encounter/dawn-cmake
1
0
Fork 0
mirror of https://github.com/encounter/dawn-cmake.git synced 2025-12-13 23:26:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

BUILD.gn: Add a check generated files are in allowed dirs.

Browse Source 
This is important so that we know that the list of allowed directories
is in sync with other parts of the build in follow-up commits.

BUG=dawn:22

Change-Id: I202bec55b510989e43acf497956e2937c9a2f60a
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/11360
Reviewed-by: Austin Eng <enga@chromium.org>
Reviewed-by: Kai Ninomiya <kainino@chromium.org>
Commit-Queue: Corentin Wallez <cwallez@chromium.org>
This commit is contained in:
Corentin Wallez
2019-09-18 23:19:31 +00:00
committed by Commit Bot service account
parent 450e212cf5
commit 05623df97f
3 changed files with 50 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
generator/generator_lib.py
View File

@@ -211,6 +211,7 @@ def run_generator(generator):
parser.add_argument('--depfile', default=None, type=str, help='Name of the Ninja depfile to create for the JSON tarball')
parser.add_argument('--expected-outputs-file', default=None, type=str, help="File to compare outputs with and fail if it doesn't match")
parser.add_argument('--root-dir', default=None, type=str, help='Optional source root directory for Python dependency computations')
parser.add_argument('--allowed-output-dirs-file', default=None, type=str, help="File containing a list of allowed directories where files can be output.")
args = parser.parse_args()
@@ -231,6 +232,26 @@ def run_generator(generator):
outputs = _do_renders(renders, args.template_dir)
# The caller wants to assert that the outputs are only in specific directories.
if args.allowed_output_dirs_file != None:
with open(args.allowed_output_dirs_file) as f:
allowed_dirs = set([line.strip() for line in f.readlines()])
for directory in allowed_dirs:
if not directory.endswith('/'):
print('Allowed directory entry "{}" doesn\'t end with /'.format(directory))
return 1
def check_in_subdirectory(path, directory):
return path.startswith(directory) and not '/' in path[len(directory):]
for render in renders:
if not any(check_in_subdirectory(render.output, directory) for directory in allowed_dirs):
print('Output file "{}" is not in the allowed directory list below:'.format(render.output))
for directory in sorted(allowed_dirs):
print(' "{}"'.format(directory))
return 1
# Output the tarball and its depfile
if args.output_json_tarball != None:
json_root = {}