added test case name validation to benchmark.sh, added additional sanity check to aggregate/action.yml

ianayl · ianayl · commit 41d664abfecc · 2025-02-07T14:23:31.000-08:00
diff --git a/devops/actions/benchmarking/aggregate/action.yml b/devops/actions/benchmarking/aggregate/action.yml
@@ -26,12 +26,16 @@ runs:
     shell: bash
     run: |
       # DO NOT use inputs.lookback_days directly, only use SANITIZED_TIMESTAMP.
-      SANITIZED_LOOKBACK_DAYS="$(echo '${{ inputs.lookback_days }}' | grep -oE "^[0-9]+$")"
+      SANITIZED_LOOKBACK_DAYS="$(echo '${{ inputs.lookback_days }}' | grep -oE '^[0-9]+$')"
       if [ -z "$SANITIZED_LOOKBACK_DAYS" ]; then
         echo "Please ensure inputs.lookback_days is a number."
         exit 1
       fi
       SANITIZED_TIMESTAMP="$(date -d "$SANITIZED_LOOKBACK_DAYS days ago" +%Y%m%d_%H%M%S)"
+      if [ -z "$(echo "$SANITIZED_TIMESTAMP" | grep -oE '^[0-9]{8}_[0-9]{6}$' )" ]; then
+        echo "Invalid timestamp generated: is inputs.lookback_days valid?"
+        exit 1
+      fi
       echo "SANITIZED_TIMESTAMP=$SANITIZED_TIMESTAMP" >> $GITHUB_ENV
   - name: Load benchmarking configuration
     shell: bash
diff --git a/devops/scripts/benchmarking/benchmark.sh b/devops/scripts/benchmarking/benchmark.sh
@@ -15,6 +15,14 @@ This script builds and runs benchmarks from compute-benchmarks."
     exit 1
 }
 
+# Ensures test cases read from enabled_tests.conf contains no malicious content
+_validate_testname () {
+    if [ -n "$(printf "%s" "$1" | sed "s/[a-zA-Z_]*//g")" ]; then
+        echo "Illegal characters in $TEST_CONFIG. Permitted characters: a-zA-Z_"
+        exit 1
+    fi
+}
+
 clone_perf_res() {
     echo "### Cloning llvm-ci-perf-results ($SANITIZED_PERF_RES_GIT_REPO:$SANITIZED_PERF_RES_GIT_BRANCH) ###"
     git clone -b "$SANITIZED_PERF_RES_GIT_BRANCH" "https://github.com/$SANITIZED_PERF_RES_GIT_REPO" ./llvm-ci-perf-results
@@ -43,11 +51,7 @@ build_compute_bench() {
             # Skip lines starting with '#'
             [ "${case##\#*}" ] || continue
 
-            if [ -n "$(printf "%s" "$case" | sed "s/[a-zA-Z_]*//g")" ]; then
-                echo "Illegal characters in $TESTS_CONFIG."
-                exit 1
-            fi
-            # TODO Sanitize this
+            _validate_testname "$case"
             make "-j$SANITIZED_COMPUTE_BENCH_COMPILE_JOBS" "$case"
         done < "$TESTS_CONFIG"
     fi
@@ -117,11 +121,7 @@ process_benchmarks() {
         # Loop through each line of enabled_tests.conf, but ignore lines in the
         # test config starting with #'s:
         grep "^[^#]" "$TESTS_CONFIG" | while read -r testcase; do
-            # Make sure testcase is clean:
-            if [ -n "$(printf "%s" "$testcase" | sed "s/[a-zA-Z_]*//g")" ]; then
-                echo "Illegal characters in $TESTS_CONFIG."
-                exit 1
-            fi
+            _validate_testname "$testcase"
             echo "# Running $testcase..."
 
             # The benchmark results git repo and this script's output both share
