forked from .cyb/cyberman
Separate record sanitisation tests
Patch submitted by verax on IRC, checked and committed by albino
This commit is contained in:
parent
f97a931d13
commit
d2499d551f
1
cpanfile
1
cpanfile
|
@ -10,7 +10,6 @@ requires "DBD::SQLite" => "0";
|
||||||
requires "HTML::Entities" => "0";
|
requires "HTML::Entities" => "0";
|
||||||
requires "Digest::Bcrypt" => "0";
|
requires "Digest::Bcrypt" => "0";
|
||||||
requires "Math::Random::Secure" => "0";
|
requires "Math::Random::Secure" => "0";
|
||||||
requires "Switch" => "0";
|
|
||||||
requires "Email::Simple" => "0";
|
requires "Email::Simple" => "0";
|
||||||
requires "Email::Simple::Creator" => "0";
|
requires "Email::Simple::Creator" => "0";
|
||||||
requires "Email::Sender::Simple" => "0";
|
requires "Email::Sender::Simple" => "0";
|
||||||
|
|
|
@ -2,7 +2,6 @@ package cyberman::Records;
|
||||||
|
|
||||||
use Dancer2 appname => "cyberman";
|
use Dancer2 appname => "cyberman";
|
||||||
use Dancer2::Plugin::Database;
|
use Dancer2::Plugin::Database;
|
||||||
use Switch;
|
|
||||||
|
|
||||||
use cyberman::Helper;
|
use cyberman::Helper;
|
||||||
|
|
||||||
|
@ -52,6 +51,31 @@ get '/domains/:name/records/add' => sub {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
my %tests = ( IN => {
|
||||||
|
# Tests return 1 on invalid value, 0 on valid
|
||||||
|
A => sub {
|
||||||
|
my $val_l = shift;
|
||||||
|
if ($val_l !~ m/^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\.|$)){4}$/) {
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
},
|
||||||
|
AAAA => sub {
|
||||||
|
my $val_l = shift;
|
||||||
|
if ($val_l !~ m/^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$/) {
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
},
|
||||||
|
NS => sub {
|
||||||
|
my $val_l = shift;
|
||||||
|
if ($val_l !~ m/^([a-zA-Z0-9]([a-zA-Z0-9-_]*[a-zA-Z0-9])?\.)+$/) {
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
},
|
||||||
|
});
|
||||||
|
|
||||||
post '/domains/:name/records/add' => sub {
|
post '/domains/:name/records/add' => sub {
|
||||||
my $domain = database->quick_select(
|
my $domain = database->quick_select(
|
||||||
"domain",
|
"domain",
|
||||||
|
@ -68,29 +92,10 @@ post '/domains/:name/records/add' => sub {
|
||||||
|
|
||||||
my %errs;
|
my %errs;
|
||||||
|
|
||||||
# tw overuse of regex
|
if ( ref($tests{param("type")}) == "CODE" ) {
|
||||||
|
$errs{"e_bad_value"} = 1 if &{$tests{IN}{param("type")}}(param("value"));
|
||||||
switch (param("type")) {
|
} else {
|
||||||
case "A" {
|
$errs{"e_bad_type"} = 1;
|
||||||
if (param("value") !~ m/^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\.|$)){4}$/) {
|
|
||||||
# here we go...
|
|
||||||
$errs{"e_bad_value"} = 1;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
case "AAAA" {
|
|
||||||
if (param("value") !~ m/^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$/) {
|
|
||||||
# I am sorry
|
|
||||||
$errs{"e_bad_value"} = 1;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
case "NS" {
|
|
||||||
if (param("value") !~ m/^([a-zA-Z0-9]([a-zA-Z0-9-_]*[a-zA-Z0-9])?\.)+$/) {
|
|
||||||
$errs{"e_bad_value"} = 1;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
$errs{"e_bad_type"} = 1;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (param("rname") !~ m/^(@|([a-zA-Z0-9]([a-zA-Z0-9-_]*[a-zA-Z0-9])?\.)*[a-zA-Z0-9]([a-zA-Z0-9-_]*[a-zA-Z0-9])?)$/) {
|
if (param("rname") !~ m/^(@|([a-zA-Z0-9]([a-zA-Z0-9-_]*[a-zA-Z0-9])?\.)*[a-zA-Z0-9]([a-zA-Z0-9-_]*[a-zA-Z0-9])?)$/) {
|
||||||
|
|
Loading…
Reference in New Issue