The errors from lpadmin are generally okay.  We should ensure uri is non-empty though.

Path to CupsTool src/platform2/debugd/src/cups_tool.cc

Justin figured out what CUPS accepts and encoded it in usb_printer_util
https://cs.chromium.org/chromium/src/chrome/browser/chromeos/printing/usb_printer_util.cc?l=42&gs=kythe%253A%252F%252Fchromium%253Flang%253Dc%25252B%25252B%253Fpath%253Dsrc%252Fchrome%252Fbrowser%252Fchromeos%252Fprinting%252Fusb_printer_util.cc%2523zT4%25252BMC2iDJ5slrowvl1IJShHPKrEOcxD5vJi8zd%25252B4Qg%25253D&gsn=CupsURIEscape&ct=xref_usages

If CUPS hex-encodes all characters that are not in the valid ASCII range, what are the possible invalid cases to consider aside from an empty URI?

Should we strictly verify that the URIs match the expected format of the ipp/ippusb schemes, since those are the only schemes we would use for ipp everywhere printing?

For this bug, what defines a "reasonably valid" URI? My guess is that it
1. starts with a known URI scheme and
2. is percent-encoded appropriately per Justin's code.

Does that seem fair?

Yes.  That assessment is fair.  However, you can be stricter than justin where if you see anything that would need to be hex encoded, just reject the uri as invalid.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform2/+/bc26ba99d377a0dafac046439e4389c9717b5ed9

commit bc26ba99d377a0dafac046439e4389c9717b5ed9
Author: Kalvin Lee <kdlee@chromium.org>
Date: Sat Jan 19 04:05:09 2019

debugd: Sanitize print URIs before calling lpadmin

When adding printers, we reject percents, spaces, and non-ASCII
characters in the URI. This logic mirrors Chrome browser's
CupsURIEscape. In addition, we reject empty URIs.

BUG= chromium:757951 
TEST=Wrote and ran unit tests
CQ-DEPEND=CL:1419238

Change-Id: I3b6cd4b81b6c6cfcc08cbc56e38335105955f4a1
Reviewed-on: https://chromium-review.googlesource.com/1412221
Commit-Ready: Kalvin Lee <kdlee@chromium.org>
Tested-by: Kalvin Lee <kdlee@chromium.org>
Reviewed-by: David Valleau <valleau@chromium.org>

[modify] https://crrev.com/bc26ba99d377a0dafac046439e4389c9717b5ed9/debugd/BUILD.gn
[modify] https://crrev.com/bc26ba99d377a0dafac046439e4389c9717b5ed9/debugd/src/cups_tool.cc
[modify] https://crrev.com/bc26ba99d377a0dafac046439e4389c9717b5ed9/system_api/dbus/debugd/dbus-constants.h
[add] https://crrev.com/bc26ba99d377a0dafac046439e4389c9717b5ed9/debugd/src/cups_tool_test.cc
[modify] https://crrev.com/bc26ba99d377a0dafac046439e4389c9717b5ed9/debugd/src/cups_tool.h

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/autotest/+/8a93f17c822ff3655e4e94a684f8c606e730e680

commit 8a93f17c822ff3655e4e94a684f8c606e730e680
Author: Kalvin Lee <kdlee@chromium.org>
Date: Sat Jan 19 04:05:09 2019

debugd autotest: distinguish bad URIs when configuring printers

Amend the DebugDaemon autotest to catch the specific bad URI error code
newly added as a guard against calling lpadmin with an obviously bad
URI.

BUG= chromium:757951 
TEST=Passed applicable autotests matching pattern "e:platform_DebugDaemon.+"
CQ-DEPEND=CL:1412221

Change-Id: Ic92867f4cf8fc0a33f14cf2e2c5ce318b9a4885f
Reviewed-on: https://chromium-review.googlesource.com/1419238
Commit-Ready: Kalvin Lee <kdlee@chromium.org>
Tested-by: Kalvin Lee <kdlee@chromium.org>
Reviewed-by: Luigi Semenzato <semenzato@chromium.org>
Reviewed-by: David Valleau <valleau@chromium.org>

[modify] https://crrev.com/8a93f17c822ff3655e4e94a684f8c606e730e680/client/site_tests/platform_DebugDaemonCupsAddPrinters/platform_DebugDaemonCupsAddPrinters.py

Fixed?

There's an outstanding review in Gerrit for the changes mirrored to dbus-constants.h in the Chromium tree. Other than that, I reckon this is fixed.