Many more checks in validate function and better error messages

bgn42 · bgn42 · commit c335cdb3dca0 · 2025-07-29T14:49:25.000+02:00
diff --git a/cmd/errors/errors.go b/cmd/errors/errors.go
@@ -32,16 +32,18 @@ var (
 	ErrBadPackVersion = errors.New("bad pack version: cannot add a version with build metadata")
 
 	// Errors related to package content
-	ErrPdscFileNotFound      = errors.New("pdsc not found")
-	ErrPackNotInstalled      = errors.New("pack not installed")
-	ErrPdscEntryExists       = errors.New("pdsc already in index")
-	ErrPdscEntryNotFound     = errors.New("pdsc not found in index")
-	ErrEula                  = errors.New("user does not agree with the pack's license")
-	ErrExtractEula           = errors.New("user wants to extract embedded license only")
-	ErrLicenseNotFound       = errors.New("embedded license not found")
-	ErrPackRootNotFound      = errors.New("no CMSIS Pack Root directory specified. Either the environment CMSIS_PACK_ROOT needs to be set or the path specified using the command line option -R/--pack-root string")
-	ErrPackRootDoesNotExist  = errors.New("the specified CMSIS Pack Root directory does NOT exist! Please take a moment to review if the value is correct or create a new one via `cpackget init` command")
-	ErrPdscFileTooDeepInPack = errors.New("pdsc file is too deep in pack file")
+	ErrPdscFileNotFound        = errors.New("pdsc not found")
+	ErrPackNotInstalled        = errors.New("pack not installed")
+	ErrPdscEntryExists         = errors.New("pdsc already in index")
+	ErrPdscEntryNotFound       = errors.New("pdsc not found in index")
+	ErrEula                    = errors.New("user does not agree with the pack's license")
+	ErrExtractEula             = errors.New("user wants to extract embedded license only")
+	ErrLicenseNotFound         = errors.New("embedded license not found")
+	ErrPackRootNotFound        = errors.New("no CMSIS Pack Root directory specified. Either the environment CMSIS_PACK_ROOT needs to be set or the path specified using the command line option -R/--pack-root string")
+	ErrPackRootDoesNotExist    = errors.New("the specified CMSIS Pack Root directory does NOT exist! Please take a moment to review if the value is correct or create a new one via `cpackget init` command")
+	ErrPdscFileTooDeepInPack   = errors.New("pdsc file is too deep in pack file")
+	ErrMultiplePdscFilesInPack = errors.New("multiple pdsc files found in pack file, cannot determine which one to use. Please remove the extra pdsc files")
+	ErrPdscWrongName           = errors.New("pdsc file has wrong name, it should be <PackID>.pdsc")
 
 	// Errors related to network
 	ErrBadRequest            = errors.New("bad request")
diff --git a/cmd/installer/pack.go b/cmd/installer/pack.go
@@ -214,105 +214,110 @@ func (p *PackType) validate() error {
 	log.Debug("Validating pack")
 	var err error
 	myPdscFileName := p.PdscFileName()
+	var validPdscFiles []*zip.File
+
+	// Single pass: validate all files and collect valid PDSC files
 	for _, file := range p.zipReader.File {
 		ext := strings.ToLower(filepath.Ext(file.Name))
+
+		// Ensure all file paths do not contain ".."
+		if strings.Contains(file.Name, "..") {
+			if ext == PdscExtension {
+				log.Errorf("File %q invalid file path", file.Name)
+				return errs.ErrInvalidFilePath
+			} else {
+				return errs.ErrInsecureZipFileName
+			}
+		}
+
 		if ext == PdscExtension {
 			// Check if pack was compressed in a subfolder
 			subfoldersCount := strings.Count(file.Name, "/") + strings.Count(file.Name, "\\")
 			if subfoldersCount > 1 {
-				err = errs.ErrPdscFileTooDeepInPack
-			} else if subfoldersCount == 1 {
-				p.Subfolder = filepath.Dir(file.Name)
+				err = errs.ErrPdscFileTooDeepInPack // save for later decision if error or warning
 			} else {
-				p.Subfolder = "/" // only for marking that there is a .pdsc file in the root of the pack
-			}
+				if !strings.EqualFold(file.Name, myPdscFileName) {
+					if err != nil {
+						log.Warnf("Pack %q contains an additional .pdsc file in a deeper subfolder, this may cause issues", p.path)
+					}
+					return fmt.Errorf("%q: %w", file.Name, errs.ErrPdscWrongName)
+				}
+				// Collect valid PDSC files for processing
+				validPdscFiles = append(validPdscFiles, file)
 
-			// Ensure the file path does not contain ".."
-			if strings.Contains(file.Name, "..") {
-				log.Errorf("File %q invalid file path", file.Name)
-				return errs.ErrInvalidFilePath
-			}
-		} else {
-			if strings.Contains(file.Name, "..") {
-				return errs.ErrInsecureZipFileName
+				if subfoldersCount == 1 {
+					p.Subfolder = filepath.Dir(file.Name)
+				}
 			}
 		}
 	}
+
 	if err != nil {
-		if len(p.Subfolder) != 0 {
-			log.Warnf("Pack %q contains multiple .pdsc files in different levels, this may cause issues", p.path)
+		if len(validPdscFiles) > 0 {
+			if len(validPdscFiles) > 1 {
+				return errs.ErrMultiplePdscFilesInPack
+			}
+			log.Warnf("Pack %q contains an additional .pdsc file in a deeper subfolder, this may cause issues", p.path)
 		} else {
 			return err
 		}
 	}
-	p.Subfolder = "" // reset subfolder to empty string
-	for _, file := range p.zipReader.File {
-		ext := strings.ToLower(filepath.Ext(file.Name))
-		if ext == PdscExtension {
-			// Check if pack was compressed in a subfolder
-			subfoldersCount := strings.Count(file.Name, "/") + strings.Count(file.Name, "\\")
-			if subfoldersCount > 1 {
-				continue
-			} else if subfoldersCount == 1 {
-				p.Subfolder = filepath.Dir(file.Name)
-			}
 
-			// Ensure the file path does not contain ".."
-			if strings.Contains(file.Name, "..") {
-				log.Errorf("File %q invalid file path", file.Name)
-				return errs.ErrInvalidFilePath
-			}
+	if len(validPdscFiles) > 1 {
+		return errs.ErrMultiplePdscFilesInPack
+	}
 
-			myPdscFileName = p.PackID() + filepath.Ext(file.Name)
+	if len(validPdscFiles) == 0 {
+		log.Errorf("%q not found in %q", myPdscFileName, p.path)
+		return errs.ErrPdscFileNotFound
+	}
 
-			// Read pack's pdsc
-			tmpPdscFileName := filepath.Join(os.TempDir(), utils.RandStringBytes(10))
-			defer os.RemoveAll(tmpPdscFileName)
+	// Process the first valid PDSC file found
+	file := validPdscFiles[0]
 
-			if err := utils.SecureInflateFile(file, tmpPdscFileName, ""); err != nil {
-				return err
-			}
-
-			p.Pdsc = xml.NewPdscXML(filepath.Join(tmpPdscFileName, file.Name)) // #nosec
-			if err := p.Pdsc.Read(); err != nil {
-				return err
-			}
+	// Read pack's pdsc
+	tmpPdscFileName := filepath.Join(os.TempDir(), utils.RandStringBytes(10))
+	defer os.RemoveAll(tmpPdscFileName)
 
-			// Sanity check: make sure the version being installed actually exists in the PDSC file
-			version := p.GetVersion()
-			latestVersion := p.Pdsc.LatestVersion()
+	if err := utils.SecureInflateFile(file, tmpPdscFileName, ""); err != nil {
+		return err
+	}
 
-			log.Debugf("Making sure %s is the latest release in %s", version, myPdscFileName)
+	p.Pdsc = xml.NewPdscXML(filepath.Join(tmpPdscFileName, file.Name)) // #nosec
+	if err := p.Pdsc.Read(); err != nil {
+		return err
+	}
 
-			if utils.SemverCompare(version, latestVersion) != 0 {
-				releaseTag := p.Pdsc.FindReleaseTagByVersion(version)
-				if releaseTag == nil {
-					log.Errorf("The pack's pdsc (%s) has no release tag matching version %q", myPdscFileName, version)
-					return errs.ErrPackVersionNotFoundInPdsc
-				}
+	// Sanity check: make sure the version being installed actually exists in the PDSC file
+	version := p.GetVersion()
+	latestVersion := p.Pdsc.LatestVersion()
 
-				log.Errorf("The latest release (%s) in pack's pdsc (%s) does not match pack version %q", latestVersion, myPdscFileName, version)
-				return errs.ErrPackVersionNotLatestReleasePdsc
-			}
+	log.Debugf("Making sure %s is the latest release in %s", version, myPdscFileName)
 
-			p.Pdsc.FileName = file.Name
+	if utils.SemverCompare(version, latestVersion) != 0 {
+		releaseTag := p.Pdsc.FindReleaseTagByVersion(version)
+		if releaseTag == nil {
+			log.Errorf("The pack's pdsc (%s) has no release tag matching version %q", myPdscFileName, version)
+			return errs.ErrPackVersionNotFoundInPdsc
+		}
 
-			pdscFileName := p.PdscFileName()                          // destination file name in .Download directory
-			pdscFilePath := filepath.Join(tmpPdscFileName, file.Name) // #nosec
-			newPdscFileName := p.PdscFileNameWithVersion()
+		log.Errorf("The latest release (%s) in pack's pdsc (%s) does not match pack version %q", latestVersion, myPdscFileName, version)
+		return errs.ErrPackVersionNotLatestReleasePdsc
+	}
 
-			if !p.IsPublic {
-				_ = utils.CopyFile(pdscFilePath, filepath.Join(Installation.LocalDir, pdscFileName))
-			}
+	p.Pdsc.FileName = file.Name
 
-			_ = utils.CopyFile(pdscFilePath, filepath.Join(Installation.DownloadDir, newPdscFileName))
+	pdscFileName := p.PdscFileName()                          // destination file name in .Download directory
+	pdscFilePath := filepath.Join(tmpPdscFileName, file.Name) // #nosec
+	newPdscFileName := p.PdscFileNameWithVersion()
 
-			return nil
-		}
+	if !p.IsPublic {
+		_ = utils.CopyFile(pdscFilePath, filepath.Join(Installation.LocalDir, pdscFileName))
 	}
 
-	log.Errorf("%q not found in %q", myPdscFileName, p.path)
-	return errs.ErrPdscFileNotFound
+	_ = utils.CopyFile(pdscFilePath, filepath.Join(Installation.DownloadDir, newPdscFileName))
+
+	return nil
 }
 
 // purge removes all cached files matching the pattern derived from the PackType's
