Add setting to check catalog encoding #134
Draft
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
If RSpec.configuration.strict_catalog_encoding is set to true, check whether the
catalog contains binary strings or strings with an invalid encoding. This only
checks resources, not other catalog metadata like `version`, `environment` or
edges.
Binary strings (aka ASCII_8BIT) commonly occur in facts that call
Socket.gethostname, Windows registry or partial file reads.
Strings with invalid encodings commonly occur when calling the `file` function
to inline kerberos key tab files or DER encoded keys. Note this check can't
detect cases where the underlying byte representation happens to be valid for
UTF-8. For example, if a string contains the 3 bytes sequence 0xE2 0x82 0xAC,
String#valid_encoding? will return true, since that happens to correspond to
the € code point. But if the string contains 0xC0, then valid_encoding? will
return false, since C0 must be followed by a second byte in UTF-8.
By default the setting is false, because facter has historically produced facts
with ASCII_8BIT and will be detected when running "puppet apply". The behavior
can be opted into by setting this in your module's spec/spec_helper.rb:
RSpec.configure do |c|
c.strict_catalog_encoding = true
end
|
Seems like a decent partial solution. It will catch cases in which the encoding errors occur at module test time. This can't hurt. But honestly, I'd prefer a more robust error message in the catalog compilation that gave more hints about where the invalid encoding came from. |
Yeah agreed, especially because fact fixtures and stubbed functions can hide these issues. I am working on a complementary PR to do what you're talking about, including file and line info. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
If RSpec.configuration.strict_catalog_encoding is set to true, check whether the catalog contains binary strings or strings with an invalid encoding. This only checks resources, not other catalog metadata like
version,environmentor edges.Binary strings (aka ASCII_8BIT) commonly occur in facts that call Socket.gethostname, Windows registry or partial file reads.
Strings with invalid encodings commonly occur when calling the
filefunction to inline kerberos key tab files or DER encoded keys. Note this check can't detect cases where the underlying byte representation happens to be valid for UTF-8. For example, if a string contains the 3 bytes sequence 0xE2 0x82 0xAC, String#valid_encoding? will return true, since that happens to correspond to the € code point. But if the string contains 0xC0, then valid_encoding? will return false, since C0 must be followed by a second byte in UTF-8.By default the setting is false, because facter has historically produced facts with ASCII_8BIT and will be detected when running "puppet apply". The behavior can be opted into by setting this in your module's spec/spec_helper.rb:
Additional Context
We can't rely on puppet-lint to check for binary data, because we need to evaluate functions and check the resulting catalog that the evaluator produces.
Related Issues (if any)
Checklist