Add mpr validations to rpdk

syldyer · syldyer · commit b34c67e44e27 · 2024-10-08T21:19:48.000Z
diff --git a/src/rpdk/core/data_loaders.py b/src/rpdk/core/data_loaders.py
@@ -21,6 +21,7 @@
 
 TIMEOUT_IN_SECONDS = 10
 STDIN_NAME = "<stdin>"
+MAX_CONFIGURATION_SCHEMA_LENGTH = 60 * 1024  # 60 KiB
 
 
 def resource_stream(package_name, resource_name, encoding="utf-8"):
@@ -152,6 +153,12 @@ def load_resource_spec(resource_spec_file):  # pylint: disable=R # noqa: C901
         LOG.debug("Resource spec decode failed", exc_info=True)
         raise SpecValidationError(str(e)) from e
 
+    # check TypeConfiguration schema size
+    if len(json.dumps(resource_spec).encode("utf-8")) > MAX_CONFIGURATION_SCHEMA_LENGTH:
+        raise SpecValidationError(
+            "TypeConfiguration schema exceeds maximum length of 60 KiB"
+        )
+
     validator = make_resource_validator()
     additional_properties_validator = (
         make_resource_validator_with_additional_properties_check()
diff --git a/src/rpdk/core/project.py b/src/rpdk/core/project.py
@@ -95,6 +95,10 @@
 # https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html
 MIN_ROLE_TIMEOUT_SECONDS = 3600  # 1 hour
 MAX_ROLE_TIMEOUT_SECONDS = 43200  # 12 hours
+MAX_RPDK_CONFIG_LENGTH = 10 * 1024  # 10 KiB
+MAX_CONFIGURATION_SCHEMA_LENGTH = 60 * 1024  # 60 KiB
+
+PROTOCOL_VERSION_VALUES = frozenset({"1.0.0", "2.0.0"})
 
 CFN_METADATA_FILENAME = ".cfn_metadata.json"
 
@@ -282,6 +286,31 @@ def load_settings(self):
                 f"Project file '{self.settings_path}' is invalid", e
             )
 
+        # check size of RPDK config
+        if len(json.dumps(raw_settings).encode("utf-8")) > MAX_RPDK_CONFIG_LENGTH:
+            raise InvalidProjectError(
+                f"Project file '{self.settings_path}' exceeds maximum length of 10 KiB."
+            )
+        # validate protocol version, if specified
+        try:
+            settings = raw_settings["settings"]
+            if "protocolVersion" in settings:
+                protocol_version = settings["protocolVersion"]
+                if protocol_version not in PROTOCOL_VERSION_VALUES:
+                    raise InvalidProjectError(
+                        f"Invalid 'protocolVersion' settings in '{self.settings_path}"
+                    )
+            else:
+                LOG.warning(
+                    "No protovolVersion found: this will default to version 1.0.0 during registration. "
+                    "Please consider upgrading to CFN-CLI 2.0 following the guide: "
+                    "https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/what-is-cloudformation-cli.html"
+                )
+        except KeyError:
+            raise InvalidProjectError(
+                f"Error extracting protocol version from '{self.settings_path}'"
+            )
+
         # backward compatible
         if "artifact_type" not in raw_settings:
             raw_settings["artifact_type"] = ARTIFACT_TYPE_RESOURCE
diff --git a/src/rpdk/core/validate.py b/src/rpdk/core/validate.py
@@ -9,6 +9,7 @@
 LOG = logging.getLogger(__name__)
 
 
+# validations for cfn validate are done in both project.py and data_loaders.py
 def validate(_args):
     project = Project()
     project.load()
