gemma: pkg/models/common.go comparison

Add a string type that allows only runes that are safe of directory traversal.

author	Sascha L. Teichmann <sascha.teichmann@intevation.de>
date	Thu, 24 Jun 2021 22:13:48 +0200
parents	4847ac70103a
children	1222b777f51f

comparison

equal deleted inserted replaced

-:e09e003948c7
+:d19fdf3d2099
 import (
 	"database/sql/driver"
 	"encoding/json"
 	"errors"
 	"fmt"
+	"regexp"
 	"strings"
 	"time"
 	"gemma.intevation.de/gemma/pkg/common"
 )
 	// Country is a valid country 2 letter code.
 	Country string
 	// UniqueCountries is a list of unique countries.
 	UniqueCountries []Country
+	// SafePath should only contain chars that directory traversal safe.
+	SafePath string
 )
 func (d Date) MarshalJSON() ([]byte, error) {
 	return json.Marshal(d.Format(common.DateFormat))
 }
 		}
 		b.WriteString(string(c))
 	}
 	return b.String()
 }
+const SafePathExp = "[a-zA-Z0-9_-]+"
+var safePathRegExp = regexp.MustCompile("^" + SafePathExp + "$")
+func (sp SafePath) Valid() bool {
+	return safePathRegExp.MatchString(string(sp))
+}
+// UnmarshalJSON ensures that the given string only consist
+// of runes that are directory traversal safe.
+func (sp *SafePath) UnmarshalJSON(data []byte) error {
+	var s string
+	if err := json.Unmarshal(data, &s); err != nil {
+		return err
+	}
+	if c := SafePath(s); c.Valid() {
+		*sp = c
+		return nil
+	}
+	return fmt.Errorf("'%s' is not a safe path", s)
+}

Mercurial > gemma