From 33becfe79f17f6c1f81c908fd74127be313cff25 Mon Sep 17 00:00:00 2001
From: Daniil Baturin <daniil@baturin.org>
Date: Fri, 4 Nov 2022 15:29:03 +0000
Subject: T4798: add a file path validator

(cherry picked from commit 96bb119393d8606d9408d72aa5cb468702bef625)
---
 debian/rules              |  2 ++
 debian/vyos-utils.install |  3 ++-
 src/file_path.ml          | 48 +++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 52 insertions(+), 1 deletion(-)
 create mode 100644 src/file_path.ml

diff --git a/debian/rules b/debian/rules
index c6e8920..09cdd65 100755
--- a/debian/rules
+++ b/debian/rules
@@ -9,12 +9,14 @@ override_dh_auto_build:
 	eval `opam env`
 	mkdir -p _build
 	ocamlfind ocamlopt -o _build/numeric -package pcre -linkpkg src/numeric.ml
+	ocamlfind ocamlopt -o _build/file-path -package fileutils -linkpkg src/file_path.ml
 	ocamlfind ocamlopt -o _build/validate-value -package pcre,unix,containers -linkpkg src/validate_value.ml
 
 override_dh_auto_install:
 	mkdir -p $(DIR)/usr/libexec/vyos/validators
 	cp _build/numeric $(DIR)/usr/libexec/vyos/validators
 	cp _build/validate-value $(DIR)/usr/libexec/vyos/
+	cp _build/file-path $(DIR)/usr/libexec/vyos/validators
 
 override_dh_auto_test:
 	echo "No tests yet"
diff --git a/debian/vyos-utils.install b/debian/vyos-utils.install
index 77ea559..a67b3f8 100644
--- a/debian/vyos-utils.install
+++ b/debian/vyos-utils.install
@@ -1,2 +1,3 @@
-usr/libexec/vyos/validators/numeric
 usr/libexec/vyos/validate-value
+usr/libexec/vyos/validators/numeric
+usr/libexec/vyos/validators/file-path
diff --git a/src/file_path.ml b/src/file_path.ml
new file mode 100644
index 0000000..8c05ffd
--- /dev/null
+++ b/src/file_path.ml
@@ -0,0 +1,48 @@
+type opts = {
+  must_be_file : bool;
+  parent : string option;
+  strict : bool; 
+}
+
+let default_opts = {
+  must_be_file = true;
+  parent = None;
+  strict = false
+}
+
+let opts = ref default_opts
+
+let path_arg = ref ""
+
+let args = [
+    ("--file", Arg.Unit (fun () -> opts := {!opts with must_be_file=true}), "Path must point to a file and not a directory (default)");
+    ("--directory", Arg.Unit (fun () -> opts := {!opts with must_be_file=false}), "Path must point to a directory");
+    ("--parent-dir", Arg.String (fun s -> opts := {!opts with parent=(Some s)}), "Path must be inside specific parent directory");
+    ("--strict", Arg.Unit (fun () -> opts := {!opts with strict=true}), "Treat warnings as errors");
+]
+let usage = Printf.sprintf "Usage: %s [OPTIONS] <path>" Sys.argv.(0)
+
+let () = if Array.length Sys.argv = 1 then (Arg.usage args usage; exit 1)
+let () = Arg.parse args (fun s -> path_arg := s) usage
+
+let fail msg =
+  let () = print_endline msg in
+  exit 1
+
+let () =
+  let path = !path_arg in
+  let opts = !opts in
+  (* First, check if the file/dir path exists at all. *)
+  let exists = FileUtil.test FileUtil.Exists path in
+  if not exists then Printf.ksprintf fail {|Incorrect path %s: no such file or directory|} path else
+  (* If yes, check if it's of the correct type: file or directory. *)
+  let is_file =	FileUtil.test FileUtil.Is_file path in
+  if ((not is_file) && opts.must_be_file) then Printf.ksprintf fail {|%s is a directory, not a file|} path else 
+  if (is_file && (not opts.must_be_file)) then Printf.ksprintf fail {|%s is a file, not a directory|} path else
+  match opts.parent with
+  | None ->
+    exit 0
+  | Some parent ->
+    if not (FilePath.is_subdir (FilePath.reduce path) (FilePath.reduce parent)) then
+    let msg = Printf.sprintf {|Path %s is not under %s directory|} path parent in
+    if opts.strict then fail msg else Printf.printf "Warning: %s\n" msg
-- 
cgit v1.2.3


From ebd356b218ad4261c9af1bc78d8f40c36b074ec1 Mon Sep 17 00:00:00 2001
From: John Estabrook <jestabro@vyos.io>
Date: Mon, 12 Dec 2022 10:58:55 -0600
Subject: validators: T4875: add option lookup-path to cat with file/dir arg

(cherry picked from commit 3883bb64a45794904f042e2f1e4458eb4700de8b)
---
 src/file_path.ml | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/file_path.ml b/src/file_path.ml
index 8c05ffd..ea3068c 100644
--- a/src/file_path.ml
+++ b/src/file_path.ml
@@ -1,12 +1,14 @@
 type opts = {
   must_be_file : bool;
   parent : string option;
+  lookup_path : string option;
   strict : bool; 
 }
 
 let default_opts = {
   must_be_file = true;
   parent = None;
+  lookup_path = None;
   strict = false
 }
 
@@ -18,6 +20,7 @@ let args = [
     ("--file", Arg.Unit (fun () -> opts := {!opts with must_be_file=true}), "Path must point to a file and not a directory (default)");
     ("--directory", Arg.Unit (fun () -> opts := {!opts with must_be_file=false}), "Path must point to a directory");
     ("--parent-dir", Arg.String (fun s -> opts := {!opts with parent=(Some s)}), "Path must be inside specific parent directory");
+    ("--lookup-path", Arg.String (fun s -> opts := {!opts with lookup_path=(Some s)}), "Prefix path argument with lookup path");
     ("--strict", Arg.Unit (fun () -> opts := {!opts with strict=true}), "Treat warnings as errors");
 ]
 let usage = Printf.sprintf "Usage: %s [OPTIONS] <path>" Sys.argv.(0)
@@ -30,8 +33,12 @@ let fail msg =
   exit 1
 
 let () =
-  let path = !path_arg in
   let opts = !opts in
+  let path =
+    match opts.lookup_path with
+    | None -> !path_arg
+    | Some lookup_path -> FilePath.concat lookup_path !path_arg
+  in
   (* First, check if the file/dir path exists at all. *)
   let exists = FileUtil.test FileUtil.Exists path in
   if not exists then Printf.ksprintf fail {|Incorrect path %s: no such file or directory|} path else
-- 
cgit v1.2.3


From 41c005a0458b9bb0507f44573ec74d71d7bb5ebc Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Sat, 21 Jan 2023 20:15:26 +0100
Subject: GitHub: add workflows for author assignment

(cherry picked from commit 2bc7d35dd82eab286e2392e0c09c7dd5b6285eda)
---
 .github/PULL_REQUEST_TEMPLATE.md         | 47 ++++++++++++++++++++++++++++++++
 .github/reviewers.yml                    |  3 ++
 .github/workflows/auto-author-assign.yml | 27 ++++++++++++++++++
 .github/workflows/pr-conflicts.yml       | 18 ++++++++++++
 4 files changed, 95 insertions(+)
 create mode 100644 .github/PULL_REQUEST_TEMPLATE.md
 create mode 100644 .github/reviewers.yml
 create mode 100644 .github/workflows/auto-author-assign.yml
 create mode 100644 .github/workflows/pr-conflicts.yml

diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
new file mode 100644
index 0000000..edf4664
--- /dev/null
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,47 @@
+<!-- All PR should follow this template to allow a clean and transparent review -->
+<!-- Text placed between these delimiters is considered a comment and is not rendered -->
+
+## Change Summary
+<!--- Provide a general summary of your changes in the Title above -->
+
+## Types of changes
+<!---
+What types of changes does your code introduce? Put an 'x' in all the boxes that apply.
+NOTE: Markdown requires no leading or trailing whitespace inside the [ ] for checking
+the box, please use [x]
+-->
+- [ ] Bug fix (non-breaking change which fixes an issue)
+- [ ] New feature (non-breaking change which adds functionality)
+- [ ] Code style update (formatting, renaming)
+- [ ] Refactoring (no functional changes)
+- [ ] Other (please describe):
+
+## Related Task(s)
+<!-- All submitted PRs must be linked to a Task on Phabricator. -->
+* https://phabricator.vyos.net/Txxxx
+
+## Component(s) name
+<!-- A rather incomplete list of components: ethernet, wireguard, bgp, mpls, ldp, l2tp, dhcp ... -->
+
+## Proposed changes
+<!--- Describe your changes in detail -->
+
+## How to test
+<!---
+Please describe in detail how you tested your changes. Include details of your testing
+environment, and the tests you ran. When pasting configs, logs, shell output, backtraces,
+and other large chunks of text, surround this text with triple backtics
+```
+like this
+```
+-->
+
+## Checklist:
+<!--- Go over all the following points, and put an `x` in all the boxes that apply. -->
+<!--- If you're unsure about any of these, don't hesitate to ask. We're here to help! -->
+<!--- The entire development process is outlined here: https://docs.vyos.io/en/latest/contributing/development.html -->
+- [ ] I have read the [**CONTRIBUTING**](https://github.com/vyos/vyos-1x/blob/current/CONTRIBUTING.md) document
+- [ ] I have linked this PR to one or more Phabricator Task(s)
+- [ ] My commit headlines contain a valid Task id
+- [ ] My change requires a change to the documentation
+- [ ] I have updated the documentation accordingly
diff --git a/.github/reviewers.yml b/.github/reviewers.yml
new file mode 100644
index 0000000..a1647d2
--- /dev/null
+++ b/.github/reviewers.yml
@@ -0,0 +1,3 @@
+---
+"**/*":
+  - team: reviewers
diff --git a/.github/workflows/auto-author-assign.yml b/.github/workflows/auto-author-assign.yml
new file mode 100644
index 0000000..13bfd9b
--- /dev/null
+++ b/.github/workflows/auto-author-assign.yml
@@ -0,0 +1,27 @@
+name: "PR Triage"
+on:
+  pull_request_target:
+    types: [opened, reopened, ready_for_review, locked]
+
+permissions:
+  pull-requests: write
+
+jobs:
+  # https://github.com/marketplace/actions/auto-author-assign
+  assign-author:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Assign Author to PR"
+        uses: toshimaru/auto-author-assign@v1.3.5
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+
+  # https://github.com/shufo/auto-assign-reviewer-by-files
+  assign_reviewer:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Request review based on files changes and/or groups the author belongs to
+        uses: shufo/auto-assign-reviewer-by-files@v1.1.4
+        with:
+          token: ${{ secrets.PR_ACTION_ASSIGN_REVIEWERS }}
+          config: .github/reviewers.yml
diff --git a/.github/workflows/pr-conflicts.yml b/.github/workflows/pr-conflicts.yml
new file mode 100644
index 0000000..72ff396
--- /dev/null
+++ b/.github/workflows/pr-conflicts.yml
@@ -0,0 +1,18 @@
+name: "PR Conflicts checker"
+on:
+  pull_request_target:
+    types: [synchronize]
+
+jobs:
+  Conflict_Check:
+    name: 'Check PR status: conflicts and resolution'
+    runs-on: ubuntu-18.04
+    steps:
+      - name: check if PRs are dirty
+        uses: eps1lon/actions-label-merge-conflict@releases/2.x
+        with:
+          dirtyLabel: "state: conflict"
+          removeOnDirtyLabel: "state: conflict resolved"
+          repoToken: "${{ secrets.GITHUB_TOKEN }}"
+          commentOnDirty: "This pull request has conflicts, please resolve those before we can evaluate the pull request."
+          commentOnClean: "Conflicts have been resolved. A maintainer will review the pull request shortly."
-- 
cgit v1.2.3