github.com/meulengracht/snapd@v0.0.0-20210719210640-8bde69bcc84e/kernel/validate.go

github.com/meulengracht/snapd@v0.0.0-20210719210640-8bde69bcc84e/kernel/validate.go (about)

     1  // -*- Mode: Go; indent-tabs-mode: t -*-
     2  
     3  /*
     4   * Copyright (C) 2020 Canonical Ltd
     5   *
     6   * This program is free software: you can redistribute it and/or modify
     7   * it under the terms of the GNU General Public License version 3 as
     8   * published by the Free Software Foundation.
     9   *
    10   * This program is distributed in the hope that it will be useful,
    11   * but WITHOUT ANY WARRANTY; without even the implied warranty of
    12   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13   * GNU General Public License for more details.
    14   *
    15   * You should have received a copy of the GNU General Public License
    16   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
    17   *
    18   */
    19  
    20  package kernel
    21  
    22  import (
    23  	"fmt"
    24  	"path/filepath"
    25  	"strings"
    26  
    27  	"github.com/snapcore/snapd/osutil"
    28  )
    29  
    30  func validateAssetsContent(kernelRoot string, info *Info) error {
    31  	// bare structure content is checked to exist during layout
    32  	// make sure that filesystem content source paths exist as well
    33  	for name, as := range info.Assets {
    34  		for _, assetContent := range as.Content {
    35  			c := assetContent
    36  			// a single trailing / is allowed and indicates a directory
    37  			isDir := strings.HasSuffix(c, "/")
    38  			if isDir {
    39  				c = strings.TrimSuffix(c, "/")
    40  			}
    41  			if filepath.Clean(c) != c || strings.Contains(c, "..") || c == "/" {
    42  				return fmt.Errorf("asset %q: invalid content %q", name, assetContent)
    43  			}
    44  			realSource := filepath.Join(kernelRoot, c)
    45  			if !osutil.FileExists(realSource) {
    46  				return fmt.Errorf("asset %q: content %q source path does not exist", name, assetContent)
    47  			}
    48  			if isDir {
    49  				// expecting a directory
    50  				if !osutil.IsDirectory(realSource + "/") {
    51  					return fmt.Errorf("asset %q: content %q is not a directory", name, assetContent)
    52  				}
    53  			}
    54  		}
    55  	}
    56  	return nil
    57  }
    58  
    59  // Validate checks whether the given directory contains valid kernel snap
    60  // metadata and a matching content.
    61  func Validate(kernelRoot string) error {
    62  	info, err := ReadInfo(kernelRoot)
    63  	if err != nil {
    64  		return fmt.Errorf("invalid kernel metadata: %v", err)
    65  	}
    66  
    67  	if err := validateAssetsContent(kernelRoot, info); err != nil {
    68  		return err
    69  	}
    70  
    71  	return nil
    72  }