[FAB-11857] ValidateCodePackage to java platform

gennadylaventman · gennadylaventman · commit cf77c77d34fe · 2018-09-05T17:06:43.000+03:00
Adding ValidateCodePackage to java platform unit tests

Change-Id: I252df2d6c3b9f9cdc67fb493648cd6187eadc41d
Signed-off-by: gennady &lt;gennady@il.ibm.com&gt;
diff --git a/core/chaincode/platforms/java/java_test.go b/core/chaincode/platforms/java/java_test.go
@@ -14,6 +14,7 @@ import (
 	"os"
 	"strings"
 	"testing"
+	"time"
 
 	"github.com/hyperledger/fabric/core/chaincode/platforms"
 	"github.com/hyperledger/fabric/core/chaincode/platforms/java"
@@ -44,6 +45,36 @@ func TestValidatePath(t *testing.T) {
 	assert.NoError(t, err)
 }
 
+func TestValidateCodePackage(t *testing.T) {
+	platform := java.Platform{}
+	b, _ := generateMockPackegeBytes("src/pom.xml", 0100400)
+	assert.NoError(t, platform.ValidateCodePackage(b))
+
+	b, _ = generateMockPackegeBytes("src/pom.xml", 0100555)
+	assert.Error(t, platform.ValidateCodePackage(b))
+
+	b, _ = generateMockPackegeBytes("src/build.gradle", 0100400)
+	assert.NoError(t, platform.ValidateCodePackage(b))
+
+	b, _ = generateMockPackegeBytes("src/build.xml", 0100400)
+	assert.Error(t, platform.ValidateCodePackage(b))
+
+	b, _ = generateMockPackegeBytes("src/src/Main.java", 0100400)
+	assert.NoError(t, platform.ValidateCodePackage(b))
+
+	b, _ = generateMockPackegeBytes("src/build/Main.java", 0100400)
+	assert.Error(t, platform.ValidateCodePackage(b))
+
+	b, _ = generateMockPackegeBytes("src/src/xyz/main.java", 0100400)
+	assert.NoError(t, platform.ValidateCodePackage(b))
+
+	b, _ = generateMockPackegeBytes("src/src/xyz/main.class", 0100400)
+	assert.Error(t, platform.ValidateCodePackage(b))
+
+	b, _ = platform.GetDeploymentPayload(chaincodePathFolderGradle)
+	assert.NoError(t, platform.ValidateCodePackage(b))
+}
+
 func TestGetDeploymentPayload(t *testing.T) {
 	platform := java.Platform{}
 
@@ -161,3 +192,22 @@ func TestMain(m *testing.M) {
 	}
 	os.Exit(m.Run())
 }
+
+func generateMockPackegeBytes(fileName string, mode int64) ([]byte, error) {
+	var zeroTime time.Time
+	codePackage := bytes.NewBuffer(nil)
+	gw := gzip.NewWriter(codePackage)
+	tw := tar.NewWriter(gw)
+	payload := make([]byte, 25, 25)
+	err := tw.WriteHeader(&tar.Header{Name: fileName, Size: int64(len(payload)), ModTime: zeroTime, AccessTime: zeroTime, ChangeTime: zeroTime, Mode: mode})
+	if err != nil {
+		return nil, err
+	}
+	_, err = tw.Write(payload)
+	if err != nil {
+		return nil, err
+	}
+	tw.Close()
+	gw.Close()
+	return codePackage.Bytes(), nil
+}
diff --git a/core/chaincode/platforms/java/platform.go b/core/chaincode/platforms/java/platform.go
@@ -11,7 +11,9 @@ import (
 	"compress/gzip"
 	"errors"
 	"fmt"
+	"io"
 	"net/url"
+	"regexp"
 	"strings"
 
 	"github.com/hyperledger/fabric/common/flogging"
@@ -45,7 +47,52 @@ func (javaPlatform *Platform) ValidatePath(rawPath string) error {
 }
 
 func (javaPlatform *Platform) ValidateCodePackage(code []byte) error {
-	// FIXME: Java platform needs to implement its own validation similar to GOLANG
+	if len(code) == 0 {
+		// Nothing to validate if no CodePackage was included
+		return nil
+	}
+
+	// File to be valid should match first RegExp and not match second one.
+	filesToMatch := regexp.MustCompile(`^(/)?src/((src|META-INF)/.*|(build\.gradle|settings\.gradle|pom\.xml))`)
+	filesToIgnore := regexp.MustCompile(`.*\.class$`)
+	is := bytes.NewReader(code)
+	gr, err := gzip.NewReader(is)
+	if err != nil {
+		return fmt.Errorf("failure opening codepackage gzip stream: %s", err)
+	}
+	tr := tar.NewReader(gr)
+
+	for {
+		header, err := tr.Next()
+		if err != nil {
+			if err == io.EOF {
+				// We only get here if there are no more entries to scan
+				break
+			} else {
+				return err
+			}
+		}
+
+		// --------------------------------------------------------------------------------------
+		// Check name for conforming path
+		// --------------------------------------------------------------------------------------
+		if !filesToMatch.MatchString(header.Name) || filesToIgnore.MatchString(header.Name) {
+			return fmt.Errorf("illegal file detected in payload: \"%s\"", header.Name)
+		}
+
+		// --------------------------------------------------------------------------------------
+		// Check that file mode makes sense
+		// --------------------------------------------------------------------------------------
+		// Acceptable flags:
+		//      ISREG      == 0100000
+		//      -rw-rw-rw- == 0666
+		//
+		// Anything else is suspect in this context and will be rejected
+		// --------------------------------------------------------------------------------------
+		if header.Mode&^0100666 != 0 {
+			return fmt.Errorf("illegal file mode detected for file %s: %o", header.Name, header.Mode)
+		}
+	}
 	return nil
 }
 
