Mercurial > gemma
changeset 5474:d71ebe576c76
FWA: Check if breaks are valid parameters. Send BadRequest back if they are not.
| author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
|---|---|
| date | Mon, 09 Aug 2021 22:08:01 +0200 |
| parents | 93af8d1ea09f |
| children | 791a372553a0 |
| files | pkg/controllers/fwa.go |
| diffstat | 1 files changed, 48 insertions(+), 23 deletions(-) [+] |
line wrap: on
line diff
--- a/pkg/controllers/fwa.go Tue Jul 20 18:54:35 2021 +0200 +++ b/pkg/controllers/fwa.go Mon Aug 09 22:08:01 2021 +0200 @@ -252,18 +252,26 @@ } // separate breaks for depth and width - var ( - breaks = parseBreaks(req.FormValue("breaks"), afdRefs) - depthBreaks = parseBreaks(req.FormValue("depthbreaks"), breaks) - widthBreaks = parseBreaks(req.FormValue("widthbreaks"), breaks) - chooseBreaks = [...][]float64{ - limitingDepth: depthBreaks, - limitingWidth: widthBreaks, - } + breaks, ok := parseBreaks(rw, req, "breaks", afdRefs) + if !ok { + return + } + depthBreaks, ok := parseBreaks(rw, req, "depthbreaks", breaks) + if !ok { + return + } + widthBreaks, ok := parseBreaks(rw, req, "widthbreaks", breaks) + if !ok { + return + } - useDepth = bns.hasLimiting(limitingDepth, from, to) - useWidth = bns.hasLimiting(limitingWidth, from, to) - ) + chooseBreaks := [...][]float64{ + limitingDepth: depthBreaks, + limitingWidth: widthBreaks, + } + + useDepth := bns.hasLimiting(limitingDepth, from, to) + useWidth := bns.hasLimiting(limitingWidth, from, to) if useDepth && useWidth && len(widthBreaks) != len(depthBreaks) { http.Error( @@ -384,12 +392,12 @@ } } - if min := minClass(bns[i].measurements.classify( + classes := bns[i].measurements.classify( current, next, chooseBreaks[vs.limiting], - limitingAccess[vs.limiting]), - 12*time.Hour, - ); min < lowest { + limitingAccess[vs.limiting]) + + if min := minClass(classes, 12*time.Hour); min < lowest { lowest = min } } @@ -488,25 +496,42 @@ } } -func breaksToReferenceValue(breaks string) []float64 { +func breaksToReferenceValue(breaks string) ([]float64, error) { parts := strings.Split(breaks, ",") var values []float64 for _, part := range parts { part = strings.TrimSpace(part) - if v, err := strconv.ParseFloat(part, 64); err == nil { - values = append(values, v) + v, err := strconv.ParseFloat(part, 64) + if err != nil { + return nil, err } + values = append(values, v) } - return common.DedupFloat64s(values) + return common.DedupFloat64s(values), nil } -func parseBreaks(breaks string, defaults []float64) []float64 { - if breaks != "" { - return breaksToReferenceValue(breaks) +func parseBreaks( + rw http.ResponseWriter, req *http.Request, + parameter string, + defaults []float64, +) ([]float64, bool) { + + breaks := strings.TrimSpace(req.FormValue(parameter)) + if breaks == "" { + return defaults, true } - return defaults + + defaults, err := breaksToReferenceValue(breaks) + if err != nil { + msg := fmt.Sprintf("Parameter '%s' is invalid: %s.", parameter, err) + log.Printf("error: %s\n", msg) + http.Error(rw, msg, http.StatusBadRequest) + return nil, false + } + + return defaults, true } func (tr *timeRange) intersects(from, to time.Time) bool {