diff options
| author | Paul Cristian Sarbu <paul.cristian.sarbu@huawei.com> | 2024-09-11 16:56:11 +0200 |
|---|---|---|
| committer | Paul Cristian Sarbu <paul.cristian.sarbu@huawei.com> | 2024-09-16 10:01:34 +0200 |
| commit | 981ff03fb9bd229406c49f2c2f9837298f8fd878 (patch) | |
| tree | 5cf6400a4835f9553bdb726db7382d98b5296959 /src/buildtool/execution_api/execution_service/execution_server.cpp | |
| parent | e55a09d01d4daad62f366f01b443585e373c4266 (diff) | |
| download | justbuild-981ff03fb9bd229406c49f2c2f9837298f8fd878.tar.gz | |
remote execution: Check validity of symlinks
Invalid entries, currently all upwards symlinks (pending
implementation of a better way of handling them), are now
identified and handled properly: in compatible mode on the client
side, during handling of remote response, and in native mode on
the server side during the population of the action result.
Diffstat (limited to 'src/buildtool/execution_api/execution_service/execution_server.cpp')
| -rw-r--r-- | src/buildtool/execution_api/execution_service/execution_server.cpp | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/src/buildtool/execution_api/execution_service/execution_server.cpp b/src/buildtool/execution_api/execution_service/execution_server.cpp index d59eb91f..cbf61edd 100644 --- a/src/buildtool/execution_api/execution_service/execution_server.cpp +++ b/src/buildtool/execution_api/execution_service/execution_server.cpp @@ -22,12 +22,14 @@ #include "fmt/core.h" #include "src/buildtool/common/artifact_digest.hpp" #include "src/buildtool/common/artifact_digest_factory.hpp" +#include "src/buildtool/common/protocol_traits.hpp" #include "src/buildtool/execution_api/execution_service/operation_cache.hpp" #include "src/buildtool/execution_api/local/local_cas_reader.hpp" #include "src/buildtool/file_system/file_system_manager.hpp" #include "src/buildtool/logging/log_level.hpp" #include "src/buildtool/storage/garbage_collector.hpp" #include "src/utils/cpp/hex_string.hpp" +#include "src/utils/cpp/path.hpp" namespace { void UpdateTimeStamp( @@ -284,15 +286,21 @@ namespace { ::bazel_re::OutputDirectory out_dir{}; *(out_dir.mutable_path()) = std::move(path); + LocalCasReader reader(&storage.CAS()); if (ProtocolTraits::IsNative(storage.GetHashFunction().GetType())) { - // In native mode: Set the directory digest directly. + // In native mode: Check validity of tree entries, otherwise set the + // digest directly. + if (not reader.ReadGitTree(digest)) { + auto const error = fmt::format( + "Found invalid entry in the Git Tree {}", digest.hash()); + return unexpected{error}; + } (*out_dir.mutable_tree_digest()) = ArtifactDigestFactory::ToBazel(digest); } else { // In compatible mode: Create a tree digest from directory // digest on the fly and set tree digest. - LocalCasReader reader(&storage.CAS()); auto const tree = reader.MakeTree(digest); if (not tree) { return unexpected{fmt::format("Failed to build bazel Tree for {}", @@ -333,6 +341,13 @@ namespace { "Failed to read the symlink content for {}", digest.hash())}; } + // in native mode, check that we do not pass invalid symlinks + if (ProtocolTraits::IsNative(storage.GetHashFunction().GetType()) and + not PathIsNonUpwards(*content)) { + auto const error = fmt::format("Invalid symlink for {}", digest.hash()); + return unexpected{error}; + } + *(out_link.mutable_target()) = *std::move(content); return std::move(out_link); } |