commit 2cbf09925ad45401673a79ab77f67de2f04a826c
author Eric Blake <eblake@redhat.com> Mon May 04 09:05:24 2015 -0600
committer Markus Armbruster <armbru@redhat.com> Tue May 05 18:39:01 2015 +0200
tree 50fb23198c62297cdcc892e6d57301109621cfd4
parent 10d4d997f86cf2a4ce89145df5658952d5722e56

qapi: More rigorous checking for type safety bypass

Now that we have a way to validate every type, we can also be
stricter about enforcing that callers that want to bypass
type safety in generated code.  Prior to this patch, it didn't
matter what value was associated with the key 'gen', but it
looked odd that 'gen':'yes' could result in bypassing the
generated code.  These changes also enforce the changes made
earlier in the series for documentation and consolidation of
using '**' as the wildcard type, as well as 'gen':false as the
canonical spelling for requesting type bypass.

Note that 'gen':false is a one-way switch away from the default;
we do not support 'gen':true (similar for 'success-response').
In practice, this doesn't matter.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>

scripts/qapi.py

diff --git a/scripts/qapi.py b/scripts/qapi.py
index 2402d05..e391b5a 100644
--- a/scripts/qapi.py
+++ b/scripts/qapi.py
@@ -324,14 +324,15 @@
                             "%s uses invalid name '%s'" % (source, name))
 
 def check_type(expr_info, source, value, allow_array = False,
-               allow_dict = False, allow_optional = False, allow_metas = []):
+               allow_dict = False, allow_optional = False,
+               allow_star = False, allow_metas = []):
     global all_names
     orig_value = value
 
     if value is None:
         return
 
-    if value == '**':
+    if allow_star and value == '**':
         return
 
     # Check if array type for value is okay
@@ -348,6 +349,10 @@
 
     # Check if type name for value is okay
     if isinstance(value, str):
+        if value == '**':
+            raise QAPIExprError(expr_info,
+                                "%s uses '**' but did not request 'gen':false"
+                                % source)
         if not value in all_names:
             raise QAPIExprError(expr_info,
                                 "%s uses unknown type '%s'"
@@ -371,19 +376,22 @@
         check_type(expr_info, "Member '%s' of %s" % (key, source), arg,
                    allow_array=True, allow_dict=True, allow_optional=True,
                    allow_metas=['built-in', 'union', 'alternate', 'struct',
-                                'enum'])
+                                'enum'], allow_star=allow_star)
 
 def check_command(expr, expr_info):
     name = expr['command']
+    allow_star = expr.has_key('gen')
+
     check_type(expr_info, "'data' for command '%s'" % name,
                expr.get('data'), allow_dict=True, allow_optional=True,
-               allow_metas=['union', 'struct'])
+               allow_metas=['union', 'struct'], allow_star=allow_star)
     returns_meta = ['union', 'struct']
     if name in returns_whitelist:
         returns_meta += ['built-in', 'alternate', 'enum']
     check_type(expr_info, "'returns' for command '%s'" % name,
                expr.get('returns'), allow_array=True, allow_dict=True,
-               allow_optional=True, allow_metas=returns_meta)
+               allow_optional=True, allow_metas=returns_meta,
+               allow_star=allow_star)
 
 def check_event(expr, expr_info):
     global events
@@ -579,6 +587,10 @@
             raise QAPIExprError(info,
                                 "Unknown key '%s' in %s '%s'"
                                 % (key, meta, name))
+        if (key == 'gen' or key == 'success-response') and value != False:
+            raise QAPIExprError(info,
+                                "'%s' of %s '%s' should only use false value"
+                                % (key, meta, name))
     for key in required:
         if not expr.has_key(key):
             raise QAPIExprError(info,