From 104cb1bcf81040deb11ef10f4da134c02a0779b4 Mon Sep 17 00:00:00 2001
From: Tina_Azure <->
Date: Wed, 20 Sep 2023 13:36:33 +0200
Subject: [PATCH] Serverside Blacklisted Character Validation

---
 src/main.cpp      |  3 +++
 src/utilities.cpp | 23 +++++++++++++++++++++--
 2 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/src/main.cpp b/src/main.cpp
index f30b1a4..43e88ef 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -1080,6 +1080,9 @@ int main(int argc, char *argv[]) {
                     if (!Utilities::checkFiletypeValidity(configuration, filename))
                         return crow::response(400, "Submitted File does not have a valid filetype");
 
+                    if (!Utilities::checkFilenameValidity(configuration, filename))
+                        return crow::response(400, "Submitted File does not have a valid name");
+
                     if (!Utilities::validateFileSize(configuration, postRequest.body))
                         return crow::response(400, "File Size is not valid");
 
diff --git a/src/utilities.cpp b/src/utilities.cpp
index 46de979..25541c6 100644
--- a/src/utilities.cpp
+++ b/src/utilities.cpp
@@ -885,8 +885,7 @@ namespace Utilities {
         bool validity = false;
         std::string::size_type position;
         position = fileName.rfind('.');
-        if(position != std::string::npos)
-        {
+        if(position != std::string::npos) {
             std::string extension = fileName.substr(position+1);
             for (const std::string& whitelistExtension : configuration.submissionAllowedFiletypes) {
                 if(extension == whitelistExtension) {
@@ -898,6 +897,26 @@ namespace Utilities {
         return validity;
     }
 
+    /*
+     * Checks if a filename contains the submissionBlacklistedCharacters within the config
+     * takes the config and the filename which has to include the extension
+     */
+    bool checkFilenameValidity(const Utilities::config& configuration, const std::string& fileName){
+        bool validity = true;
+        std::string::size_type position;
+        position = fileName.rfind('.');
+        if(position != std::string::npos) {
+            std::string fileNameWithoutType = fileName.substr(0, position);
+            for (const std::string& blacklistedCharacters : configuration.submissionBlacklistedCharacters) {
+                if(fileNameWithoutType.find(blacklistedCharacters) != std::string::npos) {
+                    validity = false;
+                    break;
+                }
+            }
+        }
+        return validity;
+    }
+
     /*
      * Checks if a filename size is within the limit of submissionMaxFileNameSize
      * takes the config and the filename which has to include the extension