diff options
| author | JackLivio <jack@livio.io> | 2017-08-08 15:11:01 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-08-08 15:11:01 -0400 |
| commit | e5466470e2affa1ab4d65ddc2362f4152bb6c910 (patch) | |
| tree | 799db4e7318366f933ef7d8cb3b1897256363c87 /src | |
| parent | 17a08c54f983b8b0e5bff882dcca915fcf898750 (diff) | |
| parent | f050b8f14ed2f3e048d7a4a0b2f1c424255649ac (diff) | |
| download | sdl_core-e5466470e2affa1ab4d65ddc2362f4152bb6c910.tar.gz | |
Merge pull request #1613 from AKalinich-Luxoft/fix/fix_rpc_filename_with_slash
Fix RPC response in case filename contains forbidden symbols
Diffstat (limited to 'src')
6 files changed, 51 insertions, 0 deletions
diff --git a/src/components/application_manager/src/commands/mobile/delete_file_request.cc b/src/components/application_manager/src/commands/mobile/delete_file_request.cc index 31ca29cb51..984c7a1725 100644 --- a/src/components/application_manager/src/commands/mobile/delete_file_request.cc +++ b/src/components/application_manager/src/commands/mobile/delete_file_request.cc @@ -73,6 +73,13 @@ void DeleteFileRequest::Run() { const std::string& sync_file_name = (*message_)[strings::msg_params][strings::sync_file_name].asString(); + if (!file_system::IsFileNameValid(sync_file_name)) { + const std::string err_msg = "Sync file name contains forbidden symbols."; + LOG4CXX_ERROR(logger_, err_msg); + SendResponse(false, mobile_apis::Result::INVALID_DATA, err_msg.c_str()); + return; + } + std::string full_file_path = application_manager_.get_settings().app_storage_folder() + "/"; full_file_path += application->folder_name(); diff --git a/src/components/application_manager/src/commands/mobile/put_file_request.cc b/src/components/application_manager/src/commands/mobile/put_file_request.cc index 68e7ad60d1..602b420ba0 100644 --- a/src/components/application_manager/src/commands/mobile/put_file_request.cc +++ b/src/components/application_manager/src/commands/mobile/put_file_request.cc @@ -110,6 +110,17 @@ void PutFileRequest::Run() { } sync_file_name_ = (*message_)[strings::msg_params][strings::sync_file_name].asString(); + + if (!file_system::IsFileNameValid(sync_file_name_)) { + const std::string err_msg = "Sync file name contains forbidden symbols."; + LOG4CXX_ERROR(logger_, err_msg); + SendResponse(false, + mobile_apis::Result::INVALID_DATA, + err_msg.c_str(), + &response_params); + return; + } + file_type_ = static_cast<mobile_apis::FileType::eType>( (*message_)[strings::msg_params][strings::file_type].asInt()); const std::vector<uint8_t> binary_data = diff --git a/src/components/application_manager/src/commands/mobile/set_app_icon_request.cc b/src/components/application_manager/src/commands/mobile/set_app_icon_request.cc index 5d70a2fb5b..8a595ee564 100644 --- a/src/components/application_manager/src/commands/mobile/set_app_icon_request.cc +++ b/src/components/application_manager/src/commands/mobile/set_app_icon_request.cc @@ -71,6 +71,13 @@ void SetAppIconRequest::Run() { const std::string& sync_file_name = (*message_)[strings::msg_params][strings::sync_file_name].asString(); + if (!file_system::IsFileNameValid(sync_file_name)) { + const std::string err_msg = "Sync file name contains forbidden symbols."; + LOG4CXX_ERROR(logger_, err_msg); + SendResponse(false, mobile_apis::Result::INVALID_DATA, err_msg.c_str()); + return; + } + std::string full_file_path = application_manager_.get_settings().app_storage_folder() + "/"; full_file_path += app->folder_name(); diff --git a/src/components/application_manager/src/commands/mobile/system_request.cc b/src/components/application_manager/src/commands/mobile/system_request.cc index 0d3334a1a1..e4706441ef 100644 --- a/src/components/application_manager/src/commands/mobile/system_request.cc +++ b/src/components/application_manager/src/commands/mobile/system_request.cc @@ -467,6 +467,20 @@ void SystemRequest::Run() { file_name = kSYNC; } + if (!CheckSyntax(file_name)) { + LOG4CXX_ERROR(logger_, + "Incoming request contains \t\n \\t \\n or whitespace"); + SendResponse(false, mobile_apis::Result::INVALID_DATA); + return; + } + + if (!file_system::IsFileNameValid(file_name)) { + const std::string err_msg = "Sync file name contains forbidden symbols."; + LOG4CXX_ERROR(logger_, err_msg); + SendResponse(false, mobile_apis::Result::INVALID_DATA, err_msg.c_str()); + return; + } + bool is_system_file = std::string::npos != file_name.find(kSYNC) || std::string::npos != file_name.find(kIVSU); diff --git a/src/components/utils/include/utils/file_system.h b/src/components/utils/include/utils/file_system.h index 5862241c9c..a46135a47b 100644 --- a/src/components/utils/include/utils/file_system.h +++ b/src/components/utils/include/utils/file_system.h @@ -153,6 +153,14 @@ std::string CurrentWorkingDirectory(); std::string GetAbsolutePath(const std::string& path); /** + * @brief Checks if file name contains invalid symbols e.g. '/' + * @param file_name file name to check + * @return true if file name does not contain any invalid symbol otherwise + * returns false + */ +bool IsFileNameValid(const std::string& file_name); + +/** * @brief Removes file * * @param name path to file diff --git a/src/components/utils/src/file_system.cc b/src/components/utils/src/file_system.cc index 947b5b090a..d31582c8e1 100644 --- a/src/components/utils/src/file_system.cc +++ b/src/components/utils/src/file_system.cc @@ -231,6 +231,10 @@ std::string file_system::GetAbsolutePath(const std::string& path) { return std::string(abs_path); } +bool file_system::IsFileNameValid(const std::string& file_name) { + return file_name.end() == std::find(file_name.begin(), file_name.end(), '/'); +} + bool file_system::DeleteFile(const std::string& name) { if (FileExists(name) && IsAccessible(name, W_OK)) { return !remove(name.c_str()); |