From dd9fa2841fcb5983b4ea845d5f9dc1b635d8dd18 Mon Sep 17 00:00:00 2001 From: Paul Cristian Sarbu Date: Fri, 16 May 2025 17:35:41 +0200 Subject: Executor: Check validity of action outputs in compatible mode This ensures that any entries that the standard remote execution protocol accepts but are invalid in justbuild, i.e., upwards symlinks, are rejected. For this purpose, do not fail in the action response instances, just perform the check there, as all required information is available, and set a flag that the executor can check as needed. --- .../execution_engine/executor/executor.hpp | 25 ++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) (limited to 'src/buildtool/execution_engine/executor/executor.hpp') diff --git a/src/buildtool/execution_engine/executor/executor.hpp b/src/buildtool/execution_engine/executor/executor.hpp index cfdbf9fc..2d86a405 100644 --- a/src/buildtool/execution_engine/executor/executor.hpp +++ b/src/buildtool/execution_engine/executor/executor.hpp @@ -237,9 +237,30 @@ class ExecutorImpl { // set action options remote_action->SetCacheFlag(cache_flag); remote_action->SetTimeout(timeout); + + // execute action auto result = remote_action->Execute(&logger); - if (alternative_api) { - if (result) { + + // process result + if (result) { + // in compatible mode, check that all artifacts are valid + if (not ProtocolTraits::IsNative(api.GetHashType())) { + auto upwards_symlinks_check = result->HasUpwardsSymlinks(); + if (not upwards_symlinks_check) { + logger.Emit(LogLevel::Error, + upwards_symlinks_check.error()); + return nullptr; + } + if (upwards_symlinks_check.value()) { + logger.Emit( + LogLevel::Error, + "Executed action produced invalid outputs -- " + "upwards symlinks"); + return nullptr; + } + } + // if alternative endpoint used, transfer any missing blobs + if (alternative_api) { auto const artifacts = result->Artifacts(); if (not artifacts) { logger.Emit(LogLevel::Error, artifacts.error()); -- cgit v1.2.3