tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

De-couple package and stage name validation

This commit is contained in:
Alexander A. Klimov 2021-08-02 13:09:04 +02:00
parent 9169c805a8
commit c666f81361
6 changed files with 26 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/remote/configfileshandler.cpp
View File

@ -52,12 +52,12 @@ bool ConfigFilesHandler::HandleRequest(
String packageName = HttpUtility::GetLastParameter(params, "package"); String packageName = HttpUtility::GetLastParameter(params, "package");
String stageName = HttpUtility::GetLastParameter(params, "stage"); String stageName = HttpUtility::GetLastParameter(params, "stage");
if (!ConfigPackageUtility::ValidateName(packageName)) { if (!ConfigPackageUtility::ValidatePackageName(packageName)) {
HttpUtility::SendJsonError(response, params, 400, "Invalid package name."); HttpUtility::SendJsonError(response, params, 400, "Invalid package name.");
return true; return true;
} }
if (!ConfigPackageUtility::ValidateName(stageName)) { if (!ConfigPackageUtility::ValidateStageName(stageName)) {
HttpUtility::SendJsonError(response, params, 400, "Invalid stage name."); HttpUtility::SendJsonError(response, params, 400, "Invalid stage name.");
return true; return true;
} }

4
lib/remote/configpackageshandler.cpp
View File

@ -105,7 +105,7 @@ void ConfigPackagesHandler::HandlePost(
String packageName = HttpUtility::GetLastParameter(params, "package"); String packageName = HttpUtility::GetLastParameter(params, "package");
if (!ConfigPackageUtility::ValidateName(packageName)) { if (!ConfigPackageUtility::ValidatePackageName(packageName)) {
HttpUtility::SendJsonError(response, params, 400, "Invalid package name '" + packageName + "'."); HttpUtility::SendJsonError(response, params, 400, "Invalid package name '" + packageName + "'.");
return; return;
} }
@ -151,7 +151,7 @@ void ConfigPackagesHandler::HandleDelete(
String packageName = HttpUtility::GetLastParameter(params, "package"); String packageName = HttpUtility::GetLastParameter(params, "package");
if (!ConfigPackageUtility::ValidateName(packageName)) { if (!ConfigPackageUtility::ValidatePackageName(packageName)) {
HttpUtility::SendJsonError(response, params, 400, "Invalid package name '" + packageName + "'."); HttpUtility::SendJsonError(response, params, 400, "Invalid package name '" + packageName + "'.");
return; return;
} }

7
lib/remote/configpackageutility.cpp
View File

@ -367,7 +367,12 @@ bool ConfigPackageUtility::ContainsDotDot(const String& path)
return false; return false;
} }
bool ConfigPackageUtility::ValidateName(const String& name) bool ConfigPackageUtility::ValidatePackageName(const String& packageName)
{
return ValidateFreshName(packageName);
}
bool ConfigPackageUtility::ValidateFreshName(const String& name)
{ {
if (name.IsEmpty()) if (name.IsEmpty())
return false; return false;

10
lib/remote/configpackageutility.hpp
View File

@ -42,7 +42,13 @@ public:
static std::vector<std::pair<String, bool> > GetFiles(const String& packageName, const String& stageName); static std::vector<std::pair<String, bool> > GetFiles(const String& packageName, const String& stageName);
static bool ContainsDotDot(const String& path); static bool ContainsDotDot(const String& path);
static bool ValidateName(const String& name); static bool ValidatePackageName(const String& packageName);
static inline
bool ValidateStageName(const String& stageName)
{
return ValidateFreshName(stageName);
}
static std::mutex& GetStaticPackageMutex(); static std::mutex& GetStaticPackageMutex();
static std::mutex& GetStaticActiveStageMutex(); static std::mutex& GetStaticActiveStageMutex();
@ -54,6 +60,8 @@ private:
static void WriteStageConfig(const String& packageName, const String& stageName); static void WriteStageConfig(const String& packageName, const String& stageName);
static void TryActivateStageCallback(const ProcessResult& pr, const String& packageName, const String& stageName, bool activate, bool reload); static void TryActivateStageCallback(const ProcessResult& pr, const String& packageName, const String& stageName, bool activate, bool reload);
static bool ValidateFreshName(const String& name);
}; };
} }

10
lib/remote/configstageshandler.cpp
View File

@ -60,10 +60,10 @@ void ConfigStagesHandler::HandleGet(
String packageName = HttpUtility::GetLastParameter(params, "package"); String packageName = HttpUtility::GetLastParameter(params, "package");
String stageName = HttpUtility::GetLastParameter(params, "stage"); String stageName = HttpUtility::GetLastParameter(params, "stage");
if (!ConfigPackageUtility::ValidateName(packageName)) if (!ConfigPackageUtility::ValidatePackageName(packageName))
return HttpUtility::SendJsonError(response, params, 400, "Invalid package name '" + packageName + "'."); return HttpUtility::SendJsonError(response, params, 400, "Invalid package name '" + packageName + "'.");
if (!ConfigPackageUtility::ValidateName(stageName)) if (!ConfigPackageUtility::ValidateStageName(stageName))
return HttpUtility::SendJsonError(response, params, 400, "Invalid stage name '" + stageName + "'."); return HttpUtility::SendJsonError(response, params, 400, "Invalid stage name '" + stageName + "'.");
ArrayData results; ArrayData results;
@ -104,7 +104,7 @@ void ConfigStagesHandler::HandlePost(
String packageName = HttpUtility::GetLastParameter(params, "package"); String packageName = HttpUtility::GetLastParameter(params, "package");
if (!ConfigPackageUtility::ValidateName(packageName)) if (!ConfigPackageUtility::ValidatePackageName(packageName))
return HttpUtility::SendJsonError(response, params, 400, "Invalid package name '" + packageName + "'."); return HttpUtility::SendJsonError(response, params, 400, "Invalid package name '" + packageName + "'.");
bool reload = true; bool reload = true;
@ -184,10 +184,10 @@ void ConfigStagesHandler::HandleDelete(
String packageName = HttpUtility::GetLastParameter(params, "package"); String packageName = HttpUtility::GetLastParameter(params, "package");
String stageName = HttpUtility::GetLastParameter(params, "stage"); String stageName = HttpUtility::GetLastParameter(params, "stage");
if (!ConfigPackageUtility::ValidateName(packageName)) if (!ConfigPackageUtility::ValidatePackageName(packageName))
return HttpUtility::SendJsonError(response, params, 400, "Invalid package name '" + packageName + "'."); return HttpUtility::SendJsonError(response, params, 400, "Invalid package name '" + packageName + "'.");
if (!ConfigPackageUtility::ValidateName(stageName)) if (!ConfigPackageUtility::ValidateStageName(stageName))
return HttpUtility::SendJsonError(response, params, 400, "Invalid stage name '" + stageName + "'."); return HttpUtility::SendJsonError(response, params, 400, "Invalid stage name '" + stageName + "'.");
try { try {

4
test/remote-configpackageutility.cpp
View File

@ -13,12 +13,12 @@ BOOST_AUTO_TEST_CASE(ValidateName)
{ {
std::vector<std::string> validNames {"foo", "foo-bar", "FooBar", "Foo123", "_Foo-", "123bar"}; std::vector<std::string> validNames {"foo", "foo-bar", "FooBar", "Foo123", "_Foo-", "123bar"};
for (const std::string& n : validNames) { for (const std::string& n : validNames) {
BOOST_CHECK_MESSAGE(ConfigPackageUtility::ValidateName(n), "'" << n << "' should be valid"); BOOST_CHECK_MESSAGE(ConfigPackageUtility::ValidatePackageName(n), "'" << n << "' should be valid");
} }
std::vector<std::string> invalidNames {"", ".", "..", "foo.bar", "foo/../bar", "foo/bar", "foo:bar"}; std::vector<std::string> invalidNames {"", ".", "..", "foo.bar", "foo/../bar", "foo/bar", "foo:bar"};
for (const std::string& n : invalidNames) { for (const std::string& n : invalidNames) {
BOOST_CHECK_MESSAGE(!ConfigPackageUtility::ValidateName(n), "'" << n << "' should not be valid"); BOOST_CHECK_MESSAGE(!ConfigPackageUtility::ValidatePackageName(n), "'" << n << "' should not be valid");
} }
} }