Skip to content

CBST2-11: Improve path validation on local Mux keys loader #300

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
+21 −11
Open

CBST2-11: Improve path validation on local Mux keys loader #300

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
d335054
Check MUX loader file exists and has json ext
ManuelBilbao Apr 29, 2025
3550645
avoid panics
ltitanb Jul 7, 2025
e1371e4
load keys to check
ltitanb Jul 8, 2025
2bea199
Update crates/common/src/config/mux.rs
ltitanb Jul 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion crates/cli/src/docker_init.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -257,7 +257,7 @@ pub async fn handle_docker_init(config_path: PathBuf, output_dir: PathBuf) -> Re

if let Some(mux_config) = cb_config.muxes {
for mux in mux_config.muxes.iter() {
if let Some((env_name, actual_path, internal_path)) = mux.loader_env() {
if let Some((env_name, actual_path, internal_path)) = mux.loader_env()? {
let (key, val) = get_env_val(&env_name, &internal_path);
pbs_envs.insert(key, val);
pbs_volumes.push(Volumes::Simple(format!("{}:{}:ro", actual_path, internal_path)));
Expand Down
30 changes: 20 additions & 10 deletions crates/common/src/config/mux.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,19 +119,29 @@ pub struct MuxConfig {

impl MuxConfig {
/// Returns the env, actual path, and internal path to use for the file
/// loader
pub fn loader_env(&self) -> Option<(String, String, String)> {
self.loader.as_ref().and_then(|loader| match loader {
/// loader. In File mode, validates the mux file prior to returning.
pub fn loader_env(&self) -> eyre::Result<Option<(String, String, String)>> {
let Some(loader) = self.loader.as_ref() else {
return Ok(None);
};

match loader {
MuxKeysLoader::File(path_buf) => {
let path =
path_buf.to_str().unwrap_or_else(|| panic!("invalid path: {:?}", path_buf));
let internal_path = get_mux_path(&self.id);
let Some(path) = path_buf.to_str() else {
bail!("invalid path: {:?}", path_buf);
};

let file = load_file(path)?;
// make sure we can load the pubkeys correctly
let _: Vec<BlsPublicKey> =
serde_json::from_str(&file).wrap_err("failed to parse mux keys file")?;

Some((get_mux_env(&self.id), path.to_owned(), internal_path))
let internal_path = get_mux_path(&self.id);
Ok(Some((get_mux_env(&self.id), path.to_owned(), internal_path)))
}
MuxKeysLoader::HTTP { .. } => None,
MuxKeysLoader::Registry { .. } => None,
})
MuxKeysLoader::HTTP { .. } => Ok(None),
MuxKeysLoader::Registry { .. } => Ok(None),
}
}
}

Expand Down
Loading