| | | 1 | | <# |
| | | 2 | | .SYNOPSIS |
| | | 3 | | Validates and processes a service descriptor hashtable. |
| | | 4 | | .DESCRIPTION |
| | | 5 | | Validates the structure and required keys of a format 1.0 service descriptor hashtable. |
| | | 6 | | Also checks that referenced entry point files exist within the package root and do not escape it. |
| | | 7 | | .PARAMETER Descriptor |
| | | 8 | | The service descriptor as a hashtable, typically parsed from Service.psd1. |
| | | 9 | | .PARAMETER DescriptorPath |
| | | 10 | | The file path of the descriptor, used for error messages. |
| | | 11 | | .PARAMETER PackageRoot |
| | | 12 | | The root directory of the package, used to resolve and validate script paths. |
| | | 13 | | .EXAMPLE |
| | | 14 | | $descriptor = @{ |
| | | 15 | | Name = 'MyService' |
| | | 16 | | FormatVersion = '1.0' |
| | | 17 | | EntryPoint = 'server.ps1' |
| | | 18 | | Description = 'A sample service.' |
| | | 19 | | Version = '1.0.0' |
| | | 20 | | } |
| | | 21 | | Test-KrServiceDescriptorData -Descriptor $descriptor -DescriptorPath '.\Service.psd1' -PackageRoot '.\' |
| | | 22 | | #> |
| | | 23 | | function Test-KrServiceDescriptorData { |
| | | 24 | | param( |
| | | 25 | | [hashtable]$Descriptor, |
| | | 26 | | [string]$DescriptorPath, |
| | | 27 | | [string]$PackageRoot |
| | | 28 | | ) |
| | | 29 | | |
| | 1 | 30 | | if (-not $Descriptor.ContainsKey('Name') -or [string]::IsNullOrWhiteSpace([string]$Descriptor['Name'])) { |
| | 0 | 31 | | throw "Descriptor '$DescriptorPath' is missing required key 'Name'." |
| | | 32 | | } |
| | | 33 | | |
| | 1 | 34 | | $packageRootFullPath = [System.IO.Path]::GetFullPath($PackageRoot) |
| | 1 | 35 | | $packageRootNormalized = [System.IO.Path]::TrimEndingDirectorySeparator($packageRootFullPath) |
| | | 36 | | |
| | 1 | 37 | | $isWithinPackageRoot = { |
| | | 38 | | param([string]$PathToValidate) |
| | | 39 | | |
| | 1 | 40 | | $normalizedPath = [System.IO.Path]::TrimEndingDirectorySeparator($PathToValidate) |
| | 1 | 41 | | $relativePath = [System.IO.Path]::GetRelativePath($packageRootNormalized, $normalizedPath) |
| | | 42 | | |
| | 1 | 43 | | if ([string]::Equals($relativePath, '.', [System.StringComparison]::Ordinal)) { |
| | 1 | 44 | | return $true |
| | | 45 | | } |
| | | 46 | | |
| | 1 | 47 | | if ([System.IO.Path]::IsPathRooted($relativePath)) { |
| | 0 | 48 | | return $false |
| | | 49 | | } |
| | | 50 | | |
| | 1 | 51 | | return -not ( |
| | 1 | 52 | | [string]::Equals($relativePath, '..', [System.StringComparison]::Ordinal) -or |
| | 1 | 53 | | $relativePath.StartsWith("..$([System.IO.Path]::DirectorySeparatorChar)", [System.StringComparison]::Ordinal |
| | 1 | 54 | | $relativePath.StartsWith("..$([System.IO.Path]::AltDirectorySeparatorChar)", [System.StringComparison]::Ordi |
| | | 55 | | ) |
| | | 56 | | } |
| | | 57 | | |
| | | 58 | | function Get-KrNormalizedDescriptorRelativePathArray { |
| | | 59 | | <# |
| | | 60 | | .SYNOPSIS |
| | | 61 | | Normalizes and validates relative paths from a descriptor key. |
| | | 62 | | .PARAMETER KeyName |
| | | 63 | | The key name in the descriptor hashtable to process. |
| | | 64 | | .PARAMETER EntryLabel |
| | | 65 | | A label for the entry, used in error messages. |
| | | 66 | | .OUTPUTS |
| | | 67 | | An array of normalized relative paths. |
| | | 68 | | #> |
| | | 69 | | param( |
| | | 70 | | [string]$KeyName, |
| | | 71 | | [string]$EntryLabel |
| | | 72 | | ) |
| | | 73 | | |
| | 1 | 74 | | $normalizedPaths = @() |
| | 1 | 75 | | if (-not $Descriptor.ContainsKey($KeyName) -or $null -eq $Descriptor[$KeyName]) { |
| | 1 | 76 | | return $normalizedPaths |
| | | 77 | | } |
| | | 78 | | |
| | 1 | 79 | | $descriptorValue = $Descriptor[$KeyName] |
| | 1 | 80 | | $rawPaths = @() |
| | 1 | 81 | | if ($descriptorValue -is [string]) { |
| | 0 | 82 | | $rawPaths = @([string]$descriptorValue) |
| | 1 | 83 | | } elseif ($descriptorValue -is [hashtable] -or $descriptorValue -is [System.Collections.IDictionary]) { |
| | 1 | 84 | | throw "Descriptor '$DescriptorPath' key '$KeyName' must be a string array." |
| | 1 | 85 | | } elseif ($descriptorValue -is [System.Array] -or $descriptorValue -is [System.Collections.IList]) { |
| | 2 | 86 | | $rawPaths = @($descriptorValue) |
| | | 87 | | } else { |
| | 0 | 88 | | throw "Descriptor '$DescriptorPath' key '$KeyName' must be a string array." |
| | | 89 | | } |
| | | 90 | | |
| | 1 | 91 | | foreach ($pathValue in $rawPaths) { |
| | 1 | 92 | | $relativePath = [string]$pathValue |
| | 1 | 93 | | if ([string]::IsNullOrWhiteSpace($relativePath)) { |
| | 0 | 94 | | throw "Descriptor '$DescriptorPath' key '$KeyName' cannot contain empty values." |
| | | 95 | | } |
| | | 96 | | |
| | 1 | 97 | | if ([System.IO.Path]::IsPathRooted($relativePath)) { |
| | 0 | 98 | | throw "Descriptor '$DescriptorPath' $EntryLabel entry '$relativePath' must be a relative path." |
| | | 99 | | } |
| | | 100 | | |
| | 1 | 101 | | $combinedPath = [System.IO.Path]::GetFullPath([System.IO.Path]::Combine($packageRootFullPath, $relativePath) |
| | 2 | 102 | | if (-not (& $isWithinPackageRoot $combinedPath)) { |
| | 1 | 103 | | throw "Descriptor '$DescriptorPath' $EntryLabel entry '$relativePath' escapes the package root." |
| | | 104 | | } |
| | | 105 | | |
| | 1 | 106 | | $normalizedPaths += $relativePath |
| | | 107 | | } |
| | | 108 | | |
| | 1 | 109 | | return $normalizedPaths |
| | | 110 | | } |
| | | 111 | | |
| | 1 | 112 | | $normalizedPreservePaths = Get-KrNormalizedDescriptorRelativePathArray -KeyName 'PreservePaths' -EntryLabel 'Preserv |
| | 1 | 113 | | $normalizedApplicationDataFolders = Get-KrNormalizedDescriptorRelativePathArray -KeyName 'ApplicationDataFolders' -E |
| | | 114 | | |
| | 1 | 115 | | if (-not $Descriptor.ContainsKey('FormatVersion') -or [string]::IsNullOrWhiteSpace([string]$Descriptor['FormatVersio |
| | 0 | 116 | | throw "Descriptor '$DescriptorPath' is missing required key 'FormatVersion'." |
| | | 117 | | } |
| | | 118 | | |
| | 1 | 119 | | $formatVersion = [string]$Descriptor['FormatVersion'] |
| | 1 | 120 | | if (-not [string]::Equals($formatVersion.Trim(), '1.0', [System.StringComparison]::Ordinal)) { |
| | 0 | 121 | | throw "Descriptor '$DescriptorPath' has unsupported FormatVersion '$formatVersion'. Expected '1.0'." |
| | | 122 | | } |
| | | 123 | | |
| | 2 | 124 | | foreach ($requiredKey in @('Description', 'Version', 'EntryPoint')) { |
| | 1 | 125 | | if (-not $Descriptor.ContainsKey($requiredKey) -or [string]::IsNullOrWhiteSpace([string]$Descriptor[$requiredKey |
| | 0 | 126 | | throw "Descriptor '$DescriptorPath' is missing required key '$requiredKey'." |
| | | 127 | | } |
| | | 128 | | } |
| | | 129 | | |
| | 1 | 130 | | $parsedVersion = $null |
| | 1 | 131 | | if (-not [version]::TryParse([string]$Descriptor['Version'], [ref]$parsedVersion)) { |
| | 0 | 132 | | throw "Descriptor '$DescriptorPath' has invalid Version value '$($Descriptor['Version'])'." |
| | | 133 | | } |
| | | 134 | | |
| | 1 | 135 | | $entryPoint = [string]$Descriptor['EntryPoint'] |
| | 1 | 136 | | if ([System.IO.Path]::IsPathRooted($entryPoint)) { |
| | 0 | 137 | | throw "Descriptor '$DescriptorPath' EntryPoint must be a relative path." |
| | | 138 | | } |
| | | 139 | | |
| | 1 | 140 | | $entryPointFullPath = [System.IO.Path]::GetFullPath([System.IO.Path]::Combine($packageRootFullPath, $entryPoint)) |
| | 2 | 141 | | if (-not (& $isWithinPackageRoot $entryPointFullPath)) { |
| | 1 | 142 | | throw "Descriptor '$DescriptorPath' EntryPoint escapes the package root." |
| | | 143 | | } |
| | | 144 | | |
| | 2 | 145 | | if (-not (Test-Path -LiteralPath $entryPointFullPath -PathType Leaf)) { |
| | 0 | 146 | | throw "EntryPoint file '$entryPoint' was not found under '$PackageRoot'." |
| | | 147 | | } |
| | | 148 | | |
| | 1 | 149 | | [pscustomobject]@{ |
| | 1 | 150 | | Name = [string]$Descriptor['Name'] |
| | 1 | 151 | | FormatVersion = '1.0' |
| | 1 | 152 | | EntryPoint = $entryPoint |
| | 1 | 153 | | Description = [string]$Descriptor['Description'] |
| | 1 | 154 | | Version = $parsedVersion.ToString() |
| | 3 | 155 | | ServiceLogPath = if ($Descriptor.ContainsKey('ServiceLogPath')) { [string]$Descriptor['ServiceLogPath'] } else { |
| | 1 | 156 | | PreservePaths = $normalizedPreservePaths |
| | 1 | 157 | | ApplicationDataFolders = $normalizedApplicationDataFolders |
| | | 158 | | } |
| | | 159 | | } |