From c666f81361535a179fa427a07b5294147f2b0128 Mon Sep 17 00:00:00 2001 From: "Alexander A. Klimov" Date: Mon, 2 Aug 2021 13:09:04 +0200 Subject: [PATCH 1/3] De-couple package and stage name validation --- lib/remote/configfileshandler.cpp | 4 ++-- lib/remote/configpackageshandler.cpp | 4 ++-- lib/remote/configpackageutility.cpp | 7 ++++++- lib/remote/configpackageutility.hpp | 10 +++++++++- lib/remote/configstageshandler.cpp | 10 +++++----- test/remote-configpackageutility.cpp | 4 ++-- 6 files changed, 26 insertions(+), 13 deletions(-) diff --git a/lib/remote/configfileshandler.cpp b/lib/remote/configfileshandler.cpp index 6013d9722..779ecd198 100644 --- a/lib/remote/configfileshandler.cpp +++ b/lib/remote/configfileshandler.cpp @@ -52,12 +52,12 @@ bool ConfigFilesHandler::HandleRequest( String packageName = HttpUtility::GetLastParameter(params, "package"); String stageName = HttpUtility::GetLastParameter(params, "stage"); - if (!ConfigPackageUtility::ValidateName(packageName)) { + if (!ConfigPackageUtility::ValidatePackageName(packageName)) { HttpUtility::SendJsonError(response, params, 400, "Invalid package name."); return true; } - if (!ConfigPackageUtility::ValidateName(stageName)) { + if (!ConfigPackageUtility::ValidateStageName(stageName)) { HttpUtility::SendJsonError(response, params, 400, "Invalid stage name."); return true; } diff --git a/lib/remote/configpackageshandler.cpp b/lib/remote/configpackageshandler.cpp index ba0ce89b0..98b326890 100644 --- a/lib/remote/configpackageshandler.cpp +++ b/lib/remote/configpackageshandler.cpp @@ -105,7 +105,7 @@ void ConfigPackagesHandler::HandlePost( String packageName = HttpUtility::GetLastParameter(params, "package"); - if (!ConfigPackageUtility::ValidateName(packageName)) { + if (!ConfigPackageUtility::ValidatePackageName(packageName)) { HttpUtility::SendJsonError(response, params, 400, "Invalid package name '" + packageName + "'."); return; } @@ -151,7 +151,7 @@ void ConfigPackagesHandler::HandleDelete( String packageName = HttpUtility::GetLastParameter(params, "package"); - if (!ConfigPackageUtility::ValidateName(packageName)) { + if (!ConfigPackageUtility::ValidatePackageName(packageName)) { HttpUtility::SendJsonError(response, params, 400, "Invalid package name '" + packageName + "'."); return; } diff --git a/lib/remote/configpackageutility.cpp b/lib/remote/configpackageutility.cpp index 31748708e..711fa720c 100644 --- a/lib/remote/configpackageutility.cpp +++ b/lib/remote/configpackageutility.cpp @@ -367,7 +367,12 @@ bool ConfigPackageUtility::ContainsDotDot(const String& path) return false; } -bool ConfigPackageUtility::ValidateName(const String& name) +bool ConfigPackageUtility::ValidatePackageName(const String& packageName) +{ + return ValidateFreshName(packageName); +} + +bool ConfigPackageUtility::ValidateFreshName(const String& name) { if (name.IsEmpty()) return false; diff --git a/lib/remote/configpackageutility.hpp b/lib/remote/configpackageutility.hpp index ec52b44a4..5c16b75ee 100644 --- a/lib/remote/configpackageutility.hpp +++ b/lib/remote/configpackageutility.hpp @@ -42,7 +42,13 @@ public: static std::vector > GetFiles(const String& packageName, const String& stageName); static bool ContainsDotDot(const String& path); - static bool ValidateName(const String& name); + static bool ValidatePackageName(const String& packageName); + + static inline + bool ValidateStageName(const String& stageName) + { + return ValidateFreshName(stageName); + } static std::mutex& GetStaticPackageMutex(); static std::mutex& GetStaticActiveStageMutex(); @@ -54,6 +60,8 @@ private: static void WriteStageConfig(const String& packageName, const String& stageName); static void TryActivateStageCallback(const ProcessResult& pr, const String& packageName, const String& stageName, bool activate, bool reload); + + static bool ValidateFreshName(const String& name); }; } diff --git a/lib/remote/configstageshandler.cpp b/lib/remote/configstageshandler.cpp index 05fe94a12..9d7c23064 100644 --- a/lib/remote/configstageshandler.cpp +++ b/lib/remote/configstageshandler.cpp @@ -60,10 +60,10 @@ void ConfigStagesHandler::HandleGet( String packageName = HttpUtility::GetLastParameter(params, "package"); String stageName = HttpUtility::GetLastParameter(params, "stage"); - if (!ConfigPackageUtility::ValidateName(packageName)) + if (!ConfigPackageUtility::ValidatePackageName(packageName)) return HttpUtility::SendJsonError(response, params, 400, "Invalid package name '" + packageName + "'."); - if (!ConfigPackageUtility::ValidateName(stageName)) + if (!ConfigPackageUtility::ValidateStageName(stageName)) return HttpUtility::SendJsonError(response, params, 400, "Invalid stage name '" + stageName + "'."); ArrayData results; @@ -104,7 +104,7 @@ void ConfigStagesHandler::HandlePost( String packageName = HttpUtility::GetLastParameter(params, "package"); - if (!ConfigPackageUtility::ValidateName(packageName)) + if (!ConfigPackageUtility::ValidatePackageName(packageName)) return HttpUtility::SendJsonError(response, params, 400, "Invalid package name '" + packageName + "'."); bool reload = true; @@ -184,10 +184,10 @@ void ConfigStagesHandler::HandleDelete( String packageName = HttpUtility::GetLastParameter(params, "package"); String stageName = HttpUtility::GetLastParameter(params, "stage"); - if (!ConfigPackageUtility::ValidateName(packageName)) + if (!ConfigPackageUtility::ValidatePackageName(packageName)) return HttpUtility::SendJsonError(response, params, 400, "Invalid package name '" + packageName + "'."); - if (!ConfigPackageUtility::ValidateName(stageName)) + if (!ConfigPackageUtility::ValidateStageName(stageName)) return HttpUtility::SendJsonError(response, params, 400, "Invalid stage name '" + stageName + "'."); try { diff --git a/test/remote-configpackageutility.cpp b/test/remote-configpackageutility.cpp index 7049fcd22..99c2a8b71 100644 --- a/test/remote-configpackageutility.cpp +++ b/test/remote-configpackageutility.cpp @@ -13,12 +13,12 @@ BOOST_AUTO_TEST_CASE(ValidateName) { std::vector validNames {"foo", "foo-bar", "FooBar", "Foo123", "_Foo-", "123bar"}; for (const std::string& n : validNames) { - BOOST_CHECK_MESSAGE(ConfigPackageUtility::ValidateName(n), "'" << n << "' should be valid"); + BOOST_CHECK_MESSAGE(ConfigPackageUtility::ValidatePackageName(n), "'" << n << "' should be valid"); } std::vector invalidNames {"", ".", "..", "foo.bar", "foo/../bar", "foo/bar", "foo:bar"}; for (const std::string& n : invalidNames) { - BOOST_CHECK_MESSAGE(!ConfigPackageUtility::ValidateName(n), "'" << n << "' should not be valid"); + BOOST_CHECK_MESSAGE(!ConfigPackageUtility::ValidatePackageName(n), "'" << n << "' should not be valid"); } } From c1df4b70f579cbd11ec75c3c3efbcafbd5351c27 Mon Sep 17 00:00:00 2001 From: "Alexander A. Klimov" Date: Mon, 2 Aug 2021 13:15:42 +0200 Subject: [PATCH 2/3] ConfigPackageUtility::PackageExists(): accept invalid package names, too --- lib/remote/configpackageutility.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/remote/configpackageutility.cpp b/lib/remote/configpackageutility.cpp index 711fa720c..b2eec084c 100644 --- a/lib/remote/configpackageutility.cpp +++ b/lib/remote/configpackageutility.cpp @@ -65,7 +65,8 @@ std::vector ConfigPackageUtility::GetPackages() bool ConfigPackageUtility::PackageExists(const String& name) { - return Utility::PathExists(GetPackageDir() + "/" + name); + auto packages (GetPackages()); + return std::find(packages.begin(), packages.end(), name) != packages.end(); } String ConfigPackageUtility::CreateStage(const String& packageName, const Dictionary::Ptr& files) From 57df803e35b6a02b25a25195452f16f78f1c23e6 Mon Sep 17 00:00:00 2001 From: "Alexander A. Klimov" Date: Mon, 2 Aug 2021 15:22:54 +0200 Subject: [PATCH 3/3] ConfigPackageUtility::ValidatePackageName(): always tolerate already existing packages ... not to require migrating invalid ones. --- lib/remote/configpackageutility.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/remote/configpackageutility.cpp b/lib/remote/configpackageutility.cpp index b2eec084c..b70009997 100644 --- a/lib/remote/configpackageutility.cpp +++ b/lib/remote/configpackageutility.cpp @@ -370,7 +370,7 @@ bool ConfigPackageUtility::ContainsDotDot(const String& path) bool ConfigPackageUtility::ValidatePackageName(const String& packageName) { - return ValidateFreshName(packageName); + return ValidateFreshName(packageName) || PackageExists(packageName); } bool ConfigPackageUtility::ValidateFreshName(const String& name)