fix(ref): validate device exists before opening commissioning window#212
fix(ref): validate device exists before opening commissioning window#212Srividhya-23 wants to merge 7 commits intomainfrom
Conversation
Srividhya-23
requested review from
cleithner-comcast,
kfundecmcsa,
mkkoch,
rchowdcmcsa and
tleacmcsa
as code owners
There was a problem hiding this comment.
Pull request overview
This PR fixes the ocw (open commissioning window) CLI command to avoid returning setup codes for non-existent device IDs by validating the target device exists on the fabric before attempting to open its commissioning window (BARTON-227).
Changes:
- Added pre-validation for non-local device IDs (
!= "0") to ensure the device exists before calling intob_core_client_open_commissioning_window. - Updated commissioning window invocation to pass
NULLwhen no device id argument is provided (local commissioning semantics). - Added a guard to treat “no pairing data returned” (empty manual + QR codes) as an error instead of printing empty results.
Srividhya-23
changed the title
The ocw command was returning setup codes for non-existent device IDs instead of reporting an error. Add validation to check if the target device exists on the fabric before attempting the operation. Refs: BARTON-227
Srividhya-23
force-pushed
the
ss411/dev/BARTON-227
branch
from
246243f to
bf165f2
Compare
|
Force pushed a change in commit message in the PR from fix(app) -> fix(ref). |
Add proper NULL pointer checks and memory management
There was a problem hiding this comment.
Pull request overview
Fixes the ocw (open commissioning window) reference CLI behavior to error out when a non-existent device ID is provided, instead of returning pairing codes.
Changes:
- Add pre-flight validation that the specified target device exists (except for local device id
"0"). - Harden argument handling for
openCommissioningWindow(argc/argv validation) and passNULLwhen no device id is provided. - Add handling for the case where commissioning succeeds but no pairing data is returned.
… variable Agent-Logs-Url: https://github.com/rdkcentral/BartonCore/sessions/0c3abc59-8df1-4e16-a387-f347161a266a Co-authored-by: Srividhya-23 <182346403+Srividhya-23@users.noreply.github.com>
| * the device exists before attempting to open its commissioning window. */ | ||
| if (argc >= 1 && strcmp(argv[0], "0") != 0) | ||
| { | ||
| g_autoptr(BCoreDevice) device = b_core_client_get_device_by_id(client, argv[0]); |
There was a problem hiding this comment.
You may double check that this is a reliable pass-through for node id. If I remember correctly, matter device uuid is node id with zero padding. I'm pretty sure this API doesn't require a zero-padded input but I'm not 100% sure.
There was a problem hiding this comment.
You're correct, b_core_client_get_device_by_id does lookup based on uuid which is node id with zero padding in this case. Updated changes.
Ensures consistent device lookup by normalizing user input node id to stored UUID format.
Srividhya-23
dismissed stale reviews from kfundecmcsa and cleithner-comcast
via
f62af01
There was a problem hiding this comment.
Pull request overview
This PR updates the reference CLI ocw (open commissioning window) command to avoid returning setup codes for non-existent Matter device IDs by validating the target device exists on the fabric before invoking the commissioning-window operation (BARTON-227).
Changes:
- Add argument validation and a pre-flight device existence check for non-local node IDs (with node-id normalization for lookup).
- Switch commissioning info handling to
g_autoptrfor automatic cleanup. - Improve output/error handling when commissioning window opens but pairing data is missing.
Parse and validate node IDs, normalize to 16-char format before device lookup. Add timeout range validation for ocw command.
| g_return_val_if_fail(argc >= 0 && argc <= 2, false); | ||
| g_return_val_if_fail(argc == 0 || argv != NULL, false); | ||
| g_return_val_if_fail(argc < 1 || argv[0] != NULL, false); | ||
| g_return_val_if_fail(argc < 2 || argv[1] != NULL, false); |
There was a problem hiding this comment.
Some of these checks are redundant with commandExecute() (the argc checks) and the others should be moved to commandExecute to validate args for all commands (the argv null checks). The point of the command interface is that commands are added with their requirements and those requirements should be validated before the command's function is executed. This contract prevents checks like these from being either duplicated everywhere or missed in some places.
Please add the argv checks to commandExecute and add a comment to commandExecute in command.h which states that arguments are validated before execution.
There was a problem hiding this comment.
Moved all argc/argv validation to commandExecute.
| /* If a target device id was provided, parse and validate it. | ||
| * Treat nodeId == 0 as local. | ||
| * Otherwise, verify the device exists after normalizing the ID. */ | ||
| if (argc >= 1) |
There was a problem hiding this comment.
this is always true. the command has minArgs of 1.
| g_autofree gchar *normalizedId = | ||
| g_strdup_printf("%016llx", nodeId); | ||
|
|
||
| g_autoptr(BCoreDevice) device = |
There was a problem hiding this comment.
This exposes an internal detail/assumption to the client (this example/reference app). Currently we do use Matter node ids for our device ids, but that is not an external contract and could change. I think it is fine to leave it here in this reference code for now, but please add a comment that this may not be a reliable way to do the lookup if the internal mapping between Matter node id and Barton device ids change.
| g_autoptr(BCoreCommissioningInfo) commissioningInfo = | ||
| b_core_client_open_commissioning_window( | ||
| client, | ||
| (argc >= 1 ? argv[0] : NULL), |
There was a problem hiding this comment.
this argc check is unnecessary. Also, should this be argv[0] or normalizedId?
There was a problem hiding this comment.
We should be using normalized Id, changed it.
| const gchar *manualCodeOutput = manualCode != NULL ? manualCode : ""; | ||
| const gchar *qrCodeOutput = qrCode != NULL ? qrCode : ""; |
Move argc/argv validation from individual commands to commandExecute() to eliminate duplication and ensure consistency. Remove redundant null checks and simplify output handling in openCommissioningWindow function. Signed-off-by: ss411 <srividhya_s@comcast.com>
There was a problem hiding this comment.
Pull request overview
This PR addresses an issue in the reference CLI where ocw (open commissioning window) could return pairing codes for non-existent device IDs by adding device existence validation before attempting to open the commissioning window.
Changes:
- Add node-id parsing/validation and a “device exists” check before opening a commissioning window.
- Add timeout parsing/validation and extra validation around returned pairing data.
- Centralize basic argv/argc validation in
commandExecuteand document the behavior.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| reference/src/matterCategory.c | Adds validation for ocw inputs and checks the target device exists before opening a commissioning window. |
| reference/src/command.c | Adds a guard to avoid calling command functions with argc > 0 but argv == NULL. |
| reference/src/command.h | Documents the new argument validation behavior for commandExecute. |
Add missing return statement in setWifiCredsFunc. Support both decimal and hex (0x prefix) formats for node IDs in openCommissioningWindow.
The ocw command was returning setup codes for non-existent device IDs instead of reporting an error. Add validation to check if the target device exists on the fabric before attempting the operation.
Refs: BARTON-227