From cd55fcc25558731d9e49214fd561972b991384f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mart=C3=AD=20Bol=C3=ADvar?= Date: Wed, 15 Jan 2020 17:04:34 -0800 Subject: [PATCH] manifest: validate() fixes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We need to be a bit more careful with our types. For example, the string "not-a-manifest" can be loaded as YAML, and evaluates to... itself. And the string 'manifest' sure is in the string 'not-a-manifest', so the "'manifest' not in data" check in validate() doesn't catch the invalidity. Then we try to index ['manifest'] in a string, which doesn't work, because string indexes must be integers. Boom. Fix it with extra type checking. Signed-off-by: Martí Bolívar --- src/west/manifest.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/west/manifest.py b/src/west/manifest.py index 60ae9ca..e0e5d5b 100644 --- a/src/west/manifest.py +++ b/src/west/manifest.py @@ -79,7 +79,12 @@ def validate(data): :param data: YAML manifest data as a string or object ''' if isinstance(data, str): + as_str = data data = yaml.safe_load(data) + if not isinstance(data, dict): + raise MalformedManifest(f'{as_str} is not a YAML dictionary') + elif not isinstance(data, dict): + raise TypeError(f'data type {type(data)} must be str or dict') if 'manifest' not in data: raise MalformedManifest('manifest data contains no "manifest" key')