chore: add new validation util and a bit of housekeeping (#210)

* chore: add new validation util and a bit of housekeeping * fix: update messages
hypertrace · May 10, 2024 · 24f3fc0 · 24f3fc0
1 parent ef9a8f2
commit 24f3fc0
Show file tree

Hide file tree

Showing 7 changed files with 39 additions and 24 deletions.
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -26,19 +26,19 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         with:
           languages: ${{ matrix.language }}
 
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
+        uses: github/codeql-action/autobuild@v3
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3
diff --git a/.github/workflows/merge-publish.yml b/.github/workflows/merge-publish.yml
@@ -11,12 +11,12 @@ jobs:
     steps:
        # Set fetch-depth: 0 to fetch commit history and tags for use in version calculation
       - name: Check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
       - name: Login to Docker Hub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_READ_USER }}
           password: ${{ secrets.DOCKERHUB_READ_TOKEN }}

diff --git a/.github/workflows/pr-build.yml b/.github/workflows/pr-build.yml
@@ -13,14 +13,14 @@ jobs:
     steps:
       # Set fetch-depth: 0 to fetch commit history and tags for use in version calculation
       - name: Check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: ${{github.event.pull_request.head.ref}}
           repository: ${{github.event.pull_request.head.repo.full_name}}
           fetch-depth: 0
 
       - name: Login to Docker Hub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_READ_USER }}
           password: ${{ secrets.DOCKERHUB_READ_TOKEN }}
@@ -41,14 +41,14 @@ jobs:
       # Set fetch-depth: 0 to fetch commit history and tags for use in version calculation
     steps:
       - name: Check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: ${{github.event.pull_request.head.ref}}
           repository: ${{github.event.pull_request.head.repo.full_name}}
           fetch-depth: 0
 
       - name: Setup buf
-        uses: bufbuild/buf-setup-action@v1.9.0
+        uses: bufbuild/buf-setup-action@v1
         with:
           github_token: ${{ github.token }}
 

diff --git a/.github/workflows/pr-test.yml b/.github/workflows/pr-test.yml
@@ -11,7 +11,7 @@ jobs:
     steps:
       # Set fetch-depth: 0 to fetch commit history and tags for use in version calculation
       - name: Check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
@@ -48,7 +48,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -12,7 +12,7 @@ jobs:
     steps:
       # Set fetch-depth: 0 to fetch commit history and tags for use in version calculation
       - name: Check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
@@ -39,7 +39,7 @@ jobs:
     steps:
        # Set fetch-depth: 0 to fetch commit history and tags for use in version calculation
       - name: Checkout Repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
@@ -52,7 +52,7 @@ jobs:
   publish-release-notes:
     runs-on: ubuntu-22.04
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - uses: hypertrace/github-actions/release-notes@main

diff --git a/owasp-suppressions.xml b/owasp-suppressions.xml
@@ -10,13 +10,4 @@
     <cpe>cpe:/a:utils_project:utils</cpe>
     <cpe>cpe:/a:processing:processing</cpe>
   </suppress>
-  <suppress until="2024-01-31Z">
-    <notes><![CDATA[
-   Legitimate vulnerability, but unlikely to be exploited in practice as issues are with args
-   that are not under user control like radix. Expect the severity to be revised, but revisit
-   once fix is released. Ref: https://github.com/seancfoley/IPAddress/issues/118
-   ]]></notes>
-    <packageUrl regex="true">^pkg:maven/com\.github\.seancfoley/ipaddress@.*$</packageUrl>
-    <vulnerabilityName>CVE-2023-50570</vulnerabilityName>
-  </suppress>
 </suppressions>
diff --git a/validation-utils/src/main/java/org/hypertrace/config/validation/GrpcValidatorUtils.java b/validation-utils/src/main/java/org/hypertrace/config/validation/GrpcValidatorUtils.java
@@ -52,6 +52,30 @@ public static boolean isValidIpAddressOrSubnet(final String input) {
     return new IPAddressString(input, ADDRESS_VALIDATION_PARAMS).getAddress() != null;
   }
 
+  /**
+   * As opposed to `validateNonDefaultPresenceOrThrow` which looks for a non default value, here
+   * defaults are allowed as long as the field has been explicitly assigned
+   */
+  public static <T extends Message> void validateFieldPresenceOrThrow(T source, int fieldNumber) {
+    FieldDescriptor descriptor = source.getDescriptorForType().findFieldByNumber(fieldNumber);
+    if (!descriptor.hasPresence()) {
+      throw Status.INTERNAL
+          .withDescription(
+              String.format(
+                  "Improper use of 'validateFieldPresenceOrThrow' field without detectable presence: %s",
+                  descriptor.getFullName()))
+          .asRuntimeException();
+    }
+    if (!source.hasField(descriptor)) {
+      throw Status.INVALID_ARGUMENT
+          .withDescription(
+              String.format(
+                  "Expected field %s to be assigned:%n %s",
+                  descriptor.getFullName(), printMessage(source)))
+          .asRuntimeException();
+    }
+  }
+
   private static <T extends Message> void validateNonDefaultPresenceRepeatedOrThrow(
       T source, FieldDescriptor descriptor) {
     if (source.getRepeatedFieldCount(descriptor) == 0) {