oci/zeronet
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use SafeRe to match user defined patterns in content.json

Browse source
This commit is contained in:
shortcutme 2017-07-14 10:34:18 +02:00
parent bf41c7b651
commit c069d4f67c
No known key found for this signature in database
GPG key ID: 5B63BAE6CB9613AE
1 changed files with 8 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
src/Content/ContentManager.py
View file

@ -11,6 +11,7 @@ from Crypt import CryptHash
from Config import config from Config import config
from util import helper from util import helper
from util import Diff from util import Diff
from util import SafeRe
from Peer import PeerHashfield from Peer import PeerHashfield
from ContentDbDict import ContentDbDict from ContentDbDict import ContentDbDict
@ -408,7 +409,7 @@ class ContentManager(object):
if "signers" in rules: if "signers" in rules:
rules["signers"] = rules["signers"][:] # Make copy of the signers rules["signers"] = rules["signers"][:] # Make copy of the signers
for permission_pattern, permission_rules in user_contents["permission_rules"].items(): # Regexp rules for permission_pattern, permission_rules in user_contents["permission_rules"].items(): # Regexp rules
if not re.match(permission_pattern, user_urn): if not SafeRe.match(permission_pattern, user_urn):
continue # Rule is not valid for user continue # Rule is not valid for user
# Update rules if its better than current recorded ones # Update rules if its better than current recorded ones
for key, val in permission_rules.iteritems(): for key, val in permission_rules.iteritems():
@ -483,13 +484,13 @@ class ContentManager(object):
elif len(relative_path) > 255: elif len(relative_path) > 255:
return False return False
else: else:
return re.match("^[a-z\[\]\(\) A-Z0-9_@=\.\+-/]*$", relative_path) return re.match("^[a-z\[\]\(\) A-Z0-9_@=\.\+-/]+$", relative_path)
# Hash files in directory # Hash files in directory
def hashFiles(self, dir_inner_path, ignore_pattern=None, optional_pattern=None): def hashFiles(self, dir_inner_path, ignore_pattern=None, optional_pattern=None):
files_node = {} files_node = {}
files_optional_node = {} files_optional_node = {}
if not self.isValidRelativePath(dir_inner_path): if dir_inner_path and not self.isValidRelativePath(dir_inner_path):
ignored = True ignored = True
self.log.error("- [ERROR] Only ascii encoded directories allowed: %s" % dir_inner_path) self.log.error("- [ERROR] Only ascii encoded directories allowed: %s" % dir_inner_path)
@ -499,14 +500,14 @@ class ContentManager(object):
ignored = optional = False ignored = optional = False
if file_name == "content.json": if file_name == "content.json":
ignored = True ignored = True
elif ignore_pattern and re.match(ignore_pattern, file_relative_path): elif ignore_pattern and SafeRe.match(ignore_pattern, file_relative_path):
ignored = True ignored = True
elif file_name.startswith(".") or file_name.endswith("-old") or file_name.endswith("-new"): elif file_name.startswith(".") or file_name.endswith("-old") or file_name.endswith("-new"):
ignored = True ignored = True
elif not self.isValidRelativePath(file_relative_path): elif not self.isValidRelativePath(file_relative_path):
ignored = True ignored = True
self.log.error("- [ERROR] Invalid filename: %s" % file_relative_path) self.log.error("- [ERROR] Invalid filename: %s" % file_relative_path)
elif optional_pattern and re.match(optional_pattern, file_relative_path): elif optional_pattern and SafeRe.match(optional_pattern, file_relative_path):
optional = True optional = True
if ignored: # Ignore content.json, defined regexp and files starting with . if ignored: # Ignore content.json, defined regexp and files starting with .
@ -769,12 +770,12 @@ class ContentManager(object):
# Filename limit # Filename limit
if rules.get("files_allowed"): if rules.get("files_allowed"):
for file_inner_path in content["files"].keys(): for file_inner_path in content["files"].keys():
if not re.match("^%s$" % rules["files_allowed"], file_inner_path): if not SafeRe.match("^%s$" % rules["files_allowed"], file_inner_path):
raise VerifyError("File not allowed: %s" % file_inner_path) raise VerifyError("File not allowed: %s" % file_inner_path)
if rules.get("files_allowed_optional"): if rules.get("files_allowed_optional"):
for file_inner_path in content.get("files_optional", {}).keys(): for file_inner_path in content.get("files_optional", {}).keys():
if not re.match("^%s$" % rules["files_allowed_optional"], file_inner_path): if not SafeRe.match("^%s$" % rules["files_allowed_optional"], file_inner_path):
raise VerifyError("Optional file not allowed: %s" % file_inner_path) raise VerifyError("Optional file not allowed: %s" % file_inner_path)
# Check if content includes allowed # Check if content includes allowed