From d2499d551f5b5bc9c904ff3cffaa17d7532658c7 Mon Sep 17 00:00:00 2001 From: verax Date: Sat, 19 Aug 2017 23:56:21 +0100 Subject: [PATCH] Separate record sanitisation tests Patch submitted by verax on IRC, checked and committed by albino --- cpanfile | 1 - lib/cyberman/Records.pm | 53 ++++++++++++++++++++++------------------- 2 files changed, 29 insertions(+), 25 deletions(-) diff --git a/cpanfile b/cpanfile index 9c8a9bc..df4a01a 100644 --- a/cpanfile +++ b/cpanfile @@ -10,7 +10,6 @@ requires "DBD::SQLite" => "0"; requires "HTML::Entities" => "0"; requires "Digest::Bcrypt" => "0"; requires "Math::Random::Secure" => "0"; -requires "Switch" => "0"; requires "Email::Simple" => "0"; requires "Email::Simple::Creator" => "0"; requires "Email::Sender::Simple" => "0"; diff --git a/lib/cyberman/Records.pm b/lib/cyberman/Records.pm index 929e8a3..f4f5a87 100644 --- a/lib/cyberman/Records.pm +++ b/lib/cyberman/Records.pm @@ -2,7 +2,6 @@ package cyberman::Records; use Dancer2 appname => "cyberman"; use Dancer2::Plugin::Database; -use Switch; use cyberman::Helper; @@ -52,6 +51,31 @@ get '/domains/:name/records/add' => sub { }; }; +my %tests = ( IN => { + # Tests return 1 on invalid value, 0 on valid + A => sub { + my $val_l = shift; + if ($val_l !~ m/^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\.|$)){4}$/) { + return 1; + } + return 0; + }, + AAAA => sub { + my $val_l = shift; + if ($val_l !~ m/^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$/) { + return 1; + } + return 0; + }, + NS => sub { + my $val_l = shift; + if ($val_l !~ m/^([a-zA-Z0-9]([a-zA-Z0-9-_]*[a-zA-Z0-9])?\.)+$/) { + return 1; + } + return 0; + }, +}); + post '/domains/:name/records/add' => sub { my $domain = database->quick_select( "domain", @@ -68,29 +92,10 @@ post '/domains/:name/records/add' => sub { my %errs; - # tw overuse of regex - - switch (param("type")) { - case "A" { - if (param("value") !~ m/^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\.|$)){4}$/) { - # here we go... - $errs{"e_bad_value"} = 1; - } - } - case "AAAA" { - if (param("value") !~ m/^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$/) { - # I am sorry - $errs{"e_bad_value"} = 1; - } - } - case "NS" { - if (param("value") !~ m/^([a-zA-Z0-9]([a-zA-Z0-9-_]*[a-zA-Z0-9])?\.)+$/) { - $errs{"e_bad_value"} = 1; - } - } - else { - $errs{"e_bad_type"} = 1; - } + if ( ref($tests{param("type")}) == "CODE" ) { + $errs{"e_bad_value"} = 1 if &{$tests{IN}{param("type")}}(param("value")); + } else { + $errs{"e_bad_type"} = 1; } if (param("rname") !~ m/^(@|([a-zA-Z0-9]([a-zA-Z0-9-_]*[a-zA-Z0-9])?\.)*[a-zA-Z0-9]([a-zA-Z0-9-_]*[a-zA-Z0-9])?)$/) {