Skip to content

Commit

Permalink
Merge pull request #35 from apinf/hardening/3109_remove_payload_word_…
Browse files Browse the repository at this point in the history 
…part_2

Hardening/3109 remove payload word part 2
  • Loading branch information
@kzangeli
kzangeli authored Aug 9, 2018
2 parents 0a1d6d7 + 4dfd0c0 commit b4b1018
Show file tree
Hide file tree
Showing 18 changed files with 549 additions and 513 deletions.
2 changes: 1 addition & 1 deletion src/app/contextBroker/orionRestServices.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -510,7 +510,7 @@ static RestService badVerbV[] =
{ InvalidRequest, 2, { "ngsi9", "*" }, badNgsi9Request },
{ InvalidRequest, 2, { "ngsi10", "*" }, badNgsi10Request },
{ InvalidRequest, 0, { "*", "*", "*", "*", "*", "*" }, badRequest },
{ InvalidRequest, 0, { }, NULL },
{ InvalidRequest, 0, { }, badRequest },

ORION_REST_SERVICE_END
};
Expand Down
2 changes: 1 addition & 1 deletion src/lib/common/errorMessages.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@

#define ERROR_PARSE "ParseError"
#define ERROR_DESC_PARSE "Errors found in incoming JSON buffer"

#define SERVICE_NOT_FOUND "service not found"
#define ERROR_BAD_REQUEST "BadRequest"
#define ERROR_DESC_BAD_REQUEST_INVALID_CHAR_URI "invalid character in URI"
#define ERROR_DESC_BAD_REQUEST_EMPTY_ENTITY_ID "entity id length: 0, min length supported: " STR(MIN_ID_LEN)
Expand Down
18 changes: 16 additions & 2 deletions src/lib/common/string.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -161,8 +161,13 @@ bool getIPv6Port(const std::string& in, std::string& outIp, std::string& outPort
/* ****************************************************************************
*
* stringSplit -
*
* the parameter 'skipLastComponentIfEmpty', if TRUE is meant for url parsing.
* Without this parameter set to TRUE, the URL path "/v2/entities/" that clearly has 2 components,
+ would be interpreted as THREE components; "v2", "entities" and "" (the empty string that comes after the last "/".
+ this is, called with a delimiter of '/', of course.
*/
int stringSplit(const std::string& in, char delimiter, std::vector<std::string>& outV)
int stringSplit(const std::string& in, char delimiter, std::vector<std::string>& outV, bool skipLastComponentIfEmpty)
{
char* s = strdup(in.c_str());
char* toFree = s;
Expand Down Expand Up @@ -197,10 +202,19 @@ int stringSplit(const std::string& in, char delimiter, std::vector<std::string>&
++s;
}


// 4. pick up all components
for (int ix = 0; ix < components; ix++)
{
// is last component empty?
if (skipLastComponentIfEmpty == true)
{
if ((ix == components - 1) && (*start == 0))
{
components -= 1;
break;
}
}

outV.push_back(start);
start = &start[strlen(start) + 1];
}
Expand Down
2 changes: 1 addition & 1 deletion src/lib/common/string.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ extern bool isIPv6(const std::string& in);
*
* stringSplit -
*/
extern int stringSplit(const std::string& in, char delimiter, std::vector<std::string>& outV);
extern int stringSplit(const std::string& in, char delimiter, std::vector<std::string>& outV, bool skipLastComponentIfEmpty = false);



Expand Down
5 changes: 2 additions & 3 deletions src/lib/jsonParse/jsonRequest.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -198,14 +198,13 @@ std::string jsonTreat

if (reqP == NULL)
{
std::string details = std::string("Sorry, no request treating object found for RequestType /") + requestType(request) + "/";
std::string errorReply;
char reqTypeV[STRING_SIZE_FOR_INT];

restErrorReplyGet(ciP, SccBadRequest, details, &errorReply);
restErrorReplyGet(ciP, SccBadRequest, SERVICE_NOT_FOUND, &errorReply);
snprintf(reqTypeV, sizeof(reqTypeV), "%d", request);

details = std::string("no request treating object found for RequestType ") + reqTypeV + " (" + requestType(request) + ")";
std::string details = std::string("no request treating object found for RequestType ") + reqTypeV + " (" + requestType(request) + ")";
alarmMgr.badInput(clientIp, details);

return errorReply;
Expand Down
15 changes: 14 additions & 1 deletion src/lib/rest/ConnectionInfo.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
#include <stdint.h>
#include <time.h>
#include <sys/time.h>

#include <string>
#include <vector>
#include <map>
Expand Down Expand Up @@ -64,6 +65,7 @@ class ConnectionInfo
ConnectionInfo():
connection (NULL),
verb (NOVERB),
badVerb (false),
inMimeType (JSON),
outMimeType (JSON),
tenant (""),
Expand All @@ -85,6 +87,7 @@ class ConnectionInfo
ConnectionInfo(MimeType _outMimeType):
connection (NULL),
verb (NOVERB),
badVerb (false),
inMimeType (JSON),
outMimeType (_outMimeType),
tenant (""),
Expand All @@ -106,6 +109,7 @@ class ConnectionInfo
ConnectionInfo(std::string _url, std::string _method, std::string _version, MHD_Connection* _connection = NULL):
connection (_connection),
verb (NOVERB),
badVerb (false),
inMimeType (JSON),
outMimeType (JSON),
url (_url),
Expand All @@ -132,23 +136,32 @@ class ConnectionInfo
else if (_method == "DELETE") verb = DELETE;
else if (_method == "PATCH") verb = PATCH;
else if (_method == "OPTIONS") verb = OPTIONS;
else verb = NOVERB;
else
{
badVerb = true;
verb = NOVERB;
}
}

~ConnectionInfo()
{
if (compoundValueRoot != NULL)
{
delete compoundValueRoot;
}

servicePathV.clear();
httpHeaders.release();
}

MHD_Connection* connection;
Verb verb;
bool badVerb;
MimeType inMimeType;
MimeType outMimeType;
std::string url;
int urlComponents;
std::vector<std::string> urlCompV;
std::string method;
std::string version;
std::string charset;
Expand Down
Loading

0 comments on commit b4b1018

Please sign in to comment.