cli/compose: implement the ports validation method

This commit implements a validation method for the port mappings. Also, it removes the ports validation method from the expose property since they do not accept the same type of values. Signed-off-by: Stavros Panakakis <[email protected]>
docker · Oct 9, 2024 · d9ae83c · d9ae83c
1 parent 7908982
commit d9ae83c
Show file tree

Hide file tree

Showing 2 changed files with 200 additions and 4 deletions.
diff --git a/cli/compose/schema/schema.go b/cli/compose/schema/schema.go
@@ -6,6 +6,9 @@ package schema
 import (
 	"embed"
 	"fmt"
+	"math/big"
+	"net"
+	"strconv"
 	"strings"
 	"time"
 
@@ -20,9 +23,106 @@ const (
 
 type portsFormatChecker struct{}
 
-func (checker portsFormatChecker) IsFormat(_ any) bool {
-	// TODO: implement this
-	return true
+func (checker portsFormatChecker) IsFormat(input any) bool {
+	portsAreValid := true
+
+	portPatternIsValid := func(portPattern string) bool {
+		parts := strings.SplitN(portPattern, "-", 2)
+
+		ports := []int{}
+		for _, part := range parts {
+			port, err := strconv.Atoi(part)
+			if err != nil {
+				return false
+			}
+
+			ports = append(ports, port)
+
+			if port < 0 || port > 65535 {
+				return false
+			}
+		}
+
+		if len(ports) == 2 {
+			if ports[0] > ports[1] {
+				return false
+			}
+		}
+
+		return true
+	}
+
+	ipIsValid := func(ip string) bool {
+		return net.ParseIP(ip) != nil
+	}
+
+	protocolIsValid := func(protocol string) bool {
+		return protocol == "tcp" || protocol == "udp"
+	}
+
+	var port string
+
+	switch p := input.(type) {
+	case string:
+		port = p
+	case *big.Rat:
+		port = strings.Split(p.String(), "/")[0]
+	}
+
+	parts := strings.Split(port, ":")
+
+	switch len(parts) {
+	case 1: // e.g. 8000 or 8000-8005
+		portPattern := parts[0]
+		if !portPatternIsValid(portPattern) {
+			portsAreValid = false
+		}
+	case 2: // e.g. 8000:8000 or 8000:8000/tcp
+		publishedPortPattern := parts[0]
+
+		lastParts := strings.Split(parts[1], "/")
+		targetPortPattern := lastParts[0]
+
+		if !portPatternIsValid(publishedPortPattern) {
+			portsAreValid = false
+		}
+
+		if !portPatternIsValid(targetPortPattern) {
+			portsAreValid = false
+		}
+
+		if strings.Contains(parts[1], "/") {
+			protocol := lastParts[1]
+			if !protocolIsValid(protocol) {
+				portsAreValid = false
+			}
+		}
+	case 3: // e.g. 127.0.0.1:8000:8000 or 127.0.0.1:8000:8000/tcp
+		ip := parts[0]
+		publishedPortPattern := parts[1]
+		lastParts := strings.Split(parts[2], "/")
+		targetPortPattern := lastParts[0]
+
+		if !ipIsValid(ip) {
+			portsAreValid = false
+		}
+		if !portPatternIsValid(publishedPortPattern) {
+			portsAreValid = false
+		}
+
+		if !portPatternIsValid(targetPortPattern) {
+			portsAreValid = false
+		}
+
+		if strings.Contains(parts[2], "/") {
+			protocol := lastParts[1]
+			if !protocolIsValid(protocol) {
+				portsAreValid = false
+			}
+		}
+	}
+
+	return portsAreValid
 }
 
 type durationFormatChecker struct{}
@@ -37,7 +137,6 @@ func (checker durationFormatChecker) IsFormat(input any) bool {
 }
 
 func init() {
-	gojsonschema.FormatCheckers.Add("expose", portsFormatChecker{})
 	gojsonschema.FormatCheckers.Add("ports", portsFormatChecker{})
 	gojsonschema.FormatCheckers.Add("duration", durationFormatChecker{})
 }

diff --git a/cli/compose/schema/schema_test.go b/cli/compose/schema/schema_test.go
@@ -29,6 +29,103 @@ func TestValidate(t *testing.T) {
 	assert.ErrorContains(t, Validate(config, "12345"), "unsupported Compose file version: 12345")
 }
 
+func TestValidatePorts(t *testing.T) {
+	testcases := []struct {
+		ports    any
+		hasError bool
+	}{
+		{
+			ports:    []int{8000},
+			hasError: false,
+		},
+		{
+			ports:    []string{"8000:8000"},
+			hasError: false,
+		},
+		{
+			ports:    []string{"8001-8005"},
+			hasError: false,
+		},
+		{
+			ports:    []string{"8001-8005:8001-8005"},
+			hasError: false,
+		},
+		{
+			ports:    []string{"8000"},
+			hasError: false,
+		},
+		{
+			ports:    []string{"8000-9000:80"},
+			hasError: false,
+		},
+		{
+			ports:    []string{"[::1]:8080:8000"},
+			hasError: false,
+		},
+		{
+			ports:    []string{"[::1]:8080-8085:8000"},
+			hasError: false,
+		},
+		{
+			ports:    []string{"127.0.0.1:8000:8000"},
+			hasError: false,
+		},
+		{
+			ports:    []string{"127.0.0.1:8000-8005:8000-8005"},
+			hasError: false,
+		},
+		{
+			ports:    []string{"127.0.0.1:8000:8000/udp"},
+			hasError: false,
+		},
+		{
+			ports:    []string{"8000:8000/udp"},
+			hasError: false,
+		},
+		{
+			ports:    []string{"8000:8000/http"},
+			hasError: true,
+		},
+		{
+			ports:    []string{"-1"},
+			hasError: true,
+		},
+		{
+			ports:    []string{"65536"},
+			hasError: true,
+		},
+		{
+			ports:    []string{"-1:65536/http"},
+			hasError: true,
+		},
+		{
+			ports:    []string{"invalid"},
+			hasError: true,
+		},
+		{
+			ports:    []string{"12345678:8000:8000/tcp"},
+			hasError: true,
+		},
+	}
+
+	for _, tc := range testcases {
+		config := dict{
+			"version": "3.0",
+			"services": dict{
+				"foo": dict{
+					"image": "busybox",
+					"ports": tc.ports,
+				},
+			},
+		}
+		if tc.hasError {
+			assert.ErrorContains(t, Validate(config, "3"), "services.foo.ports.0 Does not match format 'ports'")
+		} else {
+			assert.NilError(t, Validate(config, "3"))
+		}
+	}
+}
+
 func TestValidateUndefinedTopLevelOption(t *testing.T) {
 	config := dict{
 		"version": "3.0",