Add validation to ensure that settings.configs values are dictionaries, in order to prevent misuse#1547
Merged
yonaskolb merged 24 commits intoyonaskolb:masterfrom Jun 6, 2025
Merged
Conversation
giginet
reviewed
May 20, 2025
freddi-kit
reviewed
May 20, 2025
freddi-kit
reviewed
May 20, 2025
freddi-kit
reviewed
May 20, 2025
Collaborator
|
Could you also update |
Ryu0118
force-pushed
the
validate_invalid_configs
branch
from
c79e246 to
340b8e6
Compare
giginet
reviewed
May 20, 2025
Ryu0118
commented
May 20, 2025
giginet
approved these changes
May 20, 2025
freddi-kit
approved these changes
May 20, 2025
Ryu0118
commented
May 20, 2025
Contributor
Author
There was a problem hiding this comment.
Currently, the following YAML is correctly detected as invalid:
settings:
configs:
invalid_key: valueHowever, the following YAML is not detected as invalid:
targets:
invalid_target:
settings:
configs:
invalid_key: valuetargets:
valid_target1:
type: application
platform: iOS
valid_target2:
type: application
platform: iOS
aggregateTargets:
invalid_target:
targets:
- valid_target1
- valid_target2
settings:
configs:
invalid_key: valueThis needs to be fixed.
…dictionary to Settings
giginet
reviewed
May 26, 2025
giginet
reviewed
May 26, 2025
giginet
approved these changes
May 26, 2025
freddi-kit
approved these changes
Jun 3, 2025
| import TestSupport | ||
| import PathKit | ||
|
|
||
| struct invalidConfigsMappingFormatTests { |
Collaborator
There was a problem hiding this comment.
Suggested change
| struct invalidConfigsMappingFormatTests { | |
| @Suite | |
| struct invalidConfigsMappingFormatTests { |
Do we need it? Or do you remove it for other reason?
yonaskolb
approved these changes
Jun 6, 2025
Owner
|
And thank you for reviewing @freddi-kit and @giginet 🙏 |
yonaskolb
added a commit
that referenced
this pull request
Jul 22, 2025
* Custom error handler * Check for error reason and expected type * Improvements * Update CHANGELOG.md * Update master (#1) * Update CI equipments and drop Xcode 15 support (#1548) * Add validation to ensure that settings.configs values are dictionaries, in order to prevent misuse (#1547) * Add validation to ensure settings.configs values are dictionaries to prevent misuse * Add tests for invalid settings.configs value formats * Replaced with filter and split into a function * Rename invalidConfigsFormat to invalidConfigsMappingFormat * Add comments to explain invalid fixture * Rename test fixture * Update CHANGELOG.md * Correct grammer * Use KeyPath instead of closure * Rename validateMappingStyleInConfig to extractValidConfigs * Add a document comment for extractValidConfigs(from:) * Use old testing api and remove EquatableErrorBox * Rename test case to use "mapping" instead of "dictionary" * Add ValidSettingsExtractor to encapsulate the logic for converting a dictionary to Settings * Add settings validation for both Target and AggregateTarget * Add tests for invalid settings.configs in Target and AggregateTarget * Add document comments for ValidSettingsExtractor * Rename ValidSettingsExtractor to BuildSettingsExtractor * Add settings validation for settingGroups * Add tests for settingGroups * Rename extract to parse * Refactor * Update Tests/ProjectSpecTests/InvalidConfigsFormatTests.swift --------- Co-authored-by: Yonas Kolb <[email protected]> * Synced folders (#1541) * update xcodeproj to 8.27.7 * add syncedFolder source type * drop xcode 15 support * Rely on fileReference instead of adding new synchronizedRootGroup (#1557) * fix: don't include untracked children in cache --------- Co-authored-by: Kirill Yakimovich <[email protected]> * Use USER env var instead of LOGNAME (#1559) During user switch with su/sudo in system LOGNAME may not be initialised, but USER env var is always exist. * Address Sanitizer options in run/test schemes (#1550) * Expose address sanitizer flags in run and test BuildActions in Schemes * Update testJSONEncodable to test the new fields * Also test the asan setting values for run scheme * Update changelog --------- Co-authored-by: Yonas Kolb <[email protected]> * Update to 2.44.0 # Conflicts: # CHANGELOG.md --------- Co-authored-by: Kohki Miki <[email protected]> Co-authored-by: Ryu <[email protected]> Co-authored-by: Yonas Kolb <[email protected]> Co-authored-by: Kirill Yakimovich <[email protected]> Co-authored-by: Kanstantsin Shautsou <[email protected]> Co-authored-by: Himanshu Kumar <[email protected]> * Revert * Refactoring started * func json(atKeyPath keyPath: String) -> String? * All cases --------- Co-authored-by: Kohki Miki <[email protected]> Co-authored-by: Ryu <[email protected]> Co-authored-by: Yonas Kolb <[email protected]> Co-authored-by: Kirill Yakimovich <[email protected]> Co-authored-by: Kanstantsin Shautsou <[email protected]> Co-authored-by: Himanshu Kumar <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
In our team, we previously encountered cases where
settings.configswas misused by passing non-dictionary values.However, because no error was raised, the issue went unnoticed.
Proposed Solution
This PR adds validation to ensure that all values in
settings.configsare dictionaries.For example, the following invalid configuration will now throw a
SpecParsingError.invalidConfigsFormatduring parsing:If any non-dictionary values are found, a
SpecParsingError.invalidConfigsFormatis thrown during parsing.By introducing this validation, such misconfigurations can now be detected early.