Fixed: [RPC edit-config payloads are not fully validated](https://github.com/clicon/clixon/issues/337)

2022-06-20 15:08:50 +02:00 · 2022-06-20 15:08:50 +02:00 · 87c65c3541
commit 87c65c3541
parent 7c22021242
11 changed files with 117 additions and 41 deletions
--- a/test/lib.sh
+++ b/test/lib.sh
@ -779,7 +779,7 @@ EOF
 	  r=$(echo "$ret" | grep --null -Go "$i")
 	  match=$?
 	  if [ $match -ne 0 ]; then
-	      err "$i" "$ret"
+	      err "$expectenc" "$ret"
 	  fi
      done <<< "$expectenc"
  fi
--- a/test/test_datastore_format.sh
+++ b/test/test_datastore_format.sh
@ -136,7 +136,7 @@ if [ $BE -ne 0 ]; then
 	err
    fi
    new "start backend -s init -f $cfg"
-    start_backend -s startup -f $cfg
+    start_backend -s init -f $cfg
 fi

 new "wait backend"
--- a/test/test_db.sh
+++ b/test/test_db.sh
@ -2,6 +2,7 @@
 # Datastore tests:
 # - XML and JSON
 # - save and load config files
+# Pretty and not

 # Magic line must be first in script (see README.md)
 s="$_" ; . ./lib.sh || if [ "$s" = $0 ]; then exit 0; else return 0; fi
@ -47,6 +48,11 @@ module clixon-example{
 	    leaf value{
 		type string;
 	    }
+	    container two{
+	       leaf a{
+	          type string;
+ 	       }
+            }
        }
    }
 }
@ -69,6 +75,7 @@ discard("Discard edits (rollback 0)"), discard_changes();
 load("Load configuration from XML file") <filename:string>("Filename (local filename)"){
    xml("Replace candidate with file containing XML"), load_config_file("","filename", "replace", "xml");
    json("Replace candidate with file containing JSON"), load_config_file("","filename", "replace", "json");
+    merge("Merge file with existent candidate"), load_config_file("filename", "merge");
 }
 save("Save candidate configuration to XML file") <filename:string>("Filename (local filename)"){
    xml("Save configuration as XML"), save_config_file("candidate","filename", "xml");
@ -181,17 +188,79 @@ EOF

 new "test params: -f $cfg"

-new "test db xml"
-testrun xml false
+for format in xml json; do
+    for pretty in false true json; do
+	new "test db $format pretty=$pretty"
+	testrun xml false
+    done
+done

-new "test db xml pretty"
-testrun xml true
+# Negative test, load yang-invalid xml
+if [ $BE -ne 0 ]; then
+    new "kill old backend"
+    sudo clixon_backend -z -f $cfg
+    if [ $? -ne 0 ]; then
+	err
+    fi
+    new "start backend -s init -f $cfg -o CLICON_XMLDB_FORMAT=$format -o CLICON_XMLDB_PRETTY=$pretty"
+    start_backend -s init -f $cfg -o CLICON_XMLDB_FORMAT=$format -o CLICON_XMLDB_PRETTY=$pretty
+fi

-new "test db json"
-testrun json false
+new "wait backend"
+wait_backend

-new "test db json pretty"
-testrun json true
+# Wrong: two toplevels
+cat <<EOF > $dir/myconfig
+<${DATASTORE_TOP}>
+   <table xmlns="urn:example:clixon">
+      <parameter>
+         <name>a</name>
+         <value>42</value>
+      </parameter>
+   </table>
+   <table xmlns="urn:example:clixon">
+      <parameter>
+         <name>b</name>
+         <value>99</value>
+      </parameter>
+   </table>
+</${DATASTORE_TOP}>
+EOF
+
+new "load invalid file: 2 top-level containers, expect fail"
+expectpart "$($clixon_cli -1 -f $cfg load $dir/myconfig xml 2>&1)" 0 "Editing configuration: protocol operation-failed : too-many-elements : /rpc/edit-config/config/table"
+
+# Wrong: two toplevels
+cat <<EOF > $dir/myconfig
+<${DATASTORE_TOP}>
+   <table xmlns="urn:example:clixon">
+      <parameter>
+         <name>a</name>
+         <value>42</value>
+	 <two><a>1</a></two>
+	 <two><a>2</a></two>
+      </parameter>
+   </table>
+</${DATASTORE_TOP}>
+EOF
+
+# XXX This is invalid but not detected at load will be checked with validate
+new "load invalid file: 2 inner containers, expect fail"
+expectpart "$($clixon_cli -1 -f $cfg load $dir/myconfig xml 2>&1)" 0 ""
+
+new "Validate expect fail"
+expectpart "$($clixon_cli -1 -f $cfg validate 2>&1)" 255 "too-many-elements"
+
+if [ $BE -ne 0 ]; then
+    new "Kill backend"
+    # Check if premature kill
+    pid=$(pgrep -u root -f clixon_backend)
+    if [ -z "$pid" ]; then
+	err "backend already dead"
+    fi
+    # kill backend
+    stop_backend -f $cfg
+fi

 rm -rf $dir

--- a/test/test_minmax.sh
+++ b/test/test_minmax.sh
@ -215,10 +215,10 @@ expecteof_netconf "$clixon_netconf -qf $cfg" 0 "$DEFAULTHELLO" "<rpc $DEFAULTNS>
   <b3 xmlns=\"urn:example:clixon\">0</b3>
   <b3 xmlns=\"urn:example:clixon\">1</b3>
   <b3 xmlns=\"urn:example:clixon\">2</b3>
-</config></edit-config></rpc>" "" "<rpc-reply $DEFAULTNS><ok/></rpc-reply>"
+</config></edit-config></rpc>" "" "<rpc-reply $DEFAULTNS><rpc-error><error-type>protocol</error-type><error-tag>operation-failed</error-tag><error-app-tag>too-many-elements</error-app-tag><error-severity>error</error-severity><error-path>/rpc/edit-config/config/b3</error-path></rpc-error></rpc-reply>"

 new "minmax top level too many should fail"
-expecteof_netconf "$clixon_netconf -qf $cfg" 0 "$DEFAULTHELLO" "<rpc $DEFAULTNS><validate><source><candidate/></source></validate></rpc>" "" "<rpc-reply $DEFAULTNS><rpc-error><error-type>protocol</error-type><error-tag>operation-failed</error-tag><error-app-tag>too-many-elements</error-app-tag><error-severity>error</error-severity><error-path>/b3</error-path></rpc-error></rpc-reply>"
+#expecteof_netconf "$clixon_netconf -qf $cfg" 0 "$DEFAULTHELLO" "<rpc $DEFAULTNS><validate><source><candidate/></source></validate></rpc>" "" "<rpc-reply $DEFAULTNS><rpc-error><error-type>protocol</error-type><error-tag>operation-failed</error-tag><error-app-tag>too-many-elements</error-app-tag><error-severity>error</error-severity><error-path>/b3</error-path></rpc-error></rpc-reply>"

 new "netconf discard-changes"
 expecteof_netconf "$clixon_netconf -qf $cfg" 0 "$DEFAULTHELLO" "<rpc $DEFAULTNS><discard-changes/></rpc>" "" "<rpc-reply $DEFAULTNS><ok/></rpc-reply>"
--- a/test/test_nacm_module_read.sh
+++ b/test/test_nacm_module_read.sh
@ -65,7 +65,7 @@ module clixon-example{
  yang-version 1.1;
  namespace "urn:example:clixon";
  prefix ex;
-    container table{
+  container table{
 	list parameter{
 	    key name;
 	    leaf name{
@ -167,8 +167,8 @@ RULES=$(cat <<EOF

   </nacm>
   <x xmlns="urn:example:nacm">42</x>
-   <table xmlns="urn:example:clixon"><parameter><name>key42</name><value>val42</value></parameter></table>
-   <table xmlns="urn:example:clixon"><parameter><name>key43</name><value>val43</value></parameter></table>
+   <table xmlns="urn:example:clixon"><parameter><name>key42</name><value>val42</value></parameter>
+           b<parameter><name>key43</name><value>val43</value></parameter></table>
 EOF
 )

--- a/test/test_unique_descendant.sh
+++ b/test/test_unique_descendant.sh
@ -97,25 +97,13 @@ expecteof_netconf "$clixon_netconf -qef $cfg" 0 "$DEFAULTHELLO" "<rpc $DEFAULTNS

 rpc="<rpc $DEFAULTNS><edit-config><target><candidate/></target><default-operation>replace</default-operation><config><outer xmlns=\"urn:example:clixon\"><name>x</name><c><inner><name>a</name><value>foo</value></inner><inner><name>b</name><value>foo</value></inner></c></outer><outer xmlns=\"urn:example:clixon\"><name>y</name><c><inner><name>a</name><value>fie</value></inner><inner><name>b</name><value>fum</value></inner></c></outer></config></edit-config></rpc>"

-new "Add invalid example"
-expecteof_netconf "$clixon_netconf -qef $cfg" 0 "$DEFAULTHELLO" "${rpc}" "" "<rpc-reply $DEFAULTNS><ok/></rpc-reply>"
-
-new "netconf validate same inner (should fail)"
-expecteof_netconf "$clixon_netconf -qef $cfg" 0 "$DEFAULTHELLO" "<rpc $DEFAULTNS><validate><source><candidate/></source></validate></rpc>" "" "<rpc-reply $DEFAULTNS><rpc-error><error-type>application</error-type><error-tag>operation-failed</error-tag><error-app-tag>data-not-unique</error-app-tag><error-severity>error</error-severity><error-info><non-unique>c/inner/value</non-unique></error-info></rpc-error></rpc-reply>"
-
-new "netconf discard-changes"
-expecteof_netconf "$clixon_netconf -qef $cfg" 0 "$DEFAULTHELLO" "<rpc $DEFAULTNS><discard-changes/></rpc>" "" "<rpc-reply $DEFAULTNS><ok/></rpc-reply>"
+new "Add invalid example 1"
+expecteof_netconf "$clixon_netconf -qef $cfg" 0 "$DEFAULTHELLO" "${rpc}" "" "<rpc-reply $DEFAULTNS><rpc-error><error-type>application</error-type><error-tag>operation-failed</error-tag><error-app-tag>data-not-unique</error-app-tag><error-severity>error</error-severity><error-info><non-unique>c/inner/value</non-unique></error-info></rpc-error></rpc-reply>"

 rpc="<rpc $DEFAULTNS><edit-config><target><candidate/></target><default-operation>replace</default-operation><config><outer xmlns=\"urn:example:clixon\"><name>x</name><c><inner><name>a</name><value>foo</value></inner><inner><name>b</name><value>bar</value></inner></c></outer><outer xmlns=\"urn:example:clixon\"><name>y</name><c><inner><name>a</name><value>fie</value></inner><inner><name>b</name><value>bar</value></inner></c></outer></config></edit-config></rpc>"

-new "Add invalid example"
-expecteof_netconf "$clixon_netconf -qef $cfg" 0 "$DEFAULTHELLO" "${rpc}" "" "<rpc-reply $DEFAULTNS><ok/></rpc-reply>"
-
-new "netconf validate same in different outers (should fail)"
-expecteof_netconf "$clixon_netconf -qef $cfg" 0 "$DEFAULTHELLO" "<rpc $DEFAULTNS><validate><source><candidate/></source></validate></rpc>" "" "<rpc-reply $DEFAULTNS><rpc-error><error-type>application</error-type><error-tag>operation-failed</error-tag><error-app-tag>data-not-unique</error-app-tag><error-severity>error</error-severity><error-info><non-unique>c/inner/value</non-unique></error-info></rpc-error></rpc-reply>"
-
-new "netconf discard-changes"
-expecteof_netconf "$clixon_netconf -qef $cfg" 0 "$DEFAULTHELLO" "<rpc $DEFAULTNS><discard-changes/></rpc>" "" "<rpc-reply $DEFAULTNS><ok/></rpc-reply>"
+new "Add invalid example 2"
+expecteof_netconf "$clixon_netconf -qef $cfg" 0 "$DEFAULTHELLO" "${rpc}" "" "<rpc-reply $DEFAULTNS><rpc-error><error-type>application</error-type><error-tag>operation-failed</error-tag><error-app-tag>data-not-unique</error-app-tag><error-severity>error</error-severity><error-info><non-unique>c/inner/value</non-unique></error-info></rpc-error></rpc-reply>"

 if [ $BE -ne 0 ]; then
    new "Kill backend"