Head

GCC Code Coverage Report

Directory:	cvmfs/		Exec	Total	Coverage
File:	cvmfs/sanitizer.h	Lines:	17	22	77.3 %
Date:	2019-02-03 02:48:13	Branches:	8	20	40.0 %


/**
 * This file is part of the CernVM File System.
 */

#ifndef CVMFS_SANITIZER_H_
#define CVMFS_SANITIZER_H_

#include <string>
#include <vector>

#ifdef CVMFS_NAMESPACE_GUARD
namespace CVMFS_NAMESPACE_GUARD {
#endif

namespace sanitizer {

class CharRange {
 public:
  CharRange(const char range_begin, const char range_end);
  explicit CharRange(const char single_char);
  bool InRange(const char c) const;
 private:
  char range_begin_;
  char range_end_;
};


class InputSanitizer {
 public:
  // whitelist is of the form "az AZ _ - 09"
  // Any other format will abort the program
  explicit InputSanitizer(const std::string &whitelist);
  InputSanitizer(const std::string &whitelist, int max_length);
  virtual ~InputSanitizer() { }

  std::string Filter(const std::string &input) const;
  bool IsValid(const std::string &input) const;

 protected:
  bool Sanitize(const std::string &input, std::string *filtered_output) const {
    return Sanitize(input.begin(), input.end(), filtered_output);
  }
  virtual bool Sanitize(std::string::const_iterator   begin,
                        std::string::const_iterator   end,
                        std::string                  *filtered_output) const;
  bool CheckRanges(const char chr) const;

 private:
  void InitValidRanges(const std::string &whitelist);

  int max_length_;
  std::vector<CharRange> valid_ranges_;
};


class AlphaNumSanitizer : public InputSanitizer {
 public:
  AlphaNumSanitizer() : InputSanitizer("az AZ 09") { }
};


class UuidSanitizer : public InputSanitizer {
 public:
  UuidSanitizer() : InputSanitizer("af AF 09 -") { }
};


class CacheInstanceSanitizer : public InputSanitizer {
 public:
  CacheInstanceSanitizer() : InputSanitizer("az AZ 09 _") { }
};


class RepositorySanitizer : public InputSanitizer {
 public:
  RepositorySanitizer() : InputSanitizer("az AZ 09 - _ .", 60) { }
};


class AuthzSchemaSanitizer : public InputSanitizer {
 public:
  AuthzSchemaSanitizer() : InputSanitizer("az AZ 09 - _ .") { }
};


// Also update is_valid_branch in cvmfs_server
class BranchSanitizer : public InputSanitizer {
 public:
  BranchSanitizer() : InputSanitizer("az AZ 09 - _ . @ /") { }
};


class IntegerSanitizer : public InputSanitizer {
 public:
  IntegerSanitizer() : InputSanitizer("09") { }

 protected:
  virtual bool Sanitize(std::string::const_iterator   begin,
                        std::string::const_iterator   end,
                        std::string                  *filtered_output) const;
};


class PositiveIntegerSanitizer : public IntegerSanitizer {
 public:
  PositiveIntegerSanitizer() : IntegerSanitizer() { }

 protected:
  virtual bool Sanitize(std::string::const_iterator   begin,
                        std::string::const_iterator   end,
                        std::string                  *filtered_output) const;
};


/**
 * Accepts both normal base64 and url conformant base64.
 */
class Base64Sanitizer : public InputSanitizer {
 public:
  Base64Sanitizer() : InputSanitizer("az AZ 09 + / - _ =") { }
};

/**
 * There could be more on the whitelist but this is already sufficient for the
 * octopus web service.  It includes the whitelist for valid repositories.
 */
class UriSanitizer : public InputSanitizer {
 public:
  UriSanitizer() : InputSanitizer("az AZ 09 . - _ /") { }
};

}  // namespace sanitizer

#ifdef CVMFS_NAMESPACE_GUARD
}  // namespace CVMFS_NAMESPACE_GUARD
#endif

#endif  // CVMFS_SANITIZER_H_


Generated by: GCOVR (Version 4.1)

Line	Branch	Exec	Source
1			/**
2			* This file is part of the CernVM File System.
3			*/
4
5			#ifndef CVMFS_SANITIZER_H_
6			#define CVMFS_SANITIZER_H_
7
8			#include <string>
9			#include <vector>
10
11			#ifdef CVMFS_NAMESPACE_GUARD
12			namespace CVMFS_NAMESPACE_GUARD {
13			#endif
14
15			namespace sanitizer {
16
17			class CharRange {
18			public:
19			CharRange(const char range_begin, const char range_end);
20			explicit CharRange(const char single_char);
21			bool InRange(const char c) const;
22			private:
23			char range_begin_;
24			char range_end_;
25			};
26
27
28			class InputSanitizer {
29			public:
30			// whitelist is of the form "az AZ _ - 09"
31			// Any other format will abort the program
32			explicit InputSanitizer(const std::string &whitelist);
33			InputSanitizer(const std::string &whitelist, int max_length);
34	✗✓	1588	virtual ~InputSanitizer() { }
35
36			std::string Filter(const std::string &input) const;
37			bool IsValid(const std::string &input) const;
38
39			protected:
40		1827	bool Sanitize(const std::string &input, std::string *filtered_output) const {
41		1827	return Sanitize(input.begin(), input.end(), filtered_output);
42			}
43			virtual bool Sanitize(std::string::const_iterator begin,
44			std::string::const_iterator end,
45			std::string *filtered_output) const;
46			bool CheckRanges(const char chr) const;
47
48			private:
49			void InitValidRanges(const std::string &whitelist);
50
51			int max_length_;
52			std::vector<CharRange> valid_ranges_;
53			};
54
55
56	✗✓	1	class AlphaNumSanitizer : public InputSanitizer {
57			public:
58		1	AlphaNumSanitizer() : InputSanitizer("az AZ 09") { }
59			};
60
61
62	✗✓	1	class UuidSanitizer : public InputSanitizer {
63			public:
64		1	UuidSanitizer() : InputSanitizer("af AF 09 -") { }
65			};
66
67
68	✗✓	37	class CacheInstanceSanitizer : public InputSanitizer {
69			public:
70		37	CacheInstanceSanitizer() : InputSanitizer("az AZ 09 _") { }
71			};
72
73
74	✗✓	9	class RepositorySanitizer : public InputSanitizer {
75			public:
76		9	RepositorySanitizer() : InputSanitizer("az AZ 09 - _ .", 60) { }
77			};
78
79
80			class AuthzSchemaSanitizer : public InputSanitizer {
81			public:
82			AuthzSchemaSanitizer() : InputSanitizer("az AZ 09 - _ .") { }
83			};
84
85
86			// Also update is_valid_branch in cvmfs_server
87			class BranchSanitizer : public InputSanitizer {
88			public:
89			BranchSanitizer() : InputSanitizer("az AZ 09 - _ . @ /") { }
90			};
91
92
93	✗✓	22	class IntegerSanitizer : public InputSanitizer {
94			public:
95		22	IntegerSanitizer() : InputSanitizer("09") { }
96
97			protected:
98			virtual bool Sanitize(std::string::const_iterator begin,
99			std::string::const_iterator end,
100			std::string *filtered_output) const;
101			};
102
103
104	✗✓	1	class PositiveIntegerSanitizer : public IntegerSanitizer {
105			public:
106		1	PositiveIntegerSanitizer() : IntegerSanitizer() { }
107
108			protected:
109			virtual bool Sanitize(std::string::const_iterator begin,
110			std::string::const_iterator end,
111			std::string *filtered_output) const;
112			};
113
114
115			/**
116			* Accepts both normal base64 and url conformant base64.
117			*/
118	✗✓	1	class Base64Sanitizer : public InputSanitizer {
119			public:
120		1	Base64Sanitizer() : InputSanitizer("az AZ 09 + / - _ =") { }
121			};
122
123			/**
124			* There could be more on the whitelist but this is already sufficient for the
125			* octopus web service. It includes the whitelist for valid repositories.
126			*/
127			class UriSanitizer : public InputSanitizer {
128			public:
129			UriSanitizer() : InputSanitizer("az AZ 09 . - _ /") { }
130			};
131
132			} // namespace sanitizer
133
134			#ifdef CVMFS_NAMESPACE_GUARD
135			} // namespace CVMFS_NAMESPACE_GUARD
136			#endif
137
138			#endif // CVMFS_SANITIZER_H_