Validate spec_version during initialization

Even though version strings like "2.0.0-rc.2" or "1.0.0-beta" are valid strings in semantic versioning format, in TUF we never needed to add letters for our specification number. That's why I validate that: spec_version is a . separated string and when split it has a length of 3 and that each of the three elements is a number. Also, I check that the given spec_version is supported against the tuf code spec version. Signed-off-by: Martin Vrachev <[email protected]>
theupdateframework · Jun 7, 2021 · 34da1ff · 34da1ff
1 parent 4596f91
commit 34da1ff
Showing 1 changed file with 21 additions and 1 deletion.
diff --git a/tuf/api/metadata.py b/tuf/api/metadata.py
@@ -16,6 +16,7 @@
 
 """
 import abc
+import logging
 import tempfile
 from datetime import datetime, timedelta
 from typing import Any, ClassVar, Dict, List, Mapping, Optional, Tuple, Type
@@ -25,7 +26,7 @@
 from securesystemslib.storage import FilesystemBackend, StorageBackendInterface
 from securesystemslib.util import persist_temp_file
 
-from tuf import exceptions
+from tuf import exceptions, SPECIFICATION_VERSION
 from tuf.api.serialization import (
     MetadataDeserializer,
     MetadataSerializer,
@@ -37,6 +38,8 @@
 # and currently, we are above 1000 lines by a small margin.
 # pylint: disable=C0302
 
+logger = logging.getLogger(__name__)
+
 
 class Metadata:
     """A container for signed TUF metadata.
@@ -343,6 +346,23 @@ def __init__(
         expires: datetime,
         unrecognized_fields: Optional[Mapping[str, Any]] = None,
     ) -> None:
+        spec_list = spec_version.split(".")
+        if len(spec_list) != 3 or not all(el.isdigit() for el in spec_list):
+            raise ValueError(
+                f"spec_version must be in semver format, got {spec_version}"
+            )
+        supported_ver = SPECIFICATION_VERSION.split(".")
+        if spec_list[0] != supported_ver[0]:
+            raise exceptions.UnsupportedSpecificationError(
+                f"Unsupported major spec_version, got {spec_list}, "
+                f"supported {supported_ver}"
+            )
+        if spec_list[1] != supported_ver[1]:
+            logger.info(
+                "Different minor version than supported, got %s, supported %s",
+                spec_version,
+                supported_ver,
+            )
         self.spec_version = spec_version
         self.expires = expires