| Directory: | cvmfs/ |
|---|---|
| File: | cvmfs/sanitizer.h |
| Date: | 2025-11-09 02:35:23 |
| Exec | Total | Coverage | |
|---|---|---|---|
| Lines: | 10 | 13 | 76.9% |
| Branches: | 12 | 32 | 37.5% |
| Line | Branch | Exec | Source |
|---|---|---|---|
| 1 | /** | ||
| 2 | * This file is part of the CernVM File System. | ||
| 3 | */ | ||
| 4 | |||
| 5 | #ifndef CVMFS_SANITIZER_H_ | ||
| 6 | #define CVMFS_SANITIZER_H_ | ||
| 7 | |||
| 8 | #include <string> | ||
| 9 | #include <vector> | ||
| 10 | |||
| 11 | #ifdef CVMFS_NAMESPACE_GUARD | ||
| 12 | namespace CVMFS_NAMESPACE_GUARD { | ||
| 13 | #endif | ||
| 14 | |||
| 15 | namespace sanitizer { | ||
| 16 | |||
| 17 | class CharRange { | ||
| 18 | public: | ||
| 19 | CharRange(const char range_begin, const char range_end); | ||
| 20 | explicit CharRange(const char single_char); | ||
| 21 | bool InRange(const char c) const; | ||
| 22 | |||
| 23 | private: | ||
| 24 | char range_begin_; | ||
| 25 | char range_end_; | ||
| 26 | }; | ||
| 27 | |||
| 28 | |||
| 29 | class InputSanitizer { | ||
| 30 | public: | ||
| 31 | // whitelist is of the form "az AZ _ - 09" | ||
| 32 | // Any other format will abort the program | ||
| 33 | explicit InputSanitizer(const std::string &whitelist); | ||
| 34 | InputSanitizer(const std::string &whitelist, int max_length); | ||
| 35 | 60436 | virtual ~InputSanitizer() { } | |
| 36 | |||
| 37 | std::string Filter(const std::string &input) const; | ||
| 38 | bool IsValid(const std::string &input) const; | ||
| 39 | |||
| 40 | protected: | ||
| 41 | 32624 | bool Sanitize(const std::string &input, std::string *filtered_output) const { | |
| 42 | 32624 | return Sanitize(input.begin(), input.end(), filtered_output); | |
| 43 | } | ||
| 44 | virtual bool Sanitize(std::string::const_iterator begin, | ||
| 45 | std::string::const_iterator end, | ||
| 46 | std::string *filtered_output) const; | ||
| 47 | bool CheckRanges(const char chr) const; | ||
| 48 | |||
| 49 | private: | ||
| 50 | void InitValidRanges(const std::string &whitelist); | ||
| 51 | |||
| 52 | int max_length_; | ||
| 53 | std::vector<CharRange> valid_ranges_; | ||
| 54 | }; | ||
| 55 | |||
| 56 | |||
| 57 | class AlphaNumSanitizer : public InputSanitizer { | ||
| 58 | public: | ||
| 59 |
2/4✓ Branch 2 taken 46 times.
✗ Branch 3 not taken.
✓ Branch 5 taken 46 times.
✗ Branch 6 not taken.
|
46 | AlphaNumSanitizer() : InputSanitizer("az AZ 09") { } |
| 60 | }; | ||
| 61 | |||
| 62 | |||
| 63 | class UuidSanitizer : public InputSanitizer { | ||
| 64 | public: | ||
| 65 |
2/4✓ Branch 2 taken 46 times.
✗ Branch 3 not taken.
✓ Branch 5 taken 46 times.
✗ Branch 6 not taken.
|
46 | UuidSanitizer() : InputSanitizer("af AF 09 -") { } |
| 66 | }; | ||
| 67 | |||
| 68 | |||
| 69 | class CacheInstanceSanitizer : public InputSanitizer { | ||
| 70 | public: | ||
| 71 |
2/4✓ Branch 2 taken 255 times.
✗ Branch 3 not taken.
✓ Branch 5 taken 255 times.
✗ Branch 6 not taken.
|
255 | CacheInstanceSanitizer() : InputSanitizer("az AZ 09 _") { } |
| 72 | }; | ||
| 73 | |||
| 74 | |||
| 75 | class RepositorySanitizer : public InputSanitizer { | ||
| 76 | public: | ||
| 77 |
2/4✓ Branch 2 taken 51 times.
✗ Branch 3 not taken.
✓ Branch 5 taken 51 times.
✗ Branch 6 not taken.
|
51 | RepositorySanitizer() : InputSanitizer("az AZ 09 - _ .", 60) { } |
| 78 | }; | ||
| 79 | |||
| 80 | |||
| 81 | class AuthzSchemaSanitizer : public InputSanitizer { | ||
| 82 | public: | ||
| 83 | ✗ | AuthzSchemaSanitizer() : InputSanitizer("az AZ 09 - _ .") { } | |
| 84 | }; | ||
| 85 | |||
| 86 | |||
| 87 | // Also update is_valid_branch in cvmfs_server | ||
| 88 | class BranchSanitizer : public InputSanitizer { | ||
| 89 | public: | ||
| 90 | ✗ | BranchSanitizer() : InputSanitizer("az AZ 09 - _ . @ /") { } | |
| 91 | }; | ||
| 92 | |||
| 93 | |||
| 94 | class TagSanitizer : public InputSanitizer { | ||
| 95 | public: | ||
| 96 | ✗ | TagSanitizer() : InputSanitizer("az AZ 09 - _ . / :") { } | |
| 97 | }; | ||
| 98 | |||
| 99 | |||
| 100 | class IntegerSanitizer : public InputSanitizer { | ||
| 101 | public: | ||
| 102 |
2/4✓ Branch 2 taken 260 times.
✗ Branch 3 not taken.
✓ Branch 5 taken 260 times.
✗ Branch 6 not taken.
|
260 | IntegerSanitizer() : InputSanitizer("09") { } |
| 103 | |||
| 104 | protected: | ||
| 105 | virtual bool Sanitize(std::string::const_iterator begin, | ||
| 106 | std::string::const_iterator end, | ||
| 107 | std::string *filtered_output) const; | ||
| 108 | }; | ||
| 109 | |||
| 110 | |||
| 111 | class PositiveIntegerSanitizer : public IntegerSanitizer { | ||
| 112 | public: | ||
| 113 | 46 | PositiveIntegerSanitizer() : IntegerSanitizer() { } | |
| 114 | |||
| 115 | protected: | ||
| 116 | virtual bool Sanitize(std::string::const_iterator begin, | ||
| 117 | std::string::const_iterator end, | ||
| 118 | std::string *filtered_output) const; | ||
| 119 | }; | ||
| 120 | |||
| 121 | |||
| 122 | /** | ||
| 123 | * Accepts both normal base64 and url conformant base64. | ||
| 124 | */ | ||
| 125 | class Base64Sanitizer : public InputSanitizer { | ||
| 126 | public: | ||
| 127 |
2/4✓ Branch 2 taken 46 times.
✗ Branch 3 not taken.
✓ Branch 5 taken 46 times.
✗ Branch 6 not taken.
|
46 | Base64Sanitizer() : InputSanitizer("az AZ 09 + / - _ =") { } |
| 128 | }; | ||
| 129 | |||
| 130 | /** | ||
| 131 | * There could be more on the whitelist but this is already sufficient for the | ||
| 132 | * octopus web service. It includes the whitelist for valid repositories. | ||
| 133 | */ | ||
| 134 | class UriSanitizer : public InputSanitizer { | ||
| 135 | public: | ||
| 136 | UriSanitizer() : InputSanitizer("az AZ 09 . - _ /") { } | ||
| 137 | }; | ||
| 138 | |||
| 139 | } // namespace sanitizer | ||
| 140 | |||
| 141 | #ifdef CVMFS_NAMESPACE_GUARD | ||
| 142 | } // namespace CVMFS_NAMESPACE_GUARD | ||
| 143 | #endif | ||
| 144 | |||
| 145 | #endif // CVMFS_SANITIZER_H_ | ||
| 146 |