Merge pull request #97 from cosmwasm/stricter-build-checks

Stricter build checks
2020-03-02 16:21:59 +01:00 · 2020-03-02 16:21:59 +01:00 · 38080d2465
parent e5fbd5d2ff b5601c8ec7
commit 38080d2465
3 changed files with 40 additions and 25 deletions
--- a/x/wasm/genesis_test.go
+++ b/x/wasm/genesis_test.go
@ -71,7 +71,7 @@ func TestInitGenesis(t *testing.T) {
 		Sender:       creator,
 		WASMByteCode: testContract,
 		Source:       "https://github.com/cosmwasm/wasmd/blob/master/x/wasm/testdata/escrow.wasm",
-		Builder:      "cosmwasm-opt:0.5.2",
+		Builder:      "confio/cosmwasm-opt:0.7.0",
 	}
 	err = msg.ValidateBasic()
 	require.NoError(t, err)
--- a/x/wasm/internal/types/msg.go
+++ b/x/wasm/internal/types/msg.go
@ -15,8 +15,10 @@ const (
 	// MaxLabelSize is the longest label that can be used when Instantiating a contract
 	MaxLabelSize = 128

-	// BuildTagRegexp is a docker image regexp. We remove support for non-standard registries for simplicity.
-	// https://docs.docker.com/engine/reference/commandline/tag/#extended-description
+	// BuildTagRegexp is a docker image regexp.
+	// We only support max 128 characters, with at least one organization name (subset of all legal names).
+	//
+	// Details from https://docs.docker.com/engine/reference/commandline/tag/#extended-description :
 	//
 	// An image name is made up of slash-separated name components (optionally prefixed by a registry hostname).
 	// Name components may contain lowercase characters, digits and separators.
@ -24,7 +26,9 @@ const (
 	//
 	// A tag name must be valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes.
 	// A tag name may not start with a period or a dash and may contain a maximum of 128 characters.
-	BuildTagRegexp = "^[a-z0-9][a-z0-9._-]*[a-z0-9](/[a-z0-9][a-z0-9._-]*[a-z0-9])*:[a-zA-Z0-9_][a-zA-Z0-9_.-]{0,127}$"
+	BuildTagRegexp = "^[a-z0-9][a-z0-9._-]*[a-z0-9](/[a-z0-9][a-z0-9._-]*[a-z0-9])+:[a-zA-Z0-9_][a-zA-Z0-9_.-]*$"
+
+	MaxBuildTagSize = 128
 )

 type MsgStoreCode struct {
@ -71,14 +75,7 @@ func (msg MsgStoreCode) ValidateBasic() error {
 		}
 	}

-	if msg.Builder != "" {
-		ok, err := regexp.MatchString(BuildTagRegexp, msg.Builder)
-		if err != nil || !ok {
-			return sdkerrors.Wrap(sdkerrors.ErrInvalidRequest, "invalid tag supplied for builder")
-		}
-	}
-
-	return nil
+	return validateBuilder(msg.Builder)
 }

 func (msg MsgStoreCode) GetSignBytes() []byte {
@ -89,6 +86,21 @@ func (msg MsgStoreCode) GetSigners() []sdk.AccAddress {
 	return []sdk.AccAddress{msg.Sender}
 }

+func validateBuilder(buildTag string) error {
+	if len(buildTag) > MaxBuildTagSize {
+		return sdkerrors.Wrap(sdkerrors.ErrInvalidRequest, "builder tag longer than 128 characters")
+	}
+
+	if buildTag != "" {
+		ok, err := regexp.MatchString(BuildTagRegexp, buildTag)
+		if err != nil || !ok {
+			return sdkerrors.Wrap(sdkerrors.ErrInvalidRequest, "invalid tag supplied for builder")
+		}
+	}
+
+	return nil
+}
+
 type MsgInstantiateContract struct {
 	Sender    sdk.AccAddress  `json:"sender" yaml:"sender"`
 	Code      uint64          `json:"code_id" yaml:"code_id"`
--- a/x/wasm/internal/types/msg_test.go
+++ b/x/wasm/internal/types/msg_test.go
@ -1,8 +1,6 @@
 package types

 import (
-	"fmt"
-	"regexp"
 	"strings"
 	"testing"

@ -12,22 +10,27 @@ import (
 )

 func TestBuilderRegexp(t *testing.T) {
-	cases := []struct {
+	cases := map[string]struct {
 		example string
 		valid   bool
 	}{
-		{"fedora/httpd:version1.0", true},
-		{"cosmwasm-opt:0.6.3", true},
-		{"cosmwasm-opt-:0.6.3", false},
-		{"confio/js-builder-1:test", true},
-		{"confio/.builder-1:manual", false},
+		"normal":                {"fedora/httpd:version1.0", true},
+		"another valid org":     {"confio/js-builder-1:test", true},
+		"no org name":           {"cosmwasm-opt:0.6.3", false},
+		"invalid trailing char": {"someone/cosmwasm-opt-:0.6.3", false},
+		"invalid leading char":  {"confio/.builder-1:manual", false},
+		"multiple orgs":         {"confio/assembly-script/optimizer:v0.9.1", true},
+		"too long":              {"over-128-character-limit/some-long-sub-path/and-yet-another-long-name/testtesttesttesttesttesttest/foobarfoobar/foobarfoobar:randomstringrandomstringrandomstringrandomstring", false},
 	}

-	for i, tc := range cases {
-		t.Run(fmt.Sprintf("case %d", i), func(t *testing.T) {
-			ok, err := regexp.MatchString(BuildTagRegexp, tc.example)
-			assert.NoError(t, err)
-			assert.Equal(t, tc.valid, ok)
+	for name, tc := range cases {
+		t.Run(name, func(t *testing.T) {
+			err := validateBuilder(tc.example)
+			if tc.valid {
+				assert.NoError(t, err)
+			} else {
+				assert.Error(t, err)
+			}
 		})

 	}