From a79408d400124cb982fabee127a25181e625886e Mon Sep 17 00:00:00 2001 From: Richard Schneeman Date: Fri, 13 Dec 2024 15:15:43 -0600 Subject: [PATCH] Add missing deny unknown fields (#371) * Remove unused struct No clue why clippy didn't catch this. * Add missing deny_unknown_fields * Add changelog --- buildpacks/ruby/CHANGELOG.md | 4 ++++ buildpacks/ruby/src/layers/bundle_install_layer.rs | 9 +-------- buildpacks/ruby/src/layers/ruby_install_layer.rs | 1 + 3 files changed, 6 insertions(+), 8 deletions(-) diff --git a/buildpacks/ruby/CHANGELOG.md b/buildpacks/ruby/CHANGELOG.md index 8bf04312..20eefd79 100644 --- a/buildpacks/ruby/CHANGELOG.md +++ b/buildpacks/ruby/CHANGELOG.md @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Fixed + +- Layer metadata deserialization to Rust structs is now using `#[serde(deny_unknown_fields)]` this prevents the accidental scenario where metadata containing a superset of fields could accidentally be deserialized to the wrong struct. It's unlikely this is currently happening with the current buildpack, but it's a possibly-observable difference so it's being listed ([#371](https://github.com/heroku/buildpacks-ruby/pull/371)) + ## [4.0.1] - 2024-12-11 ### Fixed diff --git a/buildpacks/ruby/src/layers/bundle_install_layer.rs b/buildpacks/ruby/src/layers/bundle_install_layer.rs index 7dca1f19..90d42723 100644 --- a/buildpacks/ruby/src/layers/bundle_install_layer.rs +++ b/buildpacks/ruby/src/layers/bundle_install_layer.rs @@ -145,6 +145,7 @@ pub(crate) struct MetadataV2 { } #[derive(Deserialize, Serialize, Debug, Clone, Eq, PartialEq, CacheDiff)] +#[serde(deny_unknown_fields)] pub(crate) struct MetadataV3 { #[cache_diff(rename = "OS Distribution")] pub(crate) os_distribution: OsDistribution, @@ -316,14 +317,6 @@ fn display_name(cmd: &mut Command, env: &Env) -> String { ) } -#[derive(Deserialize, Serialize, Debug, Clone, Eq, PartialEq, Default)] -#[serde(deny_unknown_fields)] -pub(crate) struct BundleDigest { - env: String, - gemfile: String, - lockfile: String, -} - #[cfg(test)] mod test { use crate::layers::shared::strip_ansi; diff --git a/buildpacks/ruby/src/layers/ruby_install_layer.rs b/buildpacks/ruby/src/layers/ruby_install_layer.rs index 229512ee..ea98109b 100644 --- a/buildpacks/ruby/src/layers/ruby_install_layer.rs +++ b/buildpacks/ruby/src/layers/ruby_install_layer.rs @@ -92,6 +92,7 @@ pub(crate) struct MetadataV2 { } #[derive(Deserialize, Serialize, Debug, Clone, Eq, PartialEq, CacheDiff)] +#[serde(deny_unknown_fields)] pub(crate) struct MetadataV3 { #[cache_diff(rename = "OS Distribution")] pub(crate) os_distribution: OsDistribution,