hide submission validation behind a feature flag

Kitware · Sep 10, 2024 · ed8459c · ed8459c
1 parent 581791b
commit ed8459c
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 4 deletions.
diff --git a/.env.example b/.env.example
@@ -125,6 +125,11 @@ DB_PASSWORD=secret
 # to some value other than 'sync'.
 #REMOTE_WORKERS=false
 
+# Whether or not submission XML files are validated before being processed.
+# Enabling this setting will trigger a scan through XML files uploaded in
+# each submission in order to preemptively reject malformed files.
+#VALIDATE_XML_SUBMISSIONS=true
+
 # Should we show the most recent submission time for a project or subproject?
 # Disabling this feature can improve rendering performance of index.php
 # for projects with lots of subproject builds.

diff --git a/app/cdash/include/ctestparser.php b/app/cdash/include/ctestparser.php
@@ -182,15 +182,15 @@ function ctest_parse($filehandle, string $filename, $projectid, $expected_md5 =
     $file = $xml_info['xml_type'];
     $schema_file = $xml_info['xml_schema'];
 
-    // Ensure the XML file is valid if the XML type has a schema defined
-    if (isset($schema_file)) {
+    // If validation is enabled and if this file has a corresponding schema, validate it
+    if (((bool) config('cdash.validate_xml_submissions')) === true && isset($schema_file)) {
         try {
             SubmissionUtils::validate_xml($filename, $schema_file);
         } catch (CDashXMLValidationException $e) {
             foreach ($e->getDecodedMessage() as $error) {
-                Log::error($error);
+                Log::error("Validating $filename: ".$error);
             }
-            return false;
+            abort(400, "Xml validation failed: rejected file $filename");
         }
     }
 

diff --git a/config/cdash.php b/config/cdash.php
@@ -75,6 +75,7 @@
     'show_last_submission' => env('SHOW_LAST_SUBMISSION', true),
     'slow_page_time' => env('SLOW_PAGE_TIME', 10),
     'token_duration' => env('TOKEN_DURATION', 15811200),
+    'validate_xml_submissions' => env('VALIDATE_XML_SUBMISSIONS', false),
     // Specify whether users are allowed to create "full access" authentication tokens
     'allow_full_access_tokens' => env('ALLOW_FULL_ACCESS_TOKENS', true),
     // Specify whether users are allowed to create "submit only" tokens which are valid for all projects

diff --git a/docs/submissions.md b/docs/submissions.md
@@ -76,3 +76,7 @@ for both the CDash web service and the remote worker(s).
 ## Deferred submissions
 
 CDash automatically detects when its database is unavailable and stores submissions received during this outage. When database access is restored, CDash will attempt to parse the submissions that were received during the outage. This behavior is controlled by the presence of the file named `DB_WAS_DOWN` in the storage directory.
+
+## Submission files validation
+
+CDash can be configured to validate submitted XML files before attempting to process them, in order to preemptively reject malformed files. If enabled, once a submission is moved out of the queue, its XML files will be scanned for valid syntax and validated against the [XML schemas](../app/Validators/Schemas/) CDash supports. To use this feature, set `VALIDATE_XML_SUBMISSIONS=true` in your `.env` file.