From 1570db8a7ee36e92424821e4be478120ea522ec5 Mon Sep 17 00:00:00 2001
From: mprahl <mprahl@redhat.com>
Date: Wed, 3 Apr 2019 17:37:12 -0400
Subject: [PATCH] Don't allow a user to set the xmd.mbs field in their modulemd

---
 module_build_service/utils/submit.py          |  7 +++-
 .../staged_data/testmodule-forbidden-xmd.yaml | 41 +++++++++++++++++++
 tests/test_utils/test_utils.py                |  5 ++-
 tests/test_views/test_views.py                | 20 +++++++++
 4 files changed, 71 insertions(+), 2 deletions(-)
 create mode 100644 tests/staged_data/testmodule-forbidden-xmd.yaml

diff --git a/module_build_service/utils/submit.py b/module_build_service/utils/submit.py
index ef5c962c..1a179f75 100644
--- a/module_build_service/utils/submit.py
+++ b/module_build_service/utils/submit.py
@@ -291,6 +291,7 @@ def validate_mmd(mmd):
     :type mmd: Modulemd.Module
     :raises Forbidden: if metadata contains module repository but it is not
         allowed.
+    :raise ValidationError: if the xmd has the "mbs" key set.
     """
     for modname, mod in mmd.get_module_components().items():
         if mod.get_repository() and not conf.modules_allow_repository:
@@ -298,6 +299,9 @@ def validate_mmd(mmd):
                 "Custom module repositories aren't allowed.  "
                 "%r bears repository %r" % (modname, mod.get_repository()))
 
+    if 'mbs' in mmd.get_xmd():
+        raise ValidationError('The "mbs" xmd field is reserved for MBS')
+
 
 def merge_included_mmd(mmd, included_mmd):
     """
@@ -610,6 +614,8 @@ def submit_module_build(username, mmd, params):
         raise ValidationError(
             'You cannot build a module named "{}" since it is a base module'.format(mmd.get_name()))
 
+    validate_mmd(mmd)
+
     raise_if_stream_ambigous = False
     default_streams = {}
     # For local builds, we want the user to choose the exact stream using the default_streams
@@ -621,7 +627,6 @@ def submit_module_build(username, mmd, params):
         default_streams = params["default_streams"]
     _apply_dep_overrides(mmd, params)
 
-    validate_mmd(mmd)
     mmds = generate_expanded_mmds(db.session, mmd, raise_if_stream_ambigous, default_streams)
     if not mmds:
         raise ValidationError('No dependency combination was satisfied. Please verify the '
diff --git a/tests/staged_data/testmodule-forbidden-xmd.yaml b/tests/staged_data/testmodule-forbidden-xmd.yaml
new file mode 100644
index 00000000..fe883782
--- /dev/null
+++ b/tests/staged_data/testmodule-forbidden-xmd.yaml
@@ -0,0 +1,41 @@
+document: modulemd
+version: 1
+data:
+    summary: A test module in all its beautiful beauty
+    description: >-
+        This module demonstrates how to write simple modulemd files And
+        can be used for testing the build and release pipeline. ’
+    license:
+        module: [ MIT ]
+    dependencies:
+        buildrequires:
+            platform: f28
+        requires:
+            platform: f28
+    references:
+        community: https://docs.pagure.org/modularity/
+        documentation: https://fedoraproject.org/wiki/Fedora_Packaging_Guidelines_for_Modules
+    profiles:
+        default:
+            rpms:
+            - tangerine
+    api:
+        rpms:
+        - perl-Tangerine
+        - tangerine
+    components:
+        rpms:
+            perl-List-Compare:
+                rationale: A dependency of tangerine.
+                ref: master
+            perl-Tangerine:
+                rationale: Provides API for this module and is a dependency of tangerine.
+                ref: master
+            tangerine:
+                rationale: Provides API for this module.
+                buildorder: 10
+                ref: master
+    xmd:
+        mbs:
+            mse: true
+            trick_mbs: true
diff --git a/tests/test_utils/test_utils.py b/tests/test_utils/test_utils.py
index 9f5db09e..3041d1c8 100644
--- a/tests/test_utils/test_utils.py
+++ b/tests/test_utils/test_utils.py
@@ -815,7 +815,10 @@ class TestUtils:
 
         generate_expanded_mmds.return_value = [mmd1, mmd2]
 
-        builds = module_build_service.utils.submit_module_build("foo", mmd1, {})
+        # Create a copy of mmd1 without xmd.mbs, since that will cause validate_mmd to fail
+        mmd1_copy = Modulemd.Module.new_from_string(mmd1.dumps())
+        mmd1_copy.set_xmd({})
+        builds = module_build_service.utils.submit_module_build("foo", mmd1_copy, {})
         ret = {b.mmd().get_context(): b.state for b in builds}
         assert ret == {
             "c1": models.BUILD_STATES['ready'],
diff --git a/tests/test_views/test_views.py b/tests/test_views/test_views.py
index 7993fdb8..34c22320 100644
--- a/tests/test_views/test_views.py
+++ b/tests/test_views/test_views.py
@@ -1332,6 +1332,26 @@ class TestViews:
         }
         assert rv.status_code == 400
 
+    @patch('module_build_service.auth.get_user', return_value=user)
+    @patch('module_build_service.scm.SCM')
+    def test_submit_build_with_xmd(self, mocked_scm, mocked_get_user):
+        FakeSCM(mocked_scm, 'testmodule', 'testmodule-forbidden-xmd.yaml',
+                '620ec77321b2ea7b0d67d82992dda3e1d67055b4')
+
+        data = {
+            'branch': 'master',
+            'scmurl': 'https://src.stg.fedoraproject.org/modules/'
+                      'testmodule.git?#68931c90de214d9d13feefbd35246a81b6cb8d49',
+        }
+        rv = self.client.post('/module-build-service/1/module-builds/', data=json.dumps(data))
+        result = json.loads(rv.data)
+        assert result == {
+            'error': 'Bad Request',
+            'status': 400,
+            'message': 'The "mbs" xmd field is reserved for MBS'
+        }
+        assert rv.status_code == 400
+
     @pytest.mark.parametrize('dep_type', ('buildrequire', 'require'))
     @patch('module_build_service.auth.get_user', return_value=user)
     @patch('module_build_service.scm.SCM')