generate_codeowners: disable path validation by default

Author: zegl

README_DOCS.md

@@ -32,7 +32,7 @@ A codeowners-rule represents one or many rows in a CODEOWNERS file.
 ## generate_codeowners
 
 <pre>
-generate_codeowners(<a href="#generate_codeowners-name">name</a>, <a href="#generate_codeowners-generated_comment">generated_comment</a>, <a href="#generate_codeowners-owners">owners</a>)
+generate_codeowners(<a href="#generate_codeowners-name">name</a>, <a href="#generate_codeowners-generated_comment">generated_comment</a>, <a href="#generate_codeowners-owners">owners</a>, <a href="#generate_codeowners-validate">validate</a>)
 </pre>
 
 Creates a GitHub-compatible CODEOWNERS file based on the `owners`.
@@ -45,5 +45,6 @@ Creates a GitHub-compatible CODEOWNERS file based on the `owners`.
 | <a id="generate_codeowners-name"></a>name |  A unique name for this target.   | <a href="https://bazel.build/concepts/labels#target-names">Name</a> | required |  |
 | <a id="generate_codeowners-generated_comment"></a>generated_comment |  A comment to insert at the top of the generated file   | String | optional |  `"# This file was generated by rules_codeowners / Bazel. Don't edit it directly"`  |
 | <a id="generate_codeowners-owners"></a>owners |  A list of codeowners and generate_codeowners. One generate_codeowners can include another generate_codeowners to achieve nested rules.   | <a href="https://bazel.build/concepts/labels">List of labels</a> | required |  |
+| <a id="generate_codeowners-validate"></a>validate |  Set to True to enable strict validation of codeowners values. Disabled by default.   | Boolean | optional |  `False`  |
 
 

tests/BUILD

@@ -16,6 +16,22 @@ generate_codeowners(
     ],
 )
 
+generate_codeowners(
+    name = "github_codeowners_strict",
+    owners = [
+        "//tests/hey/sub:codeowners",
+        "//tests/hey:codeowners",
+        "//tests/heyoo:codeowners",
+        ":single_pattern_single_team",
+        ":single_pattern_multi_team",
+        ":multi_pattern_single_team",
+        ":multi_pattern_multi_team",
+        ":no_pattern_single_team",
+        ":no_pattern_multi_team",
+    ],
+    validate=True,
+)
+
 codeowners(
     name = "single_pattern_single_team",
     pattern = "*.a",

tools/codeowners.bzl

@@ -73,6 +73,7 @@ def _generate_codeowners_impl(ctx):
         arguments = args,
         env = {
             "OUTFILE": ctx.outputs.outfile.path,
+            "VALIDATE": "1" if ctx.attr.validate else "0",
         },
         command = """
 set -euo pipefail
@@ -82,9 +83,16 @@ echoerr() {
     exit 1
 }
 
-prevent_malicios_input () {
+prevent_malicious_input () {
     must_have_prefix=$1
     INPUT=$(cat)
+
+    # Skip validation
+    if [ "$VALIDATE" -eq 0 ]; then
+        echo "$INPUT"
+        return 0
+    fi
+
     set +e
     echo -n "$INPUT" | grep -E "${must_have_prefix}" || echoerr "Potentially malicious input detected, path did not match '${must_have_prefix}' (input = '${INPUT}')"
     set -e
@@ -110,7 +118,7 @@ while [ "$#" -gt 0 ]; do
     cat "$file" | \
         skip_comments  | \
         skip_empty_rows | \
-        prevent_malicios_input "$must_have_prefix" >> "$OUTFILE"
+        prevent_malicious_input "$must_have_prefix" >> "$OUTFILE"
 done
         """.replace("_GENERATED_COMMENT_", ctx.attr.generated_comment),
     )
@@ -126,6 +134,7 @@ Creates a GitHub-compatible CODEOWNERS file based on the `owners`.
             default = "# This file was generated by rules_codeowners / Bazel. Don't edit it directly",
         ),
         "owners": attr.label_list(mandatory = True, doc = "A list of codeowners and generate_codeowners. One generate_codeowners can include another generate_codeowners to achieve nested rules."),
+        "validate": attr.bool(default=False, doc = "Set to True to enable strict validation of codeowners values. Disabled by default.", mandatory=False),
     },
     outputs = {
         "outfile": "%{name}.out",