Mercurial > gemma
comparison pkg/models/common.go @ 5377:d19fdf3d2099 extented-report
Add a string type that allows only runes that are safe of directory traversal.
author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
---|---|
date | Thu, 24 Jun 2021 22:13:48 +0200 |
parents | 4847ac70103a |
children | 1222b777f51f |
comparison
equal
deleted
inserted
replaced
5376:e09e003948c7 | 5377:d19fdf3d2099 |
---|---|
16 import ( | 16 import ( |
17 "database/sql/driver" | 17 "database/sql/driver" |
18 "encoding/json" | 18 "encoding/json" |
19 "errors" | 19 "errors" |
20 "fmt" | 20 "fmt" |
21 "regexp" | |
21 "strings" | 22 "strings" |
22 "time" | 23 "time" |
23 | 24 |
24 "gemma.intevation.de/gemma/pkg/common" | 25 "gemma.intevation.de/gemma/pkg/common" |
25 ) | 26 ) |
38 | 39 |
39 // Country is a valid country 2 letter code. | 40 // Country is a valid country 2 letter code. |
40 Country string | 41 Country string |
41 // UniqueCountries is a list of unique countries. | 42 // UniqueCountries is a list of unique countries. |
42 UniqueCountries []Country | 43 UniqueCountries []Country |
44 | |
45 // SafePath should only contain chars that directory traversal safe. | |
46 SafePath string | |
43 ) | 47 ) |
44 | 48 |
45 func (d Date) MarshalJSON() ([]byte, error) { | 49 func (d Date) MarshalJSON() ([]byte, error) { |
46 return json.Marshal(d.Format(common.DateFormat)) | 50 return json.Marshal(d.Format(common.DateFormat)) |
47 } | 51 } |
147 } | 151 } |
148 b.WriteString(string(c)) | 152 b.WriteString(string(c)) |
149 } | 153 } |
150 return b.String() | 154 return b.String() |
151 } | 155 } |
156 | |
157 const SafePathExp = "[a-zA-Z0-9_-]+" | |
158 | |
159 var safePathRegExp = regexp.MustCompile("^" + SafePathExp + "$") | |
160 | |
161 func (sp SafePath) Valid() bool { | |
162 return safePathRegExp.MatchString(string(sp)) | |
163 } | |
164 | |
165 // UnmarshalJSON ensures that the given string only consist | |
166 // of runes that are directory traversal safe. | |
167 func (sp *SafePath) UnmarshalJSON(data []byte) error { | |
168 var s string | |
169 if err := json.Unmarshal(data, &s); err != nil { | |
170 return err | |
171 } | |
172 if c := SafePath(s); c.Valid() { | |
173 *sp = c | |
174 return nil | |
175 } | |
176 return fmt.Errorf("'%s' is not a safe path", s) | |
177 } |