handle invalid chars
This commit is contained in:
@@ -62,7 +62,7 @@ private:
|
||||
void handle_put_set_value_by_name(auto &&req, auto &&res);
|
||||
|
||||
auto launch_process(provider_type prov, std::string_view name,
|
||||
std::string_view command, bool background = false) const
|
||||
std::string_view args, bool background = false) const
|
||||
-> std::vector<std::string>;
|
||||
};
|
||||
} // namespace repertory::ui
|
||||
|
||||
@@ -31,7 +31,12 @@
|
||||
#include "utils/path.hpp"
|
||||
#include "utils/string.hpp"
|
||||
|
||||
#include "boost/process.hpp"
|
||||
namespace {
|
||||
[[nodiscard]] constexpr auto is_restricted(std::string_view data) -> bool {
|
||||
constexpr std::string_view invalid_chars = "&;|><$()`{}!*?";
|
||||
return data.find_first_of(invalid_chars) != std::string_view::npos;
|
||||
}
|
||||
} // namespace
|
||||
|
||||
namespace repertory::ui {
|
||||
handlers::handlers(mgmt_app_config *config, httplib::Server *server)
|
||||
@@ -286,10 +291,17 @@ void handlers::handle_put_set_value_by_name(auto &&req, auto &&res) {
|
||||
}
|
||||
|
||||
auto handlers::launch_process(provider_type prov, std::string_view name,
|
||||
std::string_view command, bool background) const
|
||||
std::string_view args, bool background) const
|
||||
-> std::vector<std::string> {
|
||||
REPERTORY_USES_FUNCTION_NAME();
|
||||
|
||||
if (is_restricted(name) || is_restricted(args)) {
|
||||
throw utils::error::create_exception(function_name,
|
||||
{
|
||||
"invalid data detected",
|
||||
});
|
||||
}
|
||||
|
||||
std::string str_type;
|
||||
switch (prov) {
|
||||
case provider_type::encrypt:
|
||||
@@ -318,8 +330,7 @@ auto handlers::launch_process(provider_type prov, std::string_view name,
|
||||
});
|
||||
}
|
||||
|
||||
auto cmd_line =
|
||||
fmt::format(R"({} {} {})", repertory_binary_, str_type, command);
|
||||
auto cmd_line = fmt::format(R"({} {} {})", repertory_binary_, str_type, args);
|
||||
|
||||
if (background) {
|
||||
#if defined(_WIN32)
|
||||
|
||||
Reference in New Issue
Block a user