experiments/clixon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Added sanity check that a yang module name matches the filename

Browse source
This commit is contained in:
Olof hagsand 2020-09-25 13:39:13 +02:00
parent 21ac47915b
commit da54dae396
3 changed files with 29 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

2
CHANGELOG.md
View file

@ -46,7 +46,7 @@ Users may have to change how they access the system
### Minor changes ### Minor changes
* Added filterexpr to xpath * Added sanity check that a yang module name matches the filename
## 4.7.0 ## 4.7.0
14 September 2020 14 September 2020

58
lib/src/clixon_validate.c
View file

@ -179,20 +179,20 @@ validate_leafref(cxobj *xt,
* @param[in] xt XML leaf node of type identityref * @param[in] xt XML leaf node of type identityref
* @param[in] ys Yang spec of leaf * @param[in] ys Yang spec of leaf
* @param[in] ytype Yang type field of type identityref * @param[in] ytype Yang type field of type identityref
* @param[out] xret Error XML tree. Free with xml_free after use * @param[out] xret Error XML tree. Free with xml_free after use
* @retval 1 Validation OK * @retval 1 Validation OK
* @retval 0 Validation failed * @retval 0 Validation failed
* @retval -1 Error * @retval -1 Error
* @see ys_populate_identity where the derived types are set * @see ys_populate_identity where the derived types are set
* @see yang_augment_node * @see yang_augment_node
* @see RFC7950 Sec 9.10.2: * @see RFC7950 Sec 9.10.2:
* @see xp_function_derived_from similar code other context
*/ */
static int static int
validate_identityref(cxobj *xt, validate_identityref(cxobj *xt,
yang_stmt *ys, yang_stmt *ys,
yang_stmt *ytype, yang_stmt *ytype,
cxobj **xret) cxobj **xret)
{ {
int retval = -1; int retval = -1;
char *node = NULL; char *node = NULL;
@ -204,6 +204,7 @@ validate_identityref(cxobj *xt,
cbuf *cberr = NULL; cbuf *cberr = NULL;
cbuf *cb = NULL; cbuf *cb = NULL;
cvec *idrefvec; /* Derived identityref list: (module:id)**/ cvec *idrefvec; /* Derived identityref list: (module:id)**/
yang_stmt *ymod;
if ((cb = cbuf_new()) == NULL){ if ((cb = cbuf_new()) == NULL){
clicon_err(OE_UNIX, errno, "cbuf_new"); clicon_err(OE_UNIX, errno, "cbuf_new");
@ -235,49 +236,22 @@ validate_identityref(cxobj *xt,
goto fail; goto fail;
} }
/* Assume proper namespace, otherwise we assume module prefixes, /* idref from prefix:id to module:id */
* see IDENTITYREF_KLUDGE if (prefix == NULL)
*/ ymod = ys_module(ys);
if (0){ else{ /* from prefix to name */
char *ns;
yang_stmt *ymod;
yang_stmt *yspec;
/* Create an idref as <bbmodule>:<id> which is the format of the derived
* identityref list associated with the base identities.
*/
/* Get namespace (of idref) from xml */
if (xml2ns(xt, prefix, &ns) < 0)
goto done;
yspec = ys_spec(ys);
/* Get module of that namespace */
if ((ymod = yang_find_module_by_namespace(yspec, ns)) == NULL){
clicon_err(OE_YANG, ENOENT, "No module found");
goto done;
}
cprintf(cb, "%s:%s", yang_argument_get(ymod), id);
}
#if 1
{
yang_stmt *ymod;
/* idref from prefix:id to module:id */
if (prefix == NULL)
ymod = ys_module(ys);
else{ /* from prefix to name */
#if 1 /* IDENTITYREF_KLUDGE */ #if 1 /* IDENTITYREF_KLUDGE */
ymod = yang_find_module_by_prefix_yspec(ys_spec(ys), prefix); ymod = yang_find_module_by_prefix_yspec(ys_spec(ys), prefix);
#endif #endif
}
if (ymod == NULL){
cprintf(cberr, "Identityref validation failed, %s not derived from %s",
node, yang_argument_get(ybaseid));
if (netconf_operation_failed_xml(xret, "application", cbuf_get(cberr)) < 0)
goto done;
goto fail;
}
cprintf(cb, "%s:%s", yang_argument_get(ymod), id);
} }
#endif if (ymod == NULL){
cprintf(cberr, "Identityref validation failed, %s not derived from %s",
node, yang_argument_get(ybaseid));
if (xret && netconf_operation_failed_xml(xret, "application", cbuf_get(cberr)) < 0)
goto done;
goto fail;
}
cprintf(cb, "%s:%s", yang_argument_get(ymod), id);
idref = cbuf_get(cb); idref = cbuf_get(cb);
/* Here check if node is in the derived node list of the base identity /* Here check if node is in the derived node list of the base identity
* The derived node list is a cvec computed XXX * The derived node list is a cvec computed XXX

12
lib/src/clixon_yang_parse_lib.c
View file

@ -847,6 +847,18 @@ yang_parse_module(clicon_handle h,
filename = cbuf_get(fbuf); filename = cbuf_get(fbuf);
if ((ymod = yang_parse_filename(filename, yspec)) == NULL) if ((ymod = yang_parse_filename(filename, yspec)) == NULL)
goto done; goto done;
/* Sanity check that requested module name matches loaded module
* If this does not match, the filename and containing module do not match
* RFC 7950 Sec 5.2
*/
if (strcmp(yang_argument_get(ymod), module) != 0){
clicon_err(OE_YANG, EINVAL, "File %s contains yang module \"%s\" which does not expected module %s",
filename,
yang_argument_get(ymod),
module);
ymod = NULL;
goto done;
}
if ((yrev = yang_find(ymod, Y_REVISION, NULL)) != NULL) if ((yrev = yang_find(ymod, Y_REVISION, NULL)) != NULL)
revm = cv_uint32_get(yang_cv_get(yrev)); revm = cv_uint32_get(yang_cv_get(yrev));
if (filename2revision(filename, NULL, &revf) < 0) if (filename2revision(filename, NULL, &revf) < 0)