Don't allow a user to set the xmd.mbs field in their modulemd

2026-04-04 03:08:21 +08:00 · 2019-04-03 17:37:12 -04:00
parent f1480feec2
commit 1570db8a7e
4 changed files with 71 additions and 2 deletions
--- a/module_build_service/utils/submit.py
+++ b/module_build_service/utils/submit.py
@@ -291,6 +291,7 @@ def validate_mmd(mmd):
    :type mmd: Modulemd.Module
    :raises Forbidden: if metadata contains module repository but it is not
        allowed.
+    :raise ValidationError: if the xmd has the "mbs" key set.
    """
    for modname, mod in mmd.get_module_components().items():
        if mod.get_repository() and not conf.modules_allow_repository:
@@ -298,6 +299,9 @@ def validate_mmd(mmd):
                "Custom module repositories aren't allowed.  "
                "%r bears repository %r" % (modname, mod.get_repository()))

+    if 'mbs' in mmd.get_xmd():
+        raise ValidationError('The "mbs" xmd field is reserved for MBS')
+

 def merge_included_mmd(mmd, included_mmd):
    """
@@ -610,6 +614,8 @@ def submit_module_build(username, mmd, params):
        raise ValidationError(
            'You cannot build a module named "{}" since it is a base module'.format(mmd.get_name()))

+    validate_mmd(mmd)
+
    raise_if_stream_ambigous = False
    default_streams = {}
    # For local builds, we want the user to choose the exact stream using the default_streams
@@ -621,7 +627,6 @@ def submit_module_build(username, mmd, params):
        default_streams = params["default_streams"]
    _apply_dep_overrides(mmd, params)

-    validate_mmd(mmd)
    mmds = generate_expanded_mmds(db.session, mmd, raise_if_stream_ambigous, default_streams)
    if not mmds:
        raise ValidationError('No dependency combination was satisfied. Please verify the '
--- a/tests/staged_data/testmodule-forbidden-xmd.yaml
+++ b/tests/staged_data/testmodule-forbidden-xmd.yaml
@@ -0,0 +1,41 @@
+document: modulemd
+version: 1
+data:
+    summary: A test module in all its beautiful beauty
+    description: >-
+        This module demonstrates how to write simple modulemd files And
+        can be used for testing the build and release pipeline. ’
+    license:
+        module: [ MIT ]
+    dependencies:
+        buildrequires:
+            platform: f28
+        requires:
+            platform: f28
+    references:
+        community: https://docs.pagure.org/modularity/
+        documentation: https://fedoraproject.org/wiki/Fedora_Packaging_Guidelines_for_Modules
+    profiles:
+        default:
+            rpms:
+            - tangerine
+    api:
+        rpms:
+        - perl-Tangerine
+        - tangerine
+    components:
+        rpms:
+            perl-List-Compare:
+                rationale: A dependency of tangerine.
+                ref: master
+            perl-Tangerine:
+                rationale: Provides API for this module and is a dependency of tangerine.
+                ref: master
+            tangerine:
+                rationale: Provides API for this module.
+                buildorder: 10
+                ref: master
+    xmd:
+        mbs:
+            mse: true
+            trick_mbs: true
--- a/tests/test_utils/test_utils.py
+++ b/tests/test_utils/test_utils.py
@@ -815,7 +815,10 @@ class TestUtils:

        generate_expanded_mmds.return_value = [mmd1, mmd2]

-        builds = module_build_service.utils.submit_module_build("foo", mmd1, {})
+        # Create a copy of mmd1 without xmd.mbs, since that will cause validate_mmd to fail
+        mmd1_copy = Modulemd.Module.new_from_string(mmd1.dumps())
+        mmd1_copy.set_xmd({})
+        builds = module_build_service.utils.submit_module_build("foo", mmd1_copy, {})
        ret = {b.mmd().get_context(): b.state for b in builds}
        assert ret == {
            "c1": models.BUILD_STATES['ready'],
--- a/tests/test_views/test_views.py
+++ b/tests/test_views/test_views.py
@@ -1332,6 +1332,26 @@ class TestViews:
        }
        assert rv.status_code == 400

+    @patch('module_build_service.auth.get_user', return_value=user)
+    @patch('module_build_service.scm.SCM')
+    def test_submit_build_with_xmd(self, mocked_scm, mocked_get_user):
+        FakeSCM(mocked_scm, 'testmodule', 'testmodule-forbidden-xmd.yaml',
+                '620ec77321b2ea7b0d67d82992dda3e1d67055b4')
+
+        data = {
+            'branch': 'master',
+            'scmurl': 'https://src.stg.fedoraproject.org/modules/'
+                      'testmodule.git?#68931c90de214d9d13feefbd35246a81b6cb8d49',
+        }
+        rv = self.client.post('/module-build-service/1/module-builds/', data=json.dumps(data))
+        result = json.loads(rv.data)
+        assert result == {
+            'error': 'Bad Request',
+            'status': 400,
+            'message': 'The "mbs" xmd field is reserved for MBS'
+        }
+        assert rv.status_code == 400
+
    @pytest.mark.parametrize('dep_type', ('buildrequire', 'require'))
    @patch('module_build_service.auth.get_user', return_value=user)
    @patch('module_build_service.scm.SCM')