fix: invalid jsii target parameters are not validated (#2398)

Arguments to the jsii `targets` array that did not make sense in the target language were not being validated, leading to confusing compile-time errors. Add validation for a bunch of these. --- By submitting this pull request, I confirm that my contribution is made under the terms of the [Apache 2.0 license]. [Apache 2.0 license]: https://www.apache.org/licenses/LICENSE-2.0

Author: rix0rrr

src/assembler.ts

@@ -213,7 +213,10 @@ export class Assembler implements Emitter {
  bundled: this.projectInfo.bundleDependencies,
  types: Object.fromEntries(this._types),
  submodules: noEmptyDict(toSubmoduleDeclarations(this.mySubmodules())),
- targets: this.projectInfo.targets,
+
+ // Force this into shape
+ targets: this.projectInfo.targets as spec.Assembly['targets'],
+
  metadata: {
  ...this.projectInfo.metadata,
 

src/project-info.ts

@@ -41,6 +41,25 @@ export type TSCompilerOptions = Partial<
  >
 >;
 
+/**
+ * The assembly targets have some typing in `spec.PackageJson`, extract it.
+ *
+ * The types in the upstream spec library:
+ *
+ * - Missing the user-visible `go` target
+ * - Missing the synthetic `js` target
+ */
+export type AssemblyTargets = spec.PackageJson['jsii']['targets'] & {
+ js?: {
+ npm: string;
+ };
+ go?: {
+ moduleName: string;
+ packageName: string;
+ };
+ [otherLanguage: string]: unknown;
+};
+
 export interface ProjectInfo {
  readonly projectRoot: string;
  readonly packageJson: PackageJson;
@@ -65,7 +84,7 @@ export interface ProjectInfo {
  readonly peerDependencies: { readonly [name: string]: string };
  readonly dependencyClosure: readonly spec.Assembly[];
  readonly bundleDependencies?: { readonly [name: string]: string };
- readonly targets: spec.AssemblyTargets;
+ readonly targets: AssemblyTargets;
  readonly metadata?: { readonly [key: string]: any };
  readonly jsiiVersionFormat: 'short' | 'full';
  readonly diagnostics?: { readonly [code: string]: ts.DiagnosticCategory };
@@ -85,6 +104,12 @@ export interface ProjectInfo {
  readonly validateTsconfig?: TypeScriptConfigValidationRuleSet;
 }
 
+/**
+ * A type representing the contents of a `package.json` file.
+ *
+ * Note that there is also a `PackageJson` type in `@jsii/spec`, and this one is
+ * not the same. Do not ask me why.
+ */
 export interface PackageJson {
  readonly description?: string;
  readonly homepage?: string;
@@ -121,7 +146,7 @@ export interface PackageJson {
  // main jsii config
  readonly diagnostics?: { readonly [id: string]: 'error' | 'warning' | 'suggestion' | 'message' };
  readonly metadata?: { readonly [key: string]: unknown };
- readonly targets?: { readonly [name: string]: unknown };
+ readonly targets?: AssemblyTargets;
  readonly versionFormat?: 'short' | 'full';
 
  // Either user-provided config ...
@@ -241,8 +266,10 @@ export function loadProjectInfo(projectRoot: string): ProjectInfoResult {
  dependencyClosure: transitiveDependencies,
  bundleDependencies,
  targets: {
- ..._required(pkg.jsii, 'The "package.json" file must specify the "jsii" attribute').targets,
- js: { npm: pkg.name },
+ ...validateTargets(
+ _required(pkg.jsii, 'The "package.json" file must specify the "jsii" attribute').targets as AssemblyTargets,
+ ),
+ js: { npm: pkg.name! },
  },
  metadata,
  jsiiVersionFormat: _validateVersionFormat(pkg.jsii?.versionFormat ?? 'full'),
@@ -278,6 +305,53 @@ export function loadProjectInfo(projectRoot: string): ProjectInfoResult {
  return { projectInfo, diagnostics };
 }
 
+/**
+ * Validate the values of the `.jsii.targets` field
+ */
+function validateTargets(targets: AssemblyTargets | undefined): AssemblyTargets | undefined {
+ if (!targets) {
+ return undefined;
+ }
+
+ // Go package names must be valid identifiers
+ if (targets.go) {
+ if (!isIdentifier(targets.go.packageName)) {
+ throw new JsiiError(`jsii.targets.go.packageName contains non-identifier characters: ${targets.go.packageName}`);
+ }
+ }
+
+ if (targets.dotnet) {
+ if (!targets.dotnet.namespace.split('.').every(isIdentifier)) {
+ throw new JsiiError(
+ `jsii.targets.dotnet.namespace contains non-identifier characters: ${targets.dotnet.namespace}`,
+ );
+ }
+ }
+
+ if (targets.java) {
+ if (!targets.java.package.split('.').every(isIdentifier)) {
+ throw new JsiiError(`jsii.targets.java.package contains non-identifier characters: ${targets.java.package}`);
+ }
+ }
+
+ if (targets.python) {
+ if (!targets.python.module.split('.').every(isIdentifier)) {
+ throw new JsiiError(`jsii.targets.python.module contains non-identifier characters: ${targets.python.module}`);
+ }
+ }
+
+ return targets;
+
+ /**
+ * Regexp-check for matching an identifier
+ *
+ * Conveniently, all identifiers look more or less the same in all languages.
+ */
+ function isIdentifier(x: string) {
+ return /^[\w_][\w\d_]*$/u.test(x);
+ }
+}
+
 function _guessRepositoryType(url: string): string {
  if (url.endsWith('.git')) {
  return 'git';

test/project-info.test.ts

@@ -6,7 +6,7 @@ import { writeAssembly } from '@jsii/spec';
 import * as clone from 'clone';
 import * as ts from 'typescript';
 
-import { loadProjectInfo } from '../src/project-info';
+import { loadProjectInfo, PackageJson } from '../src/project-info';
 import { TypeScriptConfigValidationRuleSet } from '../src/tsconfig';
 import { VERSION } from '../src/version';
 
@@ -28,7 +28,7 @@ const BASE_PROJECT = {
  },
  dependencies: { 'jsii-test-dep': '^1.2.3' } as { [name: string]: string },
  peerDependencies: { 'jsii-test-dep': '^1.2.3' } as { [name: string]: string },
-};
+} satisfies PackageJson;
 
 describe('loadProjectInfo', () => {
  test('loads valid project', () =>
@@ -236,7 +236,7 @@ describe('loadProjectInfo', () => {
  diagCode2: 'warning',
  diagCode3: 'suggestion',
  diagCode4: 'message',
- };
+ } as const;
  info.jsii.diagnostics = diagnostics;
  },
  );
@@ -248,13 +248,58 @@ describe('loadProjectInfo', () => {
  (info) => {
  const diagnostics = {
  diagCode1: 'invalid-category',
- };
+ } as any;
  info.jsii.diagnostics = diagnostics;
  },
  );
  });
  });
 
+ describe('invalid target configuration', () => {
+ test('invalid Go packageName is rejected', () => {
+ expectProjectLoadError(/contains non-identifier characters/, (proj) => {
+ proj.jsii.targets.go = {
+ moduleName: 'asdf',
+ packageName: 'as-df',
+ };
+ });
+ });
+
+ test('invalid .NET namespace is rejected', () => {
+ expectProjectLoadError(/contains non-identifier characters/, (proj) => {
+ proj.jsii.targets.dotnet = {
+ namespace: 'a-x',
+ packageId: 'asdf',
+ };
+ });
+ });
+
+ test('invalid Java package is rejected', () => {
+ expectProjectLoadError(/contains non-identifier characters/, (proj) => {
+ proj.jsii.targets.java = {
+ package: 'as-df',
+ maven: {
+ artifactId: 'asdf',
+ groupId: 'asdf',
+ },
+ };
+ });
+ });
+
+ test('invalid Python module is rejected', () => {
+ expectProjectLoadError(/contains non-identifier characters/, (proj) => {
+ proj.jsii.targets.python = {
+ module: 'as-df',
+ distName: 'as-df',
+ };
+ });
+ });
+
+ function expectProjectLoadError(error: RegExp, gremlin: Parameters<typeof _withTestProject>[1]) {
+ _withTestProject((root) => expect(() => loadProjectInfo(root)).toThrow(error), gremlin);
+ }
+ });
+
  describe('user-provided tsconfig', () => {
  test('can set a user-provided config', () => {
  return _withTestProject(
@@ -354,6 +399,11 @@ const TEST_DEP_DEP_ASSEMBLY: spec.Assembly = {
  fingerprint: 'F1NG3RPR1N7',
 };
 
+/**
+ * A type to represent the package.json type that gets mutated by testproject gremlins
+ */
+type HalfFilledPackageJson = DeepWriteable<PackageJson> & typeof BASE_PROJECT;
+
 /**
  * Creates a throw-away directory with a ``package.json`` file. Cleans up after itself.
  *
@@ -364,7 +414,7 @@ const TEST_DEP_DEP_ASSEMBLY: spec.Assembly = {
  */
 function _withTestProject<T>(
  cb: (projectRoot: string) => T,
- gremlin?: (packageInfo: any) => void,
+ gremlin?: (packageInfo: HalfFilledPackageJson) => void,
  compressAssembly = false,
 ): T {
  const tmpdir = fs.mkdtempSync(path.join(os.tmpdir(), path.basename(__filename)));
@@ -430,3 +480,5 @@ function _stripUndefined(obj: { [key: string]: any } | undefined): { [key: strin
  }
  return obj;
 }
+
+type DeepWriteable<T> = T extends object ? { -readonly [P in keyof T]: DeepWriteable<T[P]> } : T;