diff options
| author | Binbin <binloveplay1314@qq.com> | 2022-11-03 19:19:49 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-11-03 13:19:49 +0200 |
| commit | 8764611c8a28420b8c9827e87169b9c1bd4489c9 (patch) | |
| tree | 6a0f1d09714aba27f669a4117b4f205cb7c33052 /tests/modules | |
| parent | 7395e370e6969446cc32f94c81e2954a90fb9b8c (diff) | |
| download | redis-8764611c8a28420b8c9827e87169b9c1bd4489c9.tar.gz | |
Block some specific characters in module command names (#11434)
Today we don't place any specific restrictions on module command names.
This can cause ambiguous scenarios. For example, someone might name a
command like "module|feature" which would be incorrectly parsed by the
ACL system as a subcommand.
In this PR, we will block some chars that we know can mess things up.
Specifically ones that can appear ok at first and cause problems in some
cases (we rather surface the issue right away).
There are these characters:
* ` ` (space) - issues with old inline protocol.
* `\r`, `\n` (newline) - can mess up the protocol on acl error replies.
* `|` - sub-commands.
* `@` - ACL categories
* `=`, `,` - info and client list fields.
note that we decided to leave `:` out as it's handled by `getSafeInfoString`
and is more likely to already been used by existing modules.
Diffstat (limited to 'tests/modules')
| -rw-r--r-- | tests/modules/subcommands.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/tests/modules/subcommands.c b/tests/modules/subcommands.c index 3486e86b4..1b2bc5187 100644 --- a/tests/modules/subcommands.c +++ b/tests/modules/subcommands.c @@ -35,12 +35,23 @@ int RedisModule_OnLoad(RedisModuleCtx *ctx, RedisModuleString **argv, int argc) if (RedisModule_Init(ctx, "subcommands", 1, REDISMODULE_APIVER_1) == REDISMODULE_ERR) return REDISMODULE_ERR; + /* Module command names cannot contain special characters. */ + RedisModule_Assert(RedisModule_CreateCommand(ctx,"subcommands.char\r",NULL,"",0,0,0) == REDISMODULE_ERR); + RedisModule_Assert(RedisModule_CreateCommand(ctx,"subcommands.char\n",NULL,"",0,0,0) == REDISMODULE_ERR); + RedisModule_Assert(RedisModule_CreateCommand(ctx,"subcommands.char ",NULL,"",0,0,0) == REDISMODULE_ERR); + if (RedisModule_CreateCommand(ctx,"subcommands.bitarray",NULL,"",0,0,0) == REDISMODULE_ERR) return REDISMODULE_ERR; RedisModuleCommand *parent = RedisModule_GetCommand(ctx,"subcommands.bitarray"); if (RedisModule_CreateSubcommand(parent,"set",cmd_set,"",0,0,0) == REDISMODULE_ERR) return REDISMODULE_ERR; + + /* Module subcommand names cannot contain special characters. */ + RedisModule_Assert(RedisModule_CreateSubcommand(parent,"char|",cmd_set,"",0,0,0) == REDISMODULE_ERR); + RedisModule_Assert(RedisModule_CreateSubcommand(parent,"char@",cmd_set,"",0,0,0) == REDISMODULE_ERR); + RedisModule_Assert(RedisModule_CreateSubcommand(parent,"char=",cmd_set,"",0,0,0) == REDISMODULE_ERR); + RedisModuleCommand *subcmd = RedisModule_GetCommand(ctx,"subcommands.bitarray|set"); RedisModuleCommandInfo cmd_set_info = { .version = REDISMODULE_COMMAND_INFO_VERSION, |