Add strict mode parameter for referenced objects validation

Signed-off-by: xiekeyang <xiekeyang@huawei.com>
opencontainers · Nov 18, 2016 · 833391c · 833391c
1 parent b716c40
commit 833391c
Show file tree

Hide file tree

Showing 6 changed files with 212 additions and 16 deletions.
diff --git a/schema/config_test.go b/schema/config_test.go
@@ -156,7 +156,7 @@ func TestConfig(t *testing.T) {
 		},
 	} {
 		r := strings.NewReader(tt.config)
-		err := schema.MediaTypeImageConfig.Validate(r)
+		err := schema.MediaTypeImageConfig.Validate(r, false)
 
 		if got := err != nil; tt.fail != got {
 			t.Errorf("test %d: expected validation failure %t but got %t, err %v", i, tt.fail, got, err)

diff --git a/schema/manifest_backwards_compatibility_test.go b/schema/manifest_backwards_compatibility_test.go
@@ -118,7 +118,7 @@ func TestBackwardsCompatibilityManifestList(t *testing.T) {
 
 		manifest := convertFormats(tt.manifest)
 		r := strings.NewReader(manifest)
-		err := schema.MediaTypeManifestList.Validate(r)
+		err := schema.MediaTypeManifestList.Validate(r, false)
 
 		if got := err != nil; tt.fail != got {
 			t.Errorf("test %d: expected validation failure %t but got %t, err %v", i, tt.fail, got, err)
@@ -181,7 +181,7 @@ func TestBackwardsCompatibilityManifest(t *testing.T) {
 
 		manifest := convertFormats(tt.manifest)
 		r := strings.NewReader(manifest)
-		err := schema.MediaTypeManifest.Validate(r)
+		err := schema.MediaTypeManifest.Validate(r, false)
 
 		if got := err != nil; tt.fail != got {
 			t.Errorf("test %d: expected validation failure %t but got %t, err %v", i, tt.fail, got, err)
@@ -221,7 +221,7 @@ func TestBackwardsCompatibilityConfig(t *testing.T) {
 
 		config := convertFormats(tt.config)
 		r := strings.NewReader(config)
-		err := schema.MediaTypeImageConfig.Validate(r)
+		err := schema.MediaTypeImageConfig.Validate(r, false)
 
 		if got := err != nil; tt.fail != got {
 			t.Errorf("test %d: expected validation failure %t but got %t, err %v", i, tt.fail, got, err)

diff --git a/schema/manifest_test.go b/schema/manifest_test.go
@@ -23,11 +23,13 @@ import (
 
 func TestManifest(t *testing.T) {
 	for i, tt := range []struct {
+		strict   bool
 		manifest string
 		fail     bool
 	}{
 		// expected failure: mediaType does not match pattern
 		{
+			strict: false,
 			manifest: `
 {
   "schemaVersion": 2,
@@ -39,6 +41,7 @@ func TestManifest(t *testing.T) {
 
 		// expected failure: config.size is a string, expected integer
 		{
+			strict: false,
 			manifest: `
 {
   "schemaVersion": 2,
@@ -56,6 +59,7 @@ func TestManifest(t *testing.T) {
 
 		// expected failure: layers.size is string, expected integer
 		{
+			strict: false,
 			manifest: `
 {
   "schemaVersion": 2,
@@ -79,6 +83,7 @@ func TestManifest(t *testing.T) {
 
 		// valid manifest
 		{
+			strict: true,
 			manifest: `
 {
   "schemaVersion": 2,
@@ -113,9 +118,81 @@ func TestManifest(t *testing.T) {
 `,
 			fail: false,
 		},
+
+		// valid manifest accepts customized config media types
+		{
+			strict: false,
+			manifest: `
+{
+  "schemaVersion": 2,
+  "mediaType": "application/vnd.oci.image.manifest.v1+json",
+  "config": {
+    "mediaType": "application/vnd.customized.config+json",
+    "size": 1470,
+    "digest": "sha256:c86f7763873b6c0aae22d963bab59b4f5debbed6685761b5951584f6efb0633b"
+  },
+  "layers": [
+    {
+      "mediaType": "application/vnd.customized.layer.tar+gzip",
+      "size": 148,
+      "digest": "sha256:c57089565e894899735d458f0fd4bb17a0f1e0df8d72da392b85c9b35ee777cd"
+    }
+  ]
+}
+`,
+			fail: false,
+		},
+
+		// expected failure strictly: unknown config.mediaType
+		{
+			strict: true,
+			manifest: `
+{
+  "schemaVersion": 2,
+  "mediaType": "application/vnd.oci.image.manifest.v1+json",
+  "config": {
+    "mediaType": "application/vnd.customized.config+json",
+    "size": 1470,
+    "digest": "sha256:c86f7763873b6c0aae22d963bab59b4f5debbed6685761b5951584f6efb0633b"
+  },
+  "layers": [
+    {
+      "mediaType": "application/vnd.customized.layer.tar+gzip",
+      "size": 148,
+      "digest": "sha256:c57089565e894899735d458f0fd4bb17a0f1e0df8d72da392b85c9b35ee777cd"
+    }
+  ]
+}
+`,
+			fail: true,
+		},
+
+		// expected failure strictly: unknown layers[].mediaType
+		{
+			strict: true,
+			manifest: `
+{
+  "schemaVersion": 2,
+  "mediaType": "application/vnd.oci.image.manifest.v1+json",
+  "config": {
+    "mediaType": "application/vnd.oci.image.config.v1+json",
+    "size": 1470,
+    "digest": "sha256:c86f7763873b6c0aae22d963bab59b4f5debbed6685761b5951584f6efb0633b"
+  },
+  "layers": [
+    {
+      "mediaType": "application/vnd.customized.layer.tar+gzip",
+      "size": 148,
+      "digest": "sha256:c57089565e894899735d458f0fd4bb17a0f1e0df8d72da392b85c9b35ee777cd"
+    }
+  ]
+}
+`,
+			fail: true,
+		},
 	} {
 		r := strings.NewReader(tt.manifest)
-		err := schema.MediaTypeManifest.Validate(r)
+		err := schema.MediaTypeManifest.Validate(r, tt.strict)
 
 		if got := err != nil; tt.fail != got {
 			t.Errorf("test %d: expected validation failure %t but got %t, err %v", i, tt.fail, got, err)

diff --git a/schema/manifestlist_test.go b/schema/manifestlist_test.go
@@ -0,0 +1,83 @@
+// Copyright 2016 The Linux Foundation
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package schema_test
+
+import (
+	"strings"
+	"testing"
+
+	"github.com/opencontainers/image-spec/schema"
+)
+
+func TestManifestList(t *testing.T) {
+	for i, tt := range []struct {
+		strict       bool
+		manifestList string
+		fail         bool
+	}{
+		// valid manifest list accepting customized media types
+		{
+			strict: false,
+			manifestList: `
+{
+  "schemaVersion": 2,
+  "mediaType": "application/vnd.oci.image.manifest.list.v1+json",
+  "manifests": [
+    {
+      "mediaType": "application/customized+json",
+      "size": 7143,
+      "digest": "sha256:e692418e4cbaf90ca69d05a66403747baa33ee08806650b51fab815ad7fc331f",
+      "platform": {
+        "architecture": "ppc64le",
+        "os": "linux"
+      }
+    }
+  ]
+}
+`,
+			fail: false,
+		},
+
+		// expected failure strictly: manifests[].mediaType is unknown
+		{
+			strict: true,
+			manifestList: `
+{
+  "schemaVersion": 2,
+  "mediaType": "application/vnd.oci.image.manifest.list.v1+json",
+  "manifests": [
+    {
+      "mediaType": "application/customized+json",
+      "size": 7143,
+      "digest": "sha256:e692418e4cbaf90ca69d05a66403747baa33ee08806650b51fab815ad7fc331f",
+      "platform": {
+        "architecture": "ppc64le",
+        "os": "linux"
+      }
+    }
+  ]
+}
+`,
+			fail: true,
+		},
+	} {
+		r := strings.NewReader(tt.manifestList)
+		err := schema.MediaTypeManifestList.Validate(r, tt.strict)
+
+		if got := err != nil; tt.fail != got {
+			t.Errorf("test %d: expected validation failure %t but got %t, err %v", i, tt.fail, got, err)
+		}
+	}
+}
diff --git a/schema/spec_test.go b/schema/spec_test.go
@@ -73,7 +73,7 @@ func validate(t *testing.T, name string) {
 			continue
 		}
 
-		err = schema.Validator(example.Mediatype).Validate(strings.NewReader(example.Body))
+		err = schema.Validator(example.Mediatype).Validate(strings.NewReader(example.Body), true)
 		if err == nil {
 			printFields(t, "ok", example.Mediatype, example.Title)
 			t.Log(example.Body, "---")

diff --git a/schema/validator.go b/schema/validator.go
@@ -30,10 +30,11 @@ import (
 // and implements validation against a JSON schema.
 type Validator string
 
-type validateDescendantsFunc func(r io.Reader) error
+type validateRefObjectFunc func(r io.Reader, strict bool) error
 
-var mapValidateDescendants = map[Validator]validateDescendantsFunc{
-	MediaTypeManifest: validateManifestDescendants,
+var mapValidateRefObject = map[Validator]validateRefObjectFunc{
+	MediaTypeManifestList: validateManifestListRefObject,
+	MediaTypeManifest:     validateManifestRefObject,
 }
 
 // ValidationError contains all the errors that happened during validation.
@@ -46,17 +47,19 @@ func (e ValidationError) Error() string {
 }
 
 // Validate validates the given reader against the schema of the wrapped media type.
-func (v Validator) Validate(src io.Reader) error {
+// strict: require the validated object to only contain content which the OCI
+// defines (or references) in the spec
+func (v Validator) Validate(src io.Reader, strict bool) error {
 	buf, err := ioutil.ReadAll(src)
 	if err != nil {
 		return errors.Wrap(err, "unable to read the document file")
 	}
 
-	if f, ok := mapValidateDescendants[v]; ok {
+	if f, ok := mapValidateRefObject[v]; ok {
 		if f == nil {
 			return fmt.Errorf("internal error: mapValidateDescendents[%q] is nil", v)
 		}
-		err = f(bytes.NewReader(buf))
+		err = f(bytes.NewReader(buf), strict)
 		if err != nil {
 			return err
 		}
@@ -88,11 +91,36 @@ func (v Validator) Validate(src io.Reader) error {
 
 type unimplemented string
 
-func (v unimplemented) Validate(src io.Reader) error {
+func (v unimplemented) Validate(src io.Reader, strict bool) error {
 	return fmt.Errorf("%s: unimplemented", v)
 }
 
-func validateManifestDescendants(r io.Reader) error {
+func validateManifestListRefObject(r io.Reader, strict bool) error {
+	header := v1.ManifestList{}
+
+	buf, err := ioutil.ReadAll(r)
+	if err != nil {
+		return errors.Wrapf(err, "error reading the io stream")
+	}
+
+	err = json.Unmarshal(buf, &header)
+	if err != nil {
+		return errors.Wrap(err, "manifest list format mismatch")
+	}
+
+	for _, manifest := range header.Manifests {
+		if manifest.MediaType != string(v1.MediaTypeImageManifest) {
+			msg := fmt.Sprintf("manifest %s has an unknown media type: %s", manifest.Digest, manifest.MediaType)
+			if strict {
+				return fmt.Errorf("%s", msg)
+			}
+			fmt.Printf("warning: %s\n", msg)
+		}
+	}
+	return nil
+}
+
+func validateManifestRefObject(r io.Reader, strict bool) error {
 	header := v1.Manifest{}
 
 	buf, err := ioutil.ReadAll(r)
@@ -106,13 +134,21 @@ func validateManifestDescendants(r io.Reader) error {
 	}
 
 	if header.Config.MediaType != string(v1.MediaTypeImageConfig) {
-		fmt.Printf("warning: config %s has an unknown media type: %s\n", header.Config.Digest, header.Config.MediaType)
+		msg := fmt.Sprintf("config %s has an unknown media type: %s", header.Config.Digest, header.Config.MediaType)
+		if strict {
+			return fmt.Errorf("%s", msg)
+		}
+		fmt.Printf("warning: %s\n", msg)
 	}
 
 	for _, layer := range header.Layers {
 		if layer.MediaType != string(v1.MediaTypeImageLayer) &&
 			layer.MediaType != string(v1.MediaTypeImageLayerNonDistributable) {
-			fmt.Printf("warning: layer %s has an unknown media type: %s\n", layer.Digest, layer.MediaType)
+			msg := fmt.Sprintf("layer %s has an unknown media type: %s", layer.Digest, layer.MediaType)
+			if strict {
+				return fmt.Errorf("%s", msg)
+			}
+			fmt.Printf("warning: %s\n", msg)
 		}
 	}
 	return nil