Cavemanon/cavecomm
Archived
9
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Serverside Blacklisted Character Validation

Browse Source
This commit is contained in:
Tina_Azure
2023-09-20 13:36:33 +02:00
parent 7b7652b50d
commit 104cb1bcf8
2 changed files with 24 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/main.cpp
View File

@ -1080,6 +1080,9 @@ int main(int argc, char *argv[]) {
if (!Utilities::checkFiletypeValidity(configuration, filename))
return crow::response(400, "Submitted File does not have a valid filetype");
if (!Utilities::checkFilenameValidity(configuration, filename))
return crow::response(400, "Submitted File does not have a valid name");
if (!Utilities::validateFileSize(configuration, postRequest.body))
return crow::response(400, "File Size is not valid");

23
src/utilities.cpp
View File

@ -885,8 +885,7 @@ namespace Utilities {
bool validity = false;
std::string::size_type position;
position = fileName.rfind('.');
if(position != std::string::npos)
{
if(position != std::string::npos) {
std::string extension = fileName.substr(position+1);
for (const std::string& whitelistExtension : configuration.submissionAllowedFiletypes) {
if(extension == whitelistExtension) {
@ -898,6 +897,26 @@ namespace Utilities {
return validity;
}
/*
* Checks if a filename contains the submissionBlacklistedCharacters within the config
* takes the config and the filename which has to include the extension
*/
bool checkFilenameValidity(const Utilities::config& configuration, const std::string& fileName){
bool validity = true;
std::string::size_type position;
position = fileName.rfind('.');
if(position != std::string::npos) {
std::string fileNameWithoutType = fileName.substr(0, position);
for (const std::string& blacklistedCharacters : configuration.submissionBlacklistedCharacters) {
if(fileNameWithoutType.find(blacklistedCharacters) != std::string::npos) {
validity = false;
break;
}
}
}
return validity;
}
/*
* Checks if a filename size is within the limit of submissionMaxFileNameSize
* takes the config and the filename which has to include the extension