Add input validation

Co-authored-by: Aaron Siemsen <[email protected]>

Author: nateinaction

FprimeZephyrReference/Components/Drv/RtcManager/RtcManager.cpp

@@ -63,12 +63,28 @@ void RtcManager ::timeGetPort_handler(FwIndexType portNum, Fw::Time& time) {
 void RtcManager ::TIME_SET_cmdHandler(FwOpcodeType opCode, U32 cmdSeq, Drv::TimeData t) {
     // Check device readiness
     if (!device_is_ready(this->dev)) {
+        // Emit device not ready event
         this->log_WARNING_HI_DeviceNotReady();
+
+        // Send command response
         this->cmdResponse_out(opCode, cmdSeq, Fw::CmdResponse::EXECUTION_ERROR);
         return;
     }
     this->log_WARNING_HI_DeviceNotReady_ThrottleClear();
 
+    // Validate time data
+    if (!this->timeDataIsValid(t)) {
+        // Emit time not set event
+        this->log_WARNING_HI_TimeNotSet();
+
+        // Send command response
+        this->cmdResponse_out(opCode, cmdSeq, Fw::CmdResponse::VALIDATION_ERROR);
+        return;
+    }
+
+    // Store current time for logging
+    Fw::Time time_before_set = this->getTime();
+
     // Populate rtc_time structure from TimeData
     const struct rtc_time time_rtc = {
         .tm_sec = static_cast<int>(t.get_Second()),
@@ -82,9 +98,6 @@ void RtcManager ::TIME_SET_cmdHandler(FwOpcodeType opCode, U32 cmdSeq, Drv::Time
         .tm_isdst = 0,
     };
 
-    // Store current time for logging
-    Fw::Time time_before_set = this->getTime();
-
     // Set time on RTC
     const int status = rtc_set_time(this->dev, &time_rtc);
 
@@ -104,4 +117,40 @@ void RtcManager ::TIME_SET_cmdHandler(FwOpcodeType opCode, U32 cmdSeq, Drv::Time
     this->cmdResponse_out(opCode, cmdSeq, Fw::CmdResponse::OK);
 }
 
+bool RtcManager ::timeDataIsValid(Drv::TimeData t) {
+    bool valid = true;
+
+    if (t.get_Year() < 1900) {
+        this->log_WARNING_HI_YearValidationFailed(t.get_Year());
+        valid = false;
+    }
+
+    if (t.get_Month() < 1 || t.get_Month() > 12) {
+        this->log_WARNING_HI_MonthValidationFailed(t.get_Month());
+        valid = false;
+    }
+
+    if (t.get_Day() < 1 || t.get_Day() > 31) {
+        this->log_WARNING_HI_DayValidationFailed(t.get_Day());
+        valid = false;
+    }
+
+    if (t.get_Hour() > 23) {
+        this->log_WARNING_HI_HourValidationFailed(t.get_Hour());
+        valid = false;
+    }
+
+    if (t.get_Minute() > 59) {
+        this->log_WARNING_HI_MinuteValidationFailed(t.get_Minute());
+        valid = false;
+    }
+
+    if (t.get_Second() > 59) {
+        this->log_WARNING_HI_SecondValidationFailed(t.get_Second());
+        valid = false;
+    }
+
+    return valid;
+}
+
 }  // namespace Drv

FprimeZephyrReference/Components/Drv/RtcManager/RtcManager.fpp

@@ -35,13 +35,43 @@ module Drv {
 
         @ TimeSet event indicates that the time was set successfully
         event TimeSet(
-            pt: U32 @< POSIX time in seconds
-            u: U32 @< Microseconds
+            seconds: U32 @< Seconds since epoch
+            useconds: U32 @< Microseconds
         ) severity activity high id 3 format "Time set on RTC, previous time: {}.{}"
 
         @ TimeNotSet event indicates that the time was not set successfully
         event TimeNotSet() severity warning high id 4 format "Time not set on RTC"
 
+        @ YearValidationFailed event indicates that the provided year is invalid
+        event YearValidationFailed(
+            year: U32 @< The invalid year
+        ) severity warning high id 5 format "Provided year is invalid should be >= 1900: {}"
+
+        @ MonthValidationFailed event indicates that the provided month is invalid
+        event MonthValidationFailed(
+            month: U32 @< The invalid month
+        ) severity warning high id 6 format "Provided month is invalid should be in [1, 12]: {}"
+
+        @ DayValidationFailed event indicates that the provided day is invalid
+        event DayValidationFailed(
+            day: U32 @< The invalid day
+        ) severity warning high id 7 format "Provided day is invalid should be in [1, 31]: {}"
+
+        @ HourValidationFailed event indicates that the provided hour is invalid
+        event HourValidationFailed(
+            hour: U32 @< The invalid hour
+        ) severity warning high id 8 format "Provided hour is invalid should be in [0, 23]: {}"
+
+        @ MinuteValidationFailed event indicates that the provided minute is invalid
+        event MinuteValidationFailed(
+            minute: U32 @< The invalid minute
+        ) severity warning high id 9 format "Provided minute is invalid should be in [0, 59]: {}"
+
+        @ SecondValidationFailed event indicates that the provided second is invalid
+        event SecondValidationFailed(
+            second: U32 @< The invalid second
+        ) severity warning high id 10 format "Provided second is invalid should be in [0, 59]: {}"
+
         ###############################################################################
         # Standard AC Ports: Required for Channels, Events, Commands, and Parameters  #
         ###############################################################################

FprimeZephyrReference/Components/Drv/RtcManager/RtcManager.hpp

@@ -9,6 +9,8 @@
 #include "FprimeZephyrReference/Components/Drv/RtcManager/RtcManagerComponentAc.hpp"
 
 #include <cerrno>
+#include <string>
+#include <vector>
 
 #include <Fw/Logger/Logger.hpp>
 
@@ -58,6 +60,14 @@ class RtcManager final : public RtcManagerComponentBase {
                              Drv::TimeData t       //!< Set the time
                              ) override;
 
+  private:
+    // ----------------------------------------------------------------------
+    // Private helper methods
+    // ----------------------------------------------------------------------
+
+    //! Validate time data
+    bool timeDataIsValid(Drv::TimeData t);
+
     //! device stores the initialized Zephyr RTC device
     const struct device* dev;
 };

FprimeZephyrReference/test/int/rtc_test.py

@@ -68,7 +68,9 @@ def test_01_time_set(fprime_test_api: IntegrationTestAPI):
 
     # Ensure microseconds are included in event
     microseconds_arg: U32Type = result.args[1]
-    assert 0 <= microseconds_arg.val < 100_000_000, "Microseconds arg should be >= 0 and < 1 million"
+    assert 0 <= microseconds_arg.val < 100_000_000, (
+        "Microseconds arg should be >= 0 and < 1 million"
+    )
 
     # Fetch FPrime time from event
     fp_time: TimeType = result.get_time()
@@ -145,11 +147,31 @@ def test_03_time_not_set_event(fprime_test_api: IntegrationTestAPI):
 
     # Assert time not set event is emitted
     fprime_test_api.assert_event(
-        "ReferenceDeployment.rtcManager.TimeNotSet", timeout=2
+        "ReferenceDeployment.rtcManager.YearValidationFailed", timeout=2
+    )
+
+    fprime_test_api.assert_event(
+        "ReferenceDeployment.rtcManager.MonthValidationFailed", timeout=2
     )
+
     fprime_test_api.assert_event(
-        "CdhCore.cmdDisp.OpCodeDispatched", timeout=2
+        "ReferenceDeployment.rtcManager.DayValidationFailed", timeout=2
     )
+
     fprime_test_api.assert_event(
-        "CdhCore.cmdDisp.OpCodeError", timeout=2
+        "ReferenceDeployment.rtcManager.HourValidationFailed", timeout=2
     )
+
+    fprime_test_api.assert_event(
+        "ReferenceDeployment.rtcManager.MinuteValidationFailed", timeout=2
+    )
+
+    fprime_test_api.assert_event(
+        "ReferenceDeployment.rtcManager.SecondValidationFailed", timeout=2
+    )
+
+    fprime_test_api.assert_event("ReferenceDeployment.rtcManager.TimeNotSet", timeout=2)
+
+    fprime_test_api.assert_event("CdhCore.cmdDisp.OpCodeDispatched", timeout=2)
+
+    fprime_test_api.assert_event("CdhCore.cmdDisp.OpCodeError", timeout=2)