
|
||||
# ===========================================================================================
|
||||
def test_simple(self):
|
||||
simple_dict = {
|
||||
"schema": 1,
|
||||
"schema": "1",
|
||||
"origin": {
|
||||
"description": "2D Graphics Library",
|
||||
"license": ["MPL-1.1", "LGPL-2.1"],
|
||||
@ -92,7 +92,7 @@ bugzilla:
|
||||
[
|
||||
(
|
||||
{
|
||||
"schema": 1,
|
||||
"schema": "1",
|
||||
"origin": {
|
||||
"description": "2D Graphics Library",
|
||||
"license": ["MPL-1.1", "LGPL-2.1"],
|
||||
@ -130,7 +130,45 @@ updatebot:
|
||||
# -------------------------------------------------
|
||||
(
|
||||
{
|
||||
"schema": 1,
|
||||
"schema": "1",
|
||||
"origin": {
|
||||
"description": "2D Graphics Library",
|
||||
"license": ["MPL-1.1", "LGPL-2.1"],
|
||||
"name": "cairo",
|
||||
"release": "version 1.6.4",
|
||||
"revision": "001122334455",
|
||||
"url": "https://www.cairographics.org/",
|
||||
},
|
||||
"bugzilla": {"component": "Graphics", "product": "Core"},
|
||||
"updatebot": {
|
||||
"maintainer-phab": "tjr",
|
||||
"maintainer-bz": "a@example.com",
|
||||
},
|
||||
},
|
||||
b"""
|
||||
---
|
||||
schema: 1
|
||||
origin:
|
||||
name: cairo
|
||||
description: 2D Graphics Library
|
||||
url: https://www.cairographics.org/
|
||||
release: version 1.6.4
|
||||
license:
|
||||
- MPL-1.1
|
||||
- LGPL-2.1
|
||||
revision: 001122334455
|
||||
bugzilla:
|
||||
product: Core
|
||||
component: Graphics
|
||||
updatebot:
|
||||
maintainer-phab: tjr
|
||||
maintainer-bz: a@example.com
|
||||
""".strip(),
|
||||
),
|
||||
# -------------------------------------------------
|
||||
(
|
||||
{
|
||||
"schema": "1",
|
||||
"origin": {
|
||||
"description": "2D Graphics Library",
|
||||
"license": ["MPL-1.1", "LGPL-2.1"],
|
||||
@ -181,7 +219,7 @@ updatebot:
|
||||
# -------------------------------------------------
|
||||
(
|
||||
{
|
||||
"schema": 1,
|
||||
"schema": "1",
|
||||
"origin": {
|
||||
"description": "2D Graphics Library",
|
||||
"license": ["MPL-1.1", "LGPL-2.1"],
|
||||
@ -250,7 +288,7 @@ updatebot:
|
||||
# -------------------------------------------------
|
||||
(
|
||||
{
|
||||
"schema": 1,
|
||||
"schema": "1",
|
||||
"origin": {
|
||||
"description": "2D Graphics Library",
|
||||
"license": ["MPL-1.1", "LGPL-2.1"],
|
||||
@ -773,7 +811,7 @@ updatebot:
|
||||
[
|
||||
(
|
||||
{
|
||||
"schema": 1,
|
||||
"schema": "1",
|
||||
"origin": {
|
||||
"description": "2D Graphics Library",
|
||||
"license": ["MPL-1.1", "LGPL-2.1"],
|
||||
|
||||
24
python/mozbuild/mozbuild/vendor/moz_yaml.py
vendored
24
python/mozbuild/mozbuild/vendor/moz_yaml.py
vendored
@ -290,7 +290,7 @@ def load_moz_yaml(filename, verify=True, require_license_file=True):
|
||||
# Load and parse YAML.
|
||||
try:
|
||||
with open(filename, "r") as f:
|
||||
manifest = yaml.safe_load(f)
|
||||
manifest = yaml.load(f, Loader=yaml.BaseLoader)
|
||||
except IOError as e:
|
||||
if e.errno == errno.ENOENT:
|
||||
raise MozYamlVerifyError(filename, "Failed to find manifest: %s" % filename)
|
||||
@ -304,15 +304,17 @@ def load_moz_yaml(filename, verify=True, require_license_file=True):
|
||||
# Verify schema.
|
||||
if "schema" not in manifest:
|
||||
raise MozYamlVerifyError(filename, 'Missing manifest "schema"')
|
||||
if manifest["schema"] == 1:
|
||||
if manifest["schema"] == "1":
|
||||
schema = _schema_1()
|
||||
schema_additional = _schema_1_additional
|
||||
schema_transform = _schema_1_transform
|
||||
else:
|
||||
raise MozYamlVerifyError(filename, "Unsupported manifest schema")
|
||||
|
||||
try:
|
||||
schema(manifest)
|
||||
schema_additional(filename, manifest, require_license_file=require_license_file)
|
||||
manifest = schema_transform(manifest)
|
||||
except (voluptuous.Error, ValueError) as e:
|
||||
raise MozYamlVerifyError(filename, e)
|
||||
|
||||
@ -359,7 +361,7 @@ def _schema_1():
|
||||
"""Returns Voluptuous Schema object."""
|
||||
return Schema(
|
||||
{
|
||||
Required("schema"): 1,
|
||||
Required("schema"): "1",
|
||||
Required("bugzilla"): {
|
||||
Required("product"): All(str, Length(min=1)),
|
||||
Required("component"): All(str, Length(min=1)),
|
||||
@ -521,6 +523,22 @@ def _schema_1_additional(filename, manifest, require_license_file=True):
|
||||
update_moz_yaml(filename, "", "", verify=False, write=True)
|
||||
|
||||
|
||||
# Do type conversion for the few things that need it.
|
||||
# Everythig is parsed as a string to (a) not cause problems with revisions that
|
||||
# are only numerals and (b) not strip leading zeros from the numbers if we just
|
||||
# converted them to string
|
||||
def _schema_1_transform(manifest):
|
||||
if "updatebot" in manifest:
|
||||
if "tasks" in manifest["updatebot"]:
|
||||
for i in range(len(manifest["updatebot"]["tasks"])):
|
||||
if "enabled" in manifest["updatebot"]["tasks"][i]:
|
||||
val = manifest["updatebot"]["tasks"][i]["enabled"]
|
||||
manifest["updatebot"]["tasks"][i]["enabled"] = (
|
||||
val.lower() == "true" or val.lower() == "yes"
|
||||
)
|
||||
return manifest
|
||||
|
||||
|
||||
class UpdateActions(object):
|
||||
"""Voluptuous validator which verifies the update actions(s) are valid."""
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user