diff options
| author | Patrick Venture <venture@google.com> | 2019-08-15 07:39:48 -0700 |
|---|---|---|
| committer | Patrick Venture <venture@google.com> | 2019-08-15 09:59:31 -0700 |
| commit | 097435fca7e52b7f6c9d7f26c8e247366e4e3ef5 (patch) | |
| tree | c3517bf067e741dcc3ceed8c2a8fd88ae256d092 /bmc | |
| parent | 69abbc6a6a483061e40e2dc68511dbf424a3b96a (diff) | |
| download | phosphor-ipmi-flash-097435fca7e52b7f6c9d7f26c8e247366e4e3ef5.tar.gz phosphor-ipmi-flash-097435fca7e52b7f6c9d7f26c8e247366e4e3ef5.zip | |
bmc: require blob ids to start with /flash/
Signed-off-by: Patrick Venture <venture@google.com>
Change-Id: Ib6a0db91d4e2ecd7e7cc3c51ddc1953d9fd8da3c
Diffstat (limited to 'bmc')
| -rw-r--r-- | bmc/buildjson.cpp | 9 | ||||
| -rw-r--r-- | bmc/test/firmware_json_unittest.cpp | 62 |
2 files changed, 71 insertions, 0 deletions
diff --git a/bmc/buildjson.cpp b/bmc/buildjson.cpp index 6f9c319..19a08a1 100644 --- a/bmc/buildjson.cpp +++ b/bmc/buildjson.cpp @@ -27,6 +27,7 @@ #include <fstream> #include <nlohmann/json.hpp> #include <phosphor-logging/log.hpp> +#include <regex> #include <sdbusplus/bus.hpp> #include <string> #include <vector> @@ -66,6 +67,14 @@ std::vector<HandlerConfig> buildHandlerFromJson(const nlohmann::json& data) /* at() throws an exception when the key is not present. */ item.at("blob").get_to(output.blobId); + /* name must be: /flash/... */ + if (!std::regex_match(output.blobId, std::regex("^\\/flash\\/.+"))) + { + throw std::runtime_error("Invalid blob name: '" + + output.blobId + + "' must start with /flash/"); + } + /* handler is required. */ const auto& h = item.at("handler"); const std::string handlerType = h.at("type"); diff --git a/bmc/test/firmware_json_unittest.cpp b/bmc/test/firmware_json_unittest.cpp index 66b9db9..bb2585d 100644 --- a/bmc/test/firmware_json_unittest.cpp +++ b/bmc/test/firmware_json_unittest.cpp @@ -301,6 +301,68 @@ TEST(FirmwareJsonTest, TwoConfigsOneInvalidReturnsValid) * TODO: Only allow unique handler blob paths (tested at a higher level). */ +TEST(FirmwareJsonTest, VerifyBlobNameMatches) +{ + /* A perfect configuration except the blob name doesn't start with "/flash/" + */ + auto j2 = R"( + [{ + "blob" : "bmc-image-flash", + "handler" : { + "type" : "file", + "path" : "/run/initramfs/bmc-image" + }, + "actions" : { + "preparation" : { + "type" : "systemd", + "unit" : "phosphor-ipmi-flash-bmc-prepare.target" + }, + "verification" : { + "type" : "fileSystemdVerify", + "unit" : "phosphor-ipmi-flash-bmc-verify.target", + "path" : "/tmp/bmc.verify" + }, + "update" : { + "type" : "reboot" + } + } + }] + )"_json; + + EXPECT_THAT(buildHandlerFromJson(j2), IsEmpty()); +} + +TEST(FirmwareJsonTest, VerifyMinimumBlobNameLength) +{ + /* A perfect configuration except the blob name is effectively zero length. + */ + auto j2 = R"( + [{ + "blob" : "/flash/", + "handler" : { + "type" : "file", + "path" : "/run/initramfs/bmc-image" + }, + "actions" : { + "preparation" : { + "type" : "systemd", + "unit" : "phosphor-ipmi-flash-bmc-prepare.target" + }, + "verification" : { + "type" : "fileSystemdVerify", + "unit" : "phosphor-ipmi-flash-bmc-verify.target", + "path" : "/tmp/bmc.verify" + }, + "update" : { + "type" : "reboot" + } + } + }] + )"_json; + + EXPECT_THAT(buildHandlerFromJson(j2), IsEmpty()); +} + TEST(FirmwareJsonTest, VerifySystemdWithReboot) { auto j2 = R"( |
