aboutsummaryrefslogtreecommitdiff
path: root/src/zenserver/sessions/httpsessions.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/zenserver/sessions/httpsessions.cpp')
-rw-r--r--src/zenserver/sessions/httpsessions.cpp26
1 files changed, 22 insertions, 4 deletions
diff --git a/src/zenserver/sessions/httpsessions.cpp b/src/zenserver/sessions/httpsessions.cpp
index 2276cb81a..88db36828 100644
--- a/src/zenserver/sessions/httpsessions.cpp
+++ b/src/zenserver/sessions/httpsessions.cpp
@@ -5,6 +5,7 @@
#include <zencore/compactbinarybuilder.h>
#include <zencore/fmtutils.h>
#include <zencore/logging.h>
+#include <zencore/string.h>
#include <zencore/trace.h>
#include "sessions.h"
@@ -470,9 +471,14 @@ HttpSessionsService::SessionLogRequest(HttpRouterRequest& Req)
std::string_view CursorStr = Params.GetValue("cursor"sv);
if (!CursorStr.empty())
{
- uint64_t AfterCursor = std::strtoull(std::string(CursorStr).c_str(), nullptr, 10);
+ const std::optional<uint64_t> AfterCursor = ParseInt<uint64_t>(CursorStr);
+ if (!AfterCursor)
+ {
+ m_SessionsStats.BadRequestCount++;
+ return ServerRequest.WriteResponse(HttpResponseCode::BadRequest, HttpContentType::kText, "Invalid 'cursor' parameter"sv);
+ }
- SessionsService::Session::CursorResult Result = Session->GetLogEntriesAfter(AfterCursor);
+ SessionsService::Session::CursorResult Result = Session->GetLogEntriesAfter(*AfterCursor);
CbObjectWriter Response;
Response << "cursor" << Result.Cursor;
@@ -495,11 +501,23 @@ HttpSessionsService::SessionLogRequest(HttpRouterRequest& Req)
if (std::string_view LimitStr = Params.GetValue("limit"sv); !LimitStr.empty())
{
- Limit = uint32_t(std::strtoul(std::string(LimitStr).c_str(), nullptr, 10));
+ const std::optional<uint32_t> Parsed = ParseInt<uint32_t>(LimitStr);
+ if (!Parsed)
+ {
+ m_SessionsStats.BadRequestCount++;
+ return ServerRequest.WriteResponse(HttpResponseCode::BadRequest, HttpContentType::kText, "Invalid 'limit' parameter"sv);
+ }
+ Limit = *Parsed;
}
if (std::string_view OffsetStr = Params.GetValue("offset"sv); !OffsetStr.empty())
{
- Offset = uint32_t(std::strtoul(std::string(OffsetStr).c_str(), nullptr, 10));
+ const std::optional<uint32_t> Parsed = ParseInt<uint32_t>(OffsetStr);
+ if (!Parsed)
+ {
+ m_SessionsStats.BadRequestCount++;
+ return ServerRequest.WriteResponse(HttpResponseCode::BadRequest, HttpContentType::kText, "Invalid 'offset' parameter"sv);
+ }
+ Offset = *Parsed;
}
std::vector<SessionsService::LogEntry> Entries = Session->GetLogEntries(Limit, Offset);
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-06 19:46:14 +0000