[YANGTOOLS-1077] Validate YANG strings for forbidden characters Created: 31/Jan/20  Updated: 12/Feb/20  Resolved: 12/Feb/20

Status: Resolved
Project: yangtools
Component/s: codecs
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Medium
Reporter: Martin Bugáň Assignee: Martin Bugáň
Resolution: Won't Do Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   

According to RFC7950, YANG strings can't store forbidden characters defined in Section 14, https://tools.ietf.org/html/rfc7950#section-14

Here is the particular section of the rule:

yang-string = *yang-char
;; any Unicode or ISO/IEC 10646 character, including tab, carriage
;; return, and line feed but excluding the other C0 control
;; characters, the surrogate blocks, and the noncharacters
yang-char = %x09 / %x0A / %x0D / %x20-D7FF /
; exclude surrogate blocks %xD800-DFFF
%xE000-FDCF / ; exclude noncharacters %xFDD0-FDEF
%xFDF0-FFFD / ; exclude noncharacters %xFFFE-FFFF
%x10000-1FFFD / ; exclude noncharacters %x1FFFE-1FFFF
%x20000-2FFFD / ; exclude noncharacters %x2FFFE-2FFFF
%x30000-3FFFD / ; exclude noncharacters %x3FFFE-3FFFF
%x40000-4FFFD / ; exclude noncharacters %x4FFFE-4FFFF
%x50000-5FFFD / ; exclude noncharacters %x5FFFE-5FFFF
%x60000-6FFFD / ; exclude noncharacters %x6FFFE-6FFFF
%x70000-7FFFD / ; exclude noncharacters %x7FFFE-7FFFF
%x80000-8FFFD / ; exclude noncharacters %x8FFFE-8FFFF
%x90000-9FFFD / ; exclude noncharacters %x9FFFE-9FFFF
%xA0000-AFFFD / ; exclude noncharacters %xAFFFE-AFFFF
%xB0000-BFFFD / ; exclude noncharacters %xBFFFE-BFFFF
%xC0000-CFFFD / ; exclude noncharacters %xCFFFE-CFFFF
%xD0000-DFFFD / ; exclude noncharacters %xDFFFE-DFFFF
%xE0000-EFFFD / ; exclude noncharacters %xEFFFE-EFFFF
%xF0000-FFFFD / ; exclude noncharacters %xFFFFE-FFFFF
%x100000-10FFFD ; exclude noncharacters %x10FFFE-10FFFF

 
Yangtools now does not provide any validation of this form, so it could create some issues, although accepting invalid strings might be good for interoperability, but emitting invalid strings (and exposing them to mdsal plugins) is both RFC-incompliant and bad for interoperability.

UPDATE: "yang strings" means not only string literals written in the .yang files themselves, but also all data of the builtin type string [1] (and presumably any derived type).

[1] https://tools.ietf.org/html/rfc7950#section-9.4

 Comments   
Comment by Vratko Polak [ 03/Feb/20 ]

I am not sure what will be the proper place to add the validation, but just before here [1] looks reasonable.

[1] https://github.com/opendaylight/yangtools/blob/v4.0.6/yang/yang-data-impl/src/main/java/org/opendaylight/yangtools/yang/data/impl/codec/StringStringCodec.java#L52

Comment by Robert Varga [ 12/Feb/20 ]

After thinking about this quite a bit, I do not believe it is feasible to implement this. The reason for that boils down to the fact we would have to either encapsulate String objects to express they have been validated or validate them at each surface where plain Java meets YANG-modeled world. That is just not feasible.

Generated at Wed Feb 07 20:55:07 UTC 2024 using Jira 8.20.10#820010-sha1:ace47f9899e9ee25d7157d59aa17ab06aee30d3d.