Serverside Blacklisted Character Validation
This commit is contained in:
Tina_Azure
@ -1080,6 +1080,9 @@ int main(int argc, char *argv[]) {
|
|||||||
if (!Utilities::checkFiletypeValidity(configuration, filename))
|
if (!Utilities::checkFiletypeValidity(configuration, filename))
|
||||||
return crow::response(400, "Submitted File does not have a valid filetype");
|
return crow::response(400, "Submitted File does not have a valid filetype");
|
||||||
|
|
||||||
|
if (!Utilities::checkFilenameValidity(configuration, filename))
|
||||||
|
return crow::response(400, "Submitted File does not have a valid name");
|
||||||
|
|
||||||
if (!Utilities::validateFileSize(configuration, postRequest.body))
|
if (!Utilities::validateFileSize(configuration, postRequest.body))
|
||||||
return crow::response(400, "File Size is not valid");
|
return crow::response(400, "File Size is not valid");
|
||||||
|
|
||||||
|
|||||||
@ -885,8 +885,7 @@ namespace Utilities {
|
|||||||
bool validity = false;
|
bool validity = false;
|
||||||
std::string::size_type position;
|
std::string::size_type position;
|
||||||
position = fileName.rfind('.');
|
position = fileName.rfind('.');
|
||||||
if(position != std::string::npos)
|
if(position != std::string::npos) {
|
||||||
{
|
|
||||||
std::string extension = fileName.substr(position+1);
|
std::string extension = fileName.substr(position+1);
|
||||||
for (const std::string& whitelistExtension : configuration.submissionAllowedFiletypes) {
|
for (const std::string& whitelistExtension : configuration.submissionAllowedFiletypes) {
|
||||||
if(extension == whitelistExtension) {
|
if(extension == whitelistExtension) {
|
||||||
@ -898,6 +897,26 @@ namespace Utilities {
|
|||||||
return validity;
|
return validity;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Checks if a filename contains the submissionBlacklistedCharacters within the config
|
||||||
|
* takes the config and the filename which has to include the extension
|
||||||
|
*/
|
||||||
|
bool checkFilenameValidity(const Utilities::config& configuration, const std::string& fileName){
|
||||||
|
bool validity = true;
|
||||||
|
std::string::size_type position;
|
||||||
|
position = fileName.rfind('.');
|
||||||
|
if(position != std::string::npos) {
|
||||||
|
std::string fileNameWithoutType = fileName.substr(0, position);
|
||||||
|
for (const std::string& blacklistedCharacters : configuration.submissionBlacklistedCharacters) {
|
||||||
|
if(fileNameWithoutType.find(blacklistedCharacters) != std::string::npos) {
|
||||||
|
validity = false;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return validity;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Checks if a filename size is within the limit of submissionMaxFileNameSize
|
* Checks if a filename size is within the limit of submissionMaxFileNameSize
|
||||||
* takes the config and the filename which has to include the extension
|
* takes the config and the filename which has to include the extension
|
||||||
|
|||||||
Reference in New Issue
Block a user