Yuvipanda has submitted this change and it was merged. Change subject: Don't allow creation of invalid domains ......................................................................
Don't allow creation of invalid domains Bug: T69927 Change-Id: I1b8fb8f075ce54e031bdb863155788205153cd86 --- M invisible_unicorn/api.py 1 file changed, 17 insertions(+), 0 deletions(-) Approvals: Andrew Bogott: Looks good to me, but someone else must approve Yuvipanda: Verified; Looks good to me, approved diff --git a/invisible_unicorn/api.py b/invisible_unicorn/api.py index b185f4f..892e052 100644 --- a/invisible_unicorn/api.py +++ b/invisible_unicorn/api.py @@ -28,6 +28,7 @@ API is meant to be used by Wikitech only, and nothing else""" import flask import redis +import re from flask.ext.sqlalchemy import SQLAlchemy @@ -100,6 +101,18 @@ redis_store = RedisStore(redis.Redis()) +def is_valid_domain(hostname): + """ + Credit for this function goes to Tim Pietzcker and other StackOverflow contributors + See https://stackoverflow.com/a/2532344 + """ + if len(hostname) > 255: + return False + if hostname[-1] == ".": + hostname = hostname[:-1] # strip exactly one dot from the right, if present + allowed = re.compile("(?!-)[A-Z\d-]{1,63}(?<!-)$", re.IGNORECASE) + return all(allowed.match(x) for x in hostname.split(".")) + @app.route('/v1/<project_name>/mapping', methods=['GET']) def all_mappings(project_name): project = Project.query.filter_by(name=project_name).first() @@ -120,6 +133,8 @@ if 'domain' not in data or 'backends' not in data or not isinstance(data['backends'], list): return "Valid JSON but invalid format. Needs domain string and backends array" domain = data['domain'] + if not is_valid_domain(domain): + return "Invalid domain", 400 backend_urls = data['backends'] project = Project.query.filter_by(name=project_name).first() @@ -193,6 +208,8 @@ return "Valid JSON but invalid format. Needs domain string and backends array", 400 new_domain = data['domain'] + if not is_valid_domain(new_domain): + return "Invalid domain", 400 backend_urls = data['backends'] if route.domain != new_domain: -- To view, visit https://gerrit.wikimedia.org/r/245200 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I1b8fb8f075ce54e031bdb863155788205153cd86 Gerrit-PatchSet: 1 Gerrit-Project: labs/invisible-unicorn Gerrit-Branch: master Gerrit-Owner: Alex Monk <[email protected]> Gerrit-Reviewer: Alex Monk <[email protected]> Gerrit-Reviewer: Andrew Bogott <[email protected]> Gerrit-Reviewer: Yuvipanda <[email protected]> _______________________________________________ MediaWiki-commits mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
