| Directory: | cvmfs/ |
|---|---|
| File: | cvmfs/sanitizer.h |
| Date: | 2025-02-09 02:34:19 |
| Exec | Total | Coverage | |
|---|---|---|---|
| Lines: | 10 | 13 | 76.9% |
| Branches: | 12 | 32 | 37.5% |
| Line | Branch | Exec | Source |
|---|---|---|---|
| 1 | /** | ||
| 2 | * This file is part of the CernVM File System. | ||
| 3 | */ | ||
| 4 | |||
| 5 | #ifndef CVMFS_SANITIZER_H_ | ||
| 6 | #define CVMFS_SANITIZER_H_ | ||
| 7 | |||
| 8 | #include <string> | ||
| 9 | #include <vector> | ||
| 10 | |||
| 11 | #ifdef CVMFS_NAMESPACE_GUARD | ||
| 12 | namespace CVMFS_NAMESPACE_GUARD { | ||
| 13 | #endif | ||
| 14 | |||
| 15 | namespace sanitizer { | ||
| 16 | |||
| 17 | class CharRange { | ||
| 18 | public: | ||
| 19 | CharRange(const char range_begin, const char range_end); | ||
| 20 | explicit CharRange(const char single_char); | ||
| 21 | bool InRange(const char c) const; | ||
| 22 | private: | ||
| 23 | char range_begin_; | ||
| 24 | char range_end_; | ||
| 25 | }; | ||
| 26 | |||
| 27 | |||
| 28 | class InputSanitizer { | ||
| 29 | public: | ||
| 30 | // whitelist is of the form "az AZ _ - 09" | ||
| 31 | // Any other format will abort the program | ||
| 32 | explicit InputSanitizer(const std::string &whitelist); | ||
| 33 | InputSanitizer(const std::string &whitelist, int max_length); | ||
| 34 | 2428 | virtual ~InputSanitizer() { } | |
| 35 | |||
| 36 | std::string Filter(const std::string &input) const; | ||
| 37 | bool IsValid(const std::string &input) const; | ||
| 38 | |||
| 39 | protected: | ||
| 40 | 1275 | bool Sanitize(const std::string &input, std::string *filtered_output) const { | |
| 41 | 1275 | return Sanitize(input.begin(), input.end(), filtered_output); | |
| 42 | } | ||
| 43 | virtual bool Sanitize(std::string::const_iterator begin, | ||
| 44 | std::string::const_iterator end, | ||
| 45 | std::string *filtered_output) const; | ||
| 46 | bool CheckRanges(const char chr) const; | ||
| 47 | |||
| 48 | private: | ||
| 49 | void InitValidRanges(const std::string &whitelist); | ||
| 50 | |||
| 51 | int max_length_; | ||
| 52 | std::vector<CharRange> valid_ranges_; | ||
| 53 | }; | ||
| 54 | |||
| 55 | |||
| 56 | class AlphaNumSanitizer : public InputSanitizer { | ||
| 57 | public: | ||
| 58 |
2/4✓ Branch 2 taken 1 times.
✗ Branch 3 not taken.
✓ Branch 5 taken 1 times.
✗ Branch 6 not taken.
|
1 | AlphaNumSanitizer() : InputSanitizer("az AZ 09") { } |
| 59 | }; | ||
| 60 | |||
| 61 | |||
| 62 | class UuidSanitizer : public InputSanitizer { | ||
| 63 | public: | ||
| 64 |
2/4✓ Branch 2 taken 1 times.
✗ Branch 3 not taken.
✓ Branch 5 taken 1 times.
✗ Branch 6 not taken.
|
1 | UuidSanitizer() : InputSanitizer("af AF 09 -") { } |
| 65 | }; | ||
| 66 | |||
| 67 | |||
| 68 | class CacheInstanceSanitizer : public InputSanitizer { | ||
| 69 | public: | ||
| 70 |
2/4✓ Branch 2 taken 15 times.
✗ Branch 3 not taken.
✓ Branch 5 taken 15 times.
✗ Branch 6 not taken.
|
15 | CacheInstanceSanitizer() : InputSanitizer("az AZ 09 _") { } |
| 71 | }; | ||
| 72 | |||
| 73 | |||
| 74 | class RepositorySanitizer : public InputSanitizer { | ||
| 75 | public: | ||
| 76 |
2/4✓ Branch 2 taken 3 times.
✗ Branch 3 not taken.
✓ Branch 5 taken 3 times.
✗ Branch 6 not taken.
|
3 | RepositorySanitizer() : InputSanitizer("az AZ 09 - _ .", 60) { } |
| 77 | }; | ||
| 78 | |||
| 79 | |||
| 80 | class AuthzSchemaSanitizer : public InputSanitizer { | ||
| 81 | public: | ||
| 82 | ✗ | AuthzSchemaSanitizer() : InputSanitizer("az AZ 09 - _ .") { } | |
| 83 | }; | ||
| 84 | |||
| 85 | |||
| 86 | // Also update is_valid_branch in cvmfs_server | ||
| 87 | class BranchSanitizer : public InputSanitizer { | ||
| 88 | public: | ||
| 89 | ✗ | BranchSanitizer() : InputSanitizer("az AZ 09 - _ . @ /") { } | |
| 90 | }; | ||
| 91 | |||
| 92 | |||
| 93 | class TagSanitizer : public InputSanitizer { | ||
| 94 | public: | ||
| 95 | ✗ | TagSanitizer() : InputSanitizer("az AZ 09 - _ . / :") { } | |
| 96 | }; | ||
| 97 | |||
| 98 | |||
| 99 | class IntegerSanitizer : public InputSanitizer { | ||
| 100 | public: | ||
| 101 |
2/4✓ Branch 2 taken 10 times.
✗ Branch 3 not taken.
✓ Branch 5 taken 10 times.
✗ Branch 6 not taken.
|
10 | IntegerSanitizer() : InputSanitizer("09") { } |
| 102 | |||
| 103 | protected: | ||
| 104 | virtual bool Sanitize(std::string::const_iterator begin, | ||
| 105 | std::string::const_iterator end, | ||
| 106 | std::string *filtered_output) const; | ||
| 107 | }; | ||
| 108 | |||
| 109 | |||
| 110 | class PositiveIntegerSanitizer : public IntegerSanitizer { | ||
| 111 | public: | ||
| 112 | 1 | PositiveIntegerSanitizer() : IntegerSanitizer() { } | |
| 113 | |||
| 114 | protected: | ||
| 115 | virtual bool Sanitize(std::string::const_iterator begin, | ||
| 116 | std::string::const_iterator end, | ||
| 117 | std::string *filtered_output) const; | ||
| 118 | }; | ||
| 119 | |||
| 120 | |||
| 121 | /** | ||
| 122 | * Accepts both normal base64 and url conformant base64. | ||
| 123 | */ | ||
| 124 | class Base64Sanitizer : public InputSanitizer { | ||
| 125 | public: | ||
| 126 |
2/4✓ Branch 2 taken 1 times.
✗ Branch 3 not taken.
✓ Branch 5 taken 1 times.
✗ Branch 6 not taken.
|
1 | Base64Sanitizer() : InputSanitizer("az AZ 09 + / - _ =") { } |
| 127 | }; | ||
| 128 | |||
| 129 | /** | ||
| 130 | * There could be more on the whitelist but this is already sufficient for the | ||
| 131 | * octopus web service. It includes the whitelist for valid repositories. | ||
| 132 | */ | ||
| 133 | class UriSanitizer : public InputSanitizer { | ||
| 134 | public: | ||
| 135 | UriSanitizer() : InputSanitizer("az AZ 09 . - _ /") { } | ||
| 136 | }; | ||
| 137 | |||
| 138 | } // namespace sanitizer | ||
| 139 | |||
| 140 | #ifdef CVMFS_NAMESPACE_GUARD | ||
| 141 | } // namespace CVMFS_NAMESPACE_GUARD | ||
| 142 | #endif | ||
| 143 | |||
| 144 | #endif // CVMFS_SANITIZER_H_ | ||
| 145 |