BlockStorage/repertory
1
0
Fork 0
Code Issues 9 Pull Requests Releases 7 Wiki Activity

handle invalid chars
Some checks reported errors
BlockStorage/repertory/pipeline/head Build started...
Details
BlockStorage/repertory/pipeline/pr-v2.0.5-rc-develop Something is wrong with the build of this commit
Details

Browse Source
This commit is contained in:
Scott E. Graves
2025-03-03 19:49:27 -06:00
parent f1bf4f961b
commit eeec1969ba
2 changed files with 16 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
repertory/repertory/include/ui/handlers.hpp
View File

@@ -62,7 +62,7 @@ private:
void handle_put_set_value_by_name(auto &&req, auto &&res); void handle_put_set_value_by_name(auto &&req, auto &&res);
auto launch_process(provider_type prov, std::string_view name, auto launch_process(provider_type prov, std::string_view name,
std::string_view command, bool background = false) const std::string_view args, bool background = false) const
-> std::vector<std::string>; -> std::vector<std::string>;
}; };
} // namespace repertory::ui } // namespace repertory::ui

19
repertory/repertory/src/ui/handlers.cpp
View File

@@ -31,7 +31,12 @@
#include "utils/path.hpp" #include "utils/path.hpp"
#include "utils/string.hpp" #include "utils/string.hpp"
#include "boost/process.hpp" namespace {
[[nodiscard]] constexpr auto is_restricted(std::string_view data) -> bool {
constexpr std::string_view invalid_chars = "&;|><$()`{}!*?";
return data.find_first_of(invalid_chars) != std::string_view::npos;
}
} // namespace
namespace repertory::ui { namespace repertory::ui {
handlers::handlers(mgmt_app_config *config, httplib::Server *server) handlers::handlers(mgmt_app_config *config, httplib::Server *server)
@@ -286,10 +291,17 @@ void handlers::handle_put_set_value_by_name(auto &&req, auto &&res) {
} }
auto handlers::launch_process(provider_type prov, std::string_view name, auto handlers::launch_process(provider_type prov, std::string_view name,
std::string_view command, bool background) const std::string_view args, bool background) const
-> std::vector<std::string> { -> std::vector<std::string> {
REPERTORY_USES_FUNCTION_NAME(); REPERTORY_USES_FUNCTION_NAME();
if (is_restricted(name) || is_restricted(args)) {
throw utils::error::create_exception(function_name,
{
"invalid data detected",
});
}
std::string str_type; std::string str_type;
switch (prov) { switch (prov) {
case provider_type::encrypt: case provider_type::encrypt:
@@ -318,8 +330,7 @@ auto handlers::launch_process(provider_type prov, std::string_view name,
}); });
} }
auto cmd_line = auto cmd_line = fmt::format(R"({} {} {})", repertory_binary_, str_type, args);
fmt::format(R"({} {} {})", repertory_binary_, str_type, command);
if (background) { if (background) {
#if defined(_WIN32) #if defined(_WIN32)