Open lukpueh opened 4 years ago
https://github.com/secure-systems-lab/code-style-guidelines/issues/18 has an interesting discussion about input validation, control flow and program consistency.
The approach I would take to this research project, is:
Understand the current validation mechanism in use:
securesystemslib.schema
, its purpose and its flaws.ValidationMixin
, which validates metadata in memory utilising securesystemslib.schema
(see example usage).Review existing external/3rd-party solutions:
Understand options for custom validation logic
Descriptor
s seem well suited for attribute validation. However, they may not allow for the currently supported pattern of initialising empty objects, assigning values, and later validating them (from https://github.com/theupdateframework/tuf/issues/1140#issuecomment-738108971).For each of the three possible new approaches suggested above, I would expect some prototype code to be written to get a feel for how the approach fits with our new code. I'd be inclined to base on #1279, if it has not already been merged by the time we get to experimenting with new approaches.
Goals: We want to be able to:
Outcomes:
Considerations:
Next steps:
See also, the related issue on input validation for metadata API: https://github.com/theupdateframework/tuf/issues/1140
Other possibly useful references:
Descriptor
sThe initial version of the ADR addressing this issue is out: #1301.
It contains only two options for now ValidationMixin
and pydantic
.
Update on what has happened so far:
Metadata Attribute research - *
where *
is the name of the attribute. For example #1419, #1420.I will unassign myself from this issue for now, because I am not actively working on validation guidelines ADR. Before that, it's important to understand how do we want to operate and store all of the metadata attributes, provide validation functions for them and decide which validation option do we want to use from ADR7 or something totally new.
Together with @lukpueh we have discussed that a formal ADR about validation guidelines seems too much of work and we are not sure we needed it as we have already implemented validation for all Metadata classes (see https://github.com/theupdateframework/python-tuf/issues/1140#issuecomment-971588922).
Even if there is no ADR there is a sense in providing some guidance about how the maintainers feel about validation, what validations options were discussed and what requirements should be taken into account when adding validation to python-tuf. It seems that the best place to answer those questions is in a blogpost published on https://theupdateframework.github.io/python-tuf/ and together with @lukpueh agree that this is the logical step that will close this issue.
There seems to be agreement to discontinue the securesystemslib schema facility (see https://github.com/secure-systems-lab/securesystemslib/issues/183). We still need to be able to validate all inputs at the user boundary (type annotations should make this a lot easier), and provide tools to check if metadata is spec compliant (maybe we can use something like JSON schema?). At any rate, it would be helpful for contributors to provide guidelines for validation.