aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorMichael McVady <femtonaut@gmail.com>2023-01-02 21:53:22 -0600
committerMichael McVady <femtonaut@gmail.com>2023-01-03 10:54:24 -0600
commit223c5762f9cd5bb1e9d77ec21d927847600a6a0b (patch)
tree9a74f897015c3d2e8be37d410af725785409968c /src
parenta04296997c32f68e826ea453484ef3ee9880701e (diff)
First pass at UUID validation
Diffstat (limited to 'src')
-rw-r--r--src/clog.c69
1 files changed, 58 insertions, 11 deletions
diff --git a/src/clog.c b/src/clog.c
index 2ce9b88..e15b1ee 100644
--- a/src/clog.c
+++ b/src/clog.c
@@ -1,13 +1,10 @@
+#include <ctype.h>
+
#include <kore/kore.h>
#include <kore/http.h>
#include <kore/pgsql.h>
#include <kore/seccomp.h>
-#include "assets.h"
-
-// FIXME: Why does compilation fail if this is a .c file?
-#include "queries.h"
-
#include "../lib/md4c/src/entity.h"
#include "../lib/md4c/src/entity.c"
#include "../lib/md4c/src/md4c.h"
@@ -15,6 +12,10 @@
#include "../lib/md4c/src/md4c-html.h"
#include "../lib/md4c/src/md4c-html.c"
+#include "assets.h"
+// FIXME: Why does compilation fail if this is a .c file?
+#include "queries.h"
+
KORE_SECCOMP_FILTER("clog",
KORE_SYSCALL_ALLOW(bind),
KORE_SYSCALL_ALLOW(getdents64),
@@ -45,6 +46,8 @@ static const char * const error_msg[] = {
void post_request_init(struct post_request *post_req);
void post_request_cleanup(struct post_request *post_req);
+int validate_uuid(const char *input);
+
int redirect(struct http_request *req);
int post(struct http_request *req);
@@ -56,7 +59,8 @@ int render_posts_query(struct post_request *post_req);
static void process_md_output(const MD_CHAR *, MD_SIZE size, void *);
static int render_md(const char *, struct kore_buf *);
-void post_request_init(struct post_request *post_req) {
+void
+post_request_init(struct post_request *post_req) {
post_req->req = NULL;
post_req->resource = NULL;
post_req->type = JSON;
@@ -65,11 +69,37 @@ void post_request_init(struct post_request *post_req) {
post_req->resp_buf = kore_buf_alloc(0);
}
-void post_request_cleanup(struct post_request *post_req) {
- if (post_req->resp_buf != NULL) {
+void
+post_request_cleanup(struct post_request *post_req) {
+ if (post_req->resp_buf != NULL)
kore_buf_free(post_req->resp_buf);
- post_req->resp_buf = NULL;
+ post_req->resp_buf = NULL;
+}
+
+int
+validate_uuid(const char *input) {
+ int i = 0;
+ const char *p = NULL;
+
+ if (strlen(input) != 36)
+ return KORE_RESULT_ERROR;
+
+ for (i = 0, p = input; i <= 36; i++) {
+ if ((i == 8) || (i == 13) || (i == 18) || (i == 23)) {
+ if (p[i] != '-')
+ return KORE_RESULT_ERROR;
+ continue;
+ }
+ if (i == 36) {
+ if (p[i] != '\0')
+ return KORE_RESULT_ERROR;
+ continue;
+ }
+ if (!isxdigit(p[i]))
+ return KORE_RESULT_ERROR;
}
+
+ return KORE_RESULT_OK;
}
int
@@ -131,6 +161,7 @@ render_posts(struct http_request *req, const char *resource) {
} else {
http_response_header(post_req.req, "content-type", "text/html; charset=utf-8");
+
kore_buf_append(post_req.resp_buf, asset_index_begin_html, asset_len_index_begin_html);
(void) render_posts_query(&post_req);
@@ -175,6 +206,17 @@ render_posts_query(struct post_request *post_req) {
kore_pgsql_init(&sql);
+ // TODO use kore validation here.
+ if (post_req->resource) {
+ // Check for valid resource ID/UUID
+ err = validate_uuid(post_req->resource);
+ if (err == KORE_RESULT_ERROR) {
+ post_req->resp_status = HTTP_STATUS_NOT_FOUND;
+ kore_log(LOG_ERR, "Invalid post id %s.", post_req->resource);
+ goto out;
+ }
+ }
+
// Initialize our kore_pgsql data structure with the database name
// we want to connect to (note that we registered this earlier with
// kore_pgsql_register()). We also say we will perform a synchronous
@@ -261,6 +303,7 @@ render_posts_query(struct post_request *post_req) {
kore_buf_free(html_buf);
}
}
+
out: ;
kore_pgsql_cleanup(&sql);
@@ -285,7 +328,7 @@ render_md(const char *in, struct kore_buf *out) {
);
if(err != 0) {
- kore_log(LOG_ERR, "Parsing Markdown failed.\n");
+ kore_log(LOG_ERR, "Parsing Markdown failed.");
return KORE_RESULT_ERROR;
}
@@ -294,6 +337,10 @@ render_md(const char *in, struct kore_buf *out) {
static void
process_md_output(const MD_CHAR *html, MD_SIZE size, void *buf) {
- kore_buf_append((struct kore_buf *) buf, (const void *) html, (size_t) size);
+ kore_buf_append(
+ (struct kore_buf *) buf,
+ (const void *) html,
+ (size_t) size
+ );
}