mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-24 04:57:00 +01:00
Code Issues Actions 10 Packages Projects Releases Wiki Activity

Improve unicode control character detection (#1539)

Browse source
This commit is contained in:
Firstyear 2023-04-12 15:53:02 +10:00 committed by GitHub
parent 579de69693
commit 68b8bf71fb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 26 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
Cargo.lock generated
View file

@ -2453,6 +2453,7 @@ dependencies = [
"toml", "toml",
"touch", "touch",
"tracing", "tracing",
"unicode-general-category",
"url", "url",
"urlencoding", "urlencoding",
"users", "users",
@ -4782,6 +4783,12 @@ version = "0.3.10"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d54675592c1dbefd78cbd98db9bacd89886e1ca50692a0692baefffdeb92dd58" checksum = "d54675592c1dbefd78cbd98db9bacd89886e1ca50692a0692baefffdeb92dd58"
[[package]]
name = "unicode-general-category"
version = "0.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2281c8c1d221438e373249e065ca4989c4c36952c211ff21a0ee91c44a3869e7"
[[package]] [[package]]
name = "unicode-ident" name = "unicode-ident"
version = "1.0.6" version = "1.0.6"

1
Cargo.toml
View file

@ -152,6 +152,7 @@ tracing-subscriber = { version = "^0.3.16", features = ["env-filter"] }
# tracing-forest = { path = "/Users/william/development/tracing-forest/tracing-forest" } # tracing-forest = { path = "/Users/william/development/tracing-forest/tracing-forest" }
tracing-forest = { git = "https://github.com/QnnOkabayashi/tracing-forest.git", rev = "77daf8c8abf010b87d45ece2bf656983c6f8cecb" } tracing-forest = { git = "https://github.com/QnnOkabayashi/tracing-forest.git", rev = "77daf8c8abf010b87d45ece2bf656983c6f8cecb" }
unicode-general-category = "0.6.0"
url = "^2.3.1" url = "^2.3.1"
urlencoding = "2.1.2" urlencoding = "2.1.2"
users = "^0.11.0" users = "^0.11.0"

1
server/lib/Cargo.toml
View file

@ -63,6 +63,7 @@ nonempty = { workspace = true, features = ["serialize"] }
tracing = { workspace = true, features = ["attributes"] } tracing = { workspace = true, features = ["attributes"] }
unicode-general-category.workspace = true
url = { workspace = true, features = ["serde"] } url = { workspace = true, features = ["serde"] }
urlencoding.workspace = true urlencoding.workspace = true
uuid = { workspace = true, features = ["serde", "v4" ] } uuid = { workspace = true, features = ["serde", "v4" ] }

32
server/lib/src/value.rs
View file

@ -76,12 +76,6 @@ lazy_static! {
#[allow(clippy::expect_used)] #[allow(clippy::expect_used)]
Regex::new("[\n\r\t]").expect("Invalid singleline regex found") Regex::new("[\n\r\t]").expect("Invalid singleline regex found")
}; };
pub static ref ESCAPES_RE: Regex = {
#[allow(clippy::expect_used)]
Regex::new(r"\x1b\[([\x30-\x3f]*[\x20-\x2f]*[\x40-\x7e])")
.expect("Invalid escapes regex found")
};
} }
#[derive(Debug, Clone, PartialOrd, Ord, Eq, PartialEq, Hash)] #[derive(Debug, Clone, PartialOrd, Ord, Eq, PartialEq, Hash)]
@ -1701,15 +1695,23 @@ impl Value {
pub(crate) fn validate_str_escapes(s: &str) -> bool { pub(crate) fn validate_str_escapes(s: &str) -> bool {
// Look for and prevent certain types of string escapes and injections. // Look for and prevent certain types of string escapes and injections.
if !ESCAPES_RE.is_match(s) { // Formerly checked with
true /*
} else { pub static ref ESCAPES_RE: Regex = {
warn!( #[allow(clippy::expect_used)]
"value contains invalid escape chars forbidden by \"{}\"", Regex::new(r"\x1b\[([\x30-\x3f]*[\x20-\x2f]*[\x40-\x7e])")
*ESCAPES_RE .expect("Invalid escapes regex found")
); };
false */
} use unicode_general_category::{get_general_category, GeneralCategory};
s.chars().all(|c| match get_general_category(c) {
GeneralCategory::Control => {
warn!("value contains invalid unicode control character",);
false
}
_ => true,
})
} }
} }