diff options
| author | Stefan Boberg <[email protected]> | 2021-06-17 13:54:53 +0200 |
|---|---|---|
| committer | Stefan Boberg <[email protected]> | 2021-06-17 13:54:53 +0200 |
| commit | b539d1cef81cec155a5b5e8e0c14b57d13e687fe (patch) | |
| tree | 64cbf024ef650a16aeb0b6b49ae08c94b65d0b29 | |
| parent | Added debugging hints (diff) | |
| download | zen-b539d1cef81cec155a5b5e8e0c14b57d13e687fe.tar.xz zen-b539d1cef81cec155a5b5e8e0c14b57d13e687fe.zip | |
Validate that structured cache bucket identifiers are alphanumeric
| -rw-r--r-- | zenserver-test/zenserver-test.cpp | 25 | ||||
| -rw-r--r-- | zenserver/cache/structuredcache.cpp | 6 |
2 files changed, 29 insertions, 2 deletions
diff --git a/zenserver-test/zenserver-test.cpp b/zenserver-test/zenserver-test.cpp index 6600af6de..114c3e86b 100644 --- a/zenserver-test/zenserver-test.cpp +++ b/zenserver-test/zenserver-test.cpp @@ -1097,6 +1097,8 @@ TEST_CASE("z$.basic") const int kIterationCount = 100; const auto BaseUri = "http://localhost:{}/z$"_format(PortNumber); + auto HashKey = [](int i) -> zen::IoHash { return zen::IoHash::HashMemory(&i, sizeof i); }; + { ZenServerInstance Instance1(TestEnv); Instance1.SetTestDir(TestDir); @@ -1114,7 +1116,7 @@ TEST_CASE("z$.basic") zen::BinaryWriter Writer{MemOut}; Cbo.Save(Writer); - zen::IoHash Key = zen::IoHash::HashMemory(&i, sizeof i); + zen::IoHash Key = HashKey(i); cpr::Response Result = cpr::Put(cpr::Url{"{}/{}/{}"_format(BaseUri, "test", Key)}, cpr::Body{(const char*)MemOut.Data(), MemOut.Size()}, @@ -1133,6 +1135,25 @@ TEST_CASE("z$.basic") CHECK(Result.status_code == 200); } + + // Ensure bad bucket identifiers are rejected + + { + zen::CbObjectWriter Cbo; + Cbo << "index" << 42; + + zen::MemoryOutStream MemOut; + zen::BinaryWriter Writer{MemOut}; + Cbo.Save(Writer); + + zen::IoHash Key = HashKey(442); + + cpr::Response Result = cpr::Put(cpr::Url{"{}/{}/{}"_format(BaseUri, "te!st", Key)}, + cpr::Body{(const char*)MemOut.Data(), MemOut.Size()}, + cpr::Header{{"Content-Type", "application/x-ue-cb"}}); + + CHECK(Result.status_code == 400); + } } // Verify that the data persists between process runs (the previous server has exited at this point) @@ -1147,7 +1168,7 @@ TEST_CASE("z$.basic") for (int i = 0; i < kIterationCount; ++i) { - zen::IoHash Key = zen::IoHash::HashMemory(&i, sizeof i); + zen::IoHash Key = HashKey(i); cpr::Response Result = cpr::Get(cpr::Url{"{}/{}/{}"_format(BaseUri, "test", Key)}); diff --git a/zenserver/cache/structuredcache.cpp b/zenserver/cache/structuredcache.cpp index fc93896fc..9083f764e 100644 --- a/zenserver/cache/structuredcache.cpp +++ b/zenserver/cache/structuredcache.cpp @@ -15,6 +15,7 @@ #include "zenstore/cidstore.h" #include <spdlog/spdlog.h> +#include <algorithm> #include <filesystem> namespace zen { @@ -311,6 +312,11 @@ HttpStructuredCacheService::ValidateUri(zen::HttpServerRequest& Request, CacheRe OutRef.BucketSegment = Key.substr(0, BucketSplitOffset); + if (!std::all_of(begin(OutRef.BucketSegment), end(OutRef.BucketSegment), [](const char c) { return std::isalnum(c); })) + { + return false; + } + std::string_view HashSegment; std::string_view PayloadSegment; |