cosmos-sdk/x/upgrade/plan/info.go

package plan

import (
	"encoding/json"
	"errors"
	"fmt"
	neturl "net/url"
	"os"
	"path/filepath"
	"regexp"
	"strings"

	"github.com/cosmos/cosmos-sdk/internal/conv"
)

// Info is the special structure that the Plan.Info string can be (as json).
type Info struct {
	Binaries BinaryDownloadURLMap `json:"binaries"`
}

// BinaryDownloadURLMap is a map of os/architecture stings to a URL where the binary can be downloaded.
type BinaryDownloadURLMap map[string]string

// ParseInfo parses an info string into a map of os/arch strings to URL string.
// If the infoStr is a url, an GET request will be made to it, and its response will be parsed instead.
func ParseInfo(infoStr string) (*Info, error) {
	infoStr = strings.TrimSpace(infoStr)

	if len(infoStr) == 0 {
		return nil, errors.New("plan info must not be blank")
	}

	// If it's a url, download it and treat the result as the real info.
	if _, err := neturl.Parse(infoStr); err == nil {
		infoStr, err = DownloadURLWithChecksum(infoStr)
		if err != nil {
			return nil, err
		}
	}

	// Now, try to parse it into the expected structure.
	var planInfo Info
	if err := json.Unmarshal(conv.UnsafeStrToBytes(infoStr), &planInfo); err != nil {
		return nil, fmt.Errorf("could not parse plan info: %v", err)
	}

	return &planInfo, nil
}

// ValidateFull does all possible validation of this Info.
// The provided daemonName is the name of the executable file expected in all downloaded directories.
// It checks that:
//  * Binaries.ValidateBasic() doesn't return an error
//  * Binaries.CheckURLs(daemonName) doesn't return an error.
// Warning: This is an expensive process. See BinaryDownloadURLMap.CheckURLs for more info.
func (m Info) ValidateFull(daemonName string) error {
	if err := m.Binaries.ValidateBasic(); err != nil {
		return err
	}
	if err := m.Binaries.CheckURLs(daemonName); err != nil {
		return err
	}
	return nil
}

// ValidateBasic does stateless validation of this BinaryDownloadURLMap.
// It validates that:
//  * This has at least one entry.
//  * All entry keys have the format "os/arch" or are "any".
//  * All entry values are valid URLs.
//  * All URLs contain a checksum query parameter.
func (m BinaryDownloadURLMap) ValidateBasic() error {
	// Make sure there's at least one.
	if len(m) == 0 {
		return errors.New("no \"binaries\" entries found")
	}

	osArchRx := regexp.MustCompile(`[a-zA-Z0-9]+/[a-zA-Z0-9]+`)
	for key, val := range m {
		if key != "any" && !osArchRx.MatchString(key) {
			return fmt.Errorf("invalid os/arch format in key \"%s\"", key)
		}
		if err := ValidateIsURLWithChecksum(val); err != nil {
			return fmt.Errorf("invalid url \"%s\" in binaries[%s]: %v", val, key, err)
		}
	}

	return nil
}

// CheckURLs checks that all entries have valid URLs that return expected data.
// The provided daemonName is the name of the executable file expected in all downloaded directories.
// Warning: This is an expensive process.
// It will make an HTTP GET request to each URL and download the response.
func (m BinaryDownloadURLMap) CheckURLs(daemonName string) error {
	tempDir, err := os.MkdirTemp("", "os-arch-downloads")
	if err != nil {
		return fmt.Errorf("could not create temp directory: %w", err)
	}
	defer os.RemoveAll(tempDir)
	for osArch, url := range m {
		dstRoot := filepath.Join(tempDir, strings.ReplaceAll(osArch, "/", "-"))
		if err = DownloadUpgrade(dstRoot, url, daemonName); err != nil {
			return fmt.Errorf("error downloading binary for os/arch %s: %v", osArch, err)
		}
	}
	return nil
}
feat: Add upgrade proposal plan validation to CLI (#10379) <!-- The default pull request template is for types feat, fix, or refactor. For other templates, add one of the following parameters to the url: - template=docs.md - template=other.md --> ## Description Closes: #10286 When submitting a software upgrade proposal (e.g. `$DAEMON tx gov submit-proposal software-upgrade`) * Validate the plan info by default. * Add flag `--no-validate` to allow skipping that validation. * Add flag `--daemon-name` to designate the executable name (needed for validation). * The daemon name comes first from the `--daemon-name` flag. If that's not provided, it looks for a `DAEMON_NAME` environment variable (to match what's used by Cosmovisor). If that's not set, the name of the currently running executable is used. Things that are validated: * The plan info cannot be empty or blank. * If the plan info is a url: * It must have a `checksum` query parameter. * It must return properly formatted plan info JSON. * The `checksum` is correct. * If the plan info is not a url: * It must be propery formatted plan info JSON. * There is at least one entry in the `binaries` field. * The keys of the `binaries` field are either "any" or in the format of "os/arch". * All URLs contain a `checksum` query parameter. * Each URL contains a usable response. * The `checksum` is correct for each URL. Note: With this change, either a valid `--upgrade-info` will need to be provided, or else `--no-validate` must be provided. If no `--upgrade-info` is given, a validation error is returned. --- ### Author Checklist All items are required. Please add a note to the item if the item is not applicable and please add links to any relevant follow up issues. I have... - [x] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] ~~added `!` to the type prefix if API or client breaking change~~ _N/A_ - [x] targeted the correct branch (see [PR Targeting](https://github.com/cosmos/cosmos-sdk/blob/master/CONTRIBUTING.md#pr-targeting)) - [x] provided a link to the relevant issue or specification - [x] followed the guidelines for [building modules](https://github.com/cosmos/cosmos-sdk/blob/master/docs/building-modules) - [x] included the necessary unit and integration [tests](https://github.com/cosmos/cosmos-sdk/blob/master/CONTRIBUTING.md#testing) - [x] added a changelog entry to `CHANGELOG.md` - [x] included comments for [documenting Go code](https://blog.golang.org/godoc) - [ ] updated the relevant documentation or specification - [ ] reviewed "Files changed" and left comments if necessary - [x] confirmed all CI checks have passed ### Reviewers Checklist All items are required. Please add a note if the item is not applicable and please add your handle next to the items reviewed if you only reviewed selected items. I have... - [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] confirmed `!` in the type prefix if API or client breaking change - [ ] confirmed all author checklist items have been addressed - [ ] reviewed state machine logic - [ ] reviewed API design and naming - [ ] reviewed documentation is accurate - [ ] reviewed tests and test coverage - [ ] manually tested (if applicable) 2021-11-12 09:44:33 -08:00			`package plan`

			`import (`
			`"encoding/json"`
			`"errors"`
			`"fmt"`
			`neturl "net/url"`
			`"os"`
			`"path/filepath"`
			`"regexp"`
			`"strings"`
perf: x/*: remove unnecessary byte<->string conversions in fmt and read-only bytes (#10739) 2021-12-11 15:04:38 -08:00
			`"github.com/cosmos/cosmos-sdk/internal/conv"`
feat: Add upgrade proposal plan validation to CLI (#10379) <!-- The default pull request template is for types feat, fix, or refactor. For other templates, add one of the following parameters to the url: - template=docs.md - template=other.md --> ## Description Closes: #10286 When submitting a software upgrade proposal (e.g. `$DAEMON tx gov submit-proposal software-upgrade`) * Validate the plan info by default. * Add flag `--no-validate` to allow skipping that validation. * Add flag `--daemon-name` to designate the executable name (needed for validation). * The daemon name comes first from the `--daemon-name` flag. If that's not provided, it looks for a `DAEMON_NAME` environment variable (to match what's used by Cosmovisor). If that's not set, the name of the currently running executable is used. Things that are validated: * The plan info cannot be empty or blank. * If the plan info is a url: * It must have a `checksum` query parameter. * It must return properly formatted plan info JSON. * The `checksum` is correct. * If the plan info is not a url: * It must be propery formatted plan info JSON. * There is at least one entry in the `binaries` field. * The keys of the `binaries` field are either "any" or in the format of "os/arch". * All URLs contain a `checksum` query parameter. * Each URL contains a usable response. * The `checksum` is correct for each URL. Note: With this change, either a valid `--upgrade-info` will need to be provided, or else `--no-validate` must be provided. If no `--upgrade-info` is given, a validation error is returned. --- ### Author Checklist All items are required. Please add a note to the item if the item is not applicable and please add links to any relevant follow up issues. I have... - [x] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] ~~added `!` to the type prefix if API or client breaking change~~ _N/A_ - [x] targeted the correct branch (see [PR Targeting](https://github.com/cosmos/cosmos-sdk/blob/master/CONTRIBUTING.md#pr-targeting)) - [x] provided a link to the relevant issue or specification - [x] followed the guidelines for [building modules](https://github.com/cosmos/cosmos-sdk/blob/master/docs/building-modules) - [x] included the necessary unit and integration [tests](https://github.com/cosmos/cosmos-sdk/blob/master/CONTRIBUTING.md#testing) - [x] added a changelog entry to `CHANGELOG.md` - [x] included comments for [documenting Go code](https://blog.golang.org/godoc) - [ ] updated the relevant documentation or specification - [ ] reviewed "Files changed" and left comments if necessary - [x] confirmed all CI checks have passed ### Reviewers Checklist All items are required. Please add a note if the item is not applicable and please add your handle next to the items reviewed if you only reviewed selected items. I have... - [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] confirmed `!` in the type prefix if API or client breaking change - [ ] confirmed all author checklist items have been addressed - [ ] reviewed state machine logic - [ ] reviewed API design and naming - [ ] reviewed documentation is accurate - [ ] reviewed tests and test coverage - [ ] manually tested (if applicable) 2021-11-12 09:44:33 -08:00			`)`

			`// Info is the special structure that the Plan.Info string can be (as json).`
			`type Info struct {`
			Binaries BinaryDownloadURLMap `json:"binaries"`
			`}`

			`// BinaryDownloadURLMap is a map of os/architecture stings to a URL where the binary can be downloaded.`
			`type BinaryDownloadURLMap map[string]string`

			`// ParseInfo parses an info string into a map of os/arch strings to URL string.`
			`// If the infoStr is a url, an GET request will be made to it, and its response will be parsed instead.`
			`func ParseInfo(infoStr string) (*Info, error) {`
			`infoStr = strings.TrimSpace(infoStr)`

			`if len(infoStr) == 0 {`
			`return nil, errors.New("plan info must not be blank")`
			`}`

			`// If it's a url, download it and treat the result as the real info.`
			`if _, err := neturl.Parse(infoStr); err == nil {`
			`infoStr, err = DownloadURLWithChecksum(infoStr)`
			`if err != nil {`
			`return nil, err`
			`}`
			`}`

			`// Now, try to parse it into the expected structure.`
			`var planInfo Info`
perf: x/*: remove unnecessary byte<->string conversions in fmt and read-only bytes (#10739) 2021-12-11 15:04:38 -08:00			`if err := json.Unmarshal(conv.UnsafeStrToBytes(infoStr), &planInfo); err != nil {`
feat: Add upgrade proposal plan validation to CLI (#10379) <!-- The default pull request template is for types feat, fix, or refactor. For other templates, add one of the following parameters to the url: - template=docs.md - template=other.md --> ## Description Closes: #10286 When submitting a software upgrade proposal (e.g. `$DAEMON tx gov submit-proposal software-upgrade`) * Validate the plan info by default. * Add flag `--no-validate` to allow skipping that validation. * Add flag `--daemon-name` to designate the executable name (needed for validation). * The daemon name comes first from the `--daemon-name` flag. If that's not provided, it looks for a `DAEMON_NAME` environment variable (to match what's used by Cosmovisor). If that's not set, the name of the currently running executable is used. Things that are validated: * The plan info cannot be empty or blank. * If the plan info is a url: * It must have a `checksum` query parameter. * It must return properly formatted plan info JSON. * The `checksum` is correct. * If the plan info is not a url: * It must be propery formatted plan info JSON. * There is at least one entry in the `binaries` field. * The keys of the `binaries` field are either "any" or in the format of "os/arch". * All URLs contain a `checksum` query parameter. * Each URL contains a usable response. * The `checksum` is correct for each URL. Note: With this change, either a valid `--upgrade-info` will need to be provided, or else `--no-validate` must be provided. If no `--upgrade-info` is given, a validation error is returned. --- ### Author Checklist All items are required. Please add a note to the item if the item is not applicable and please add links to any relevant follow up issues. I have... - [x] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] ~~added `!` to the type prefix if API or client breaking change~~ _N/A_ - [x] targeted the correct branch (see [PR Targeting](https://github.com/cosmos/cosmos-sdk/blob/master/CONTRIBUTING.md#pr-targeting)) - [x] provided a link to the relevant issue or specification - [x] followed the guidelines for [building modules](https://github.com/cosmos/cosmos-sdk/blob/master/docs/building-modules) - [x] included the necessary unit and integration [tests](https://github.com/cosmos/cosmos-sdk/blob/master/CONTRIBUTING.md#testing) - [x] added a changelog entry to `CHANGELOG.md` - [x] included comments for [documenting Go code](https://blog.golang.org/godoc) - [ ] updated the relevant documentation or specification - [ ] reviewed "Files changed" and left comments if necessary - [x] confirmed all CI checks have passed ### Reviewers Checklist All items are required. Please add a note if the item is not applicable and please add your handle next to the items reviewed if you only reviewed selected items. I have... - [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] confirmed `!` in the type prefix if API or client breaking change - [ ] confirmed all author checklist items have been addressed - [ ] reviewed state machine logic - [ ] reviewed API design and naming - [ ] reviewed documentation is accurate - [ ] reviewed tests and test coverage - [ ] manually tested (if applicable) 2021-11-12 09:44:33 -08:00			`return nil, fmt.Errorf("could not parse plan info: %v", err)`
			`}`

			`return &planInfo, nil`
			`}`

			`// ValidateFull does all possible validation of this Info.`
			`// The provided daemonName is the name of the executable file expected in all downloaded directories.`
			`// It checks that:`
			`// * Binaries.ValidateBasic() doesn't return an error`
			`// * Binaries.CheckURLs(daemonName) doesn't return an error.`
			`// Warning: This is an expensive process. See BinaryDownloadURLMap.CheckURLs for more info.`
			`func (m Info) ValidateFull(daemonName string) error {`
			`if err := m.Binaries.ValidateBasic(); err != nil {`
			`return err`
			`}`
			`if err := m.Binaries.CheckURLs(daemonName); err != nil {`
			`return err`
			`}`
			`return nil`
			`}`

			`// ValidateBasic does stateless validation of this BinaryDownloadURLMap.`
			`// It validates that:`
			`// * This has at least one entry.`
			`// * All entry keys have the format "os/arch" or are "any".`
			`// * All entry values are valid URLs.`
			`// * All URLs contain a checksum query parameter.`
			`func (m BinaryDownloadURLMap) ValidateBasic() error {`
			`// Make sure there's at least one.`
			`if len(m) == 0 {`
			`return errors.New("no \"binaries\" entries found")`
			`}`

			osArchRx := regexp.MustCompile(`[a-zA-Z0-9]+/[a-zA-Z0-9]+`)
			`for key, val := range m {`
			`if key != "any" && !osArchRx.MatchString(key) {`
			`return fmt.Errorf("invalid os/arch format in key \"%s\"", key)`
			`}`
			`if err := ValidateIsURLWithChecksum(val); err != nil {`
			`return fmt.Errorf("invalid url \"%s\" in binaries[%s]: %v", val, key, err)`
			`}`
			`}`

			`return nil`
			`}`

			`// CheckURLs checks that all entries have valid URLs that return expected data.`
			`// The provided daemonName is the name of the executable file expected in all downloaded directories.`
			`// Warning: This is an expensive process.`
			`// It will make an HTTP GET request to each URL and download the response.`
			`func (m BinaryDownloadURLMap) CheckURLs(daemonName string) error {`
			`tempDir, err := os.MkdirTemp("", "os-arch-downloads")`
			`if err != nil {`
			`return fmt.Errorf("could not create temp directory: %w", err)`
			`}`
			`defer os.RemoveAll(tempDir)`
			`for osArch, url := range m {`
			`dstRoot := filepath.Join(tempDir, strings.ReplaceAll(osArch, "/", "-"))`
			`if err = DownloadUpgrade(dstRoot, url, daemonName); err != nil {`
			`return fmt.Errorf("error downloading binary for os/arch %s: %v", osArch, err)`
			`}`
			`}`
			`return nil`
			`}`