Exemplo n.º 1
0
/* ****************************************************************************
*
* Entity::check - 
*/
std::string Entity::check(ConnectionInfo* ciP, RequestType requestType)
{
  if ((requestType == EntitiesRequest) && (id == ""))
  {
    return "No Entity ID";
  }

  if (forbiddenChars(id.c_str()))
  {
    LM_W(("Bad Input (found a forbidden character in the id of an entity"));
    return "Invalid characters in entity id";
  }

  if (forbiddenChars(type.c_str()))
  {
    LM_W(("Bad Input (found a forbidden character in the type of an entity"));
    return "Invalid characters in entity type";
  }

  if (forbiddenChars(isPattern.c_str()))
  {
    LM_W(("Bad Input (found a forbidden character in the pattern of an entity"));
    return "Invalid characters in entity isPattern";
  }

  return attributeVector.check(requestType, JSON, "", "", 0);
}
Exemplo n.º 2
0
/* ****************************************************************************
*
* treat -
*
* This is the function that actually treats a node, bu calling its treat function
* provided by src/lib/xmlRequest - the entry point of XML parsing.
*
* It simple compares the current path with the paths in the incoming vector 'parseVector'
* and if a hit is found calls the 'treat' function of that hit (the instance of the vector).
*
* If no hit is found it means that the path of the current XML node is unknown.
* This will result in either a 'PARSE ERROR' or thatthe node is part of a Compound.
*/
static bool treat(ConnectionInfo* ciP, xml_node<>* node, const std::string& path, XmlNode* parseVector, ParseData* parseDataP)
{
  for (unsigned int ix = 0; parseVector[ix].path != "LAST"; ++ix)
  {
    if (path == parseVector[ix].path)
    {
      int r;

      //
      // Before treating a node, a check is made that the value of the node has no forbidden
      // characters.
      // However, if the the node has attributes, then the values of the attributes are checked instead
      //
      if (node->first_attribute() == NULL)
      {
        if (forbiddenChars(node->value()) == true)
        {
          LM_E(("Found a forbidden value in '%s'", node->value()));
          ciP->httpStatusCode = SccBadRequest;
          ciP->answer = std::string("Illegal value for XML attribute");
          return true;
        }
      }
      else
      {
        for (xml_attribute<> *attr = node->first_attribute(); attr; attr = attr->next_attribute())
        {
          if (forbiddenChars(attr->value()) == true)
          {
            LM_E(("Found a forbidden value in attribute: '%s'", node->value()));
            ciP->httpStatusCode = SccBadRequest;
            ciP->answer = std::string("Illegal value for XML attribute");
            return true;
          }
        }
      }

      if ((r = parseVector[ix].treat(node, parseDataP)) != 0)
      {
        LM_W(("Bad Input (xml parse error %d)", r));
      }

      return true;  // Node has been treated
    }
  }

  return false;  // Node was not found in the parse vector
}
Exemplo n.º 3
0
/* ****************************************************************************
*
* urlCheck - 
*
* Returns 'true' if the URL is OK, 'false' otherwise.
* ciP->answer and ciP->httpStatusCode are set if an error is encountered.
*
*/
bool urlCheck(ConnectionInfo* ciP, const std::string& url)
{
  if (forbiddenChars(url.c_str()) == true)
  {
    OrionError error(SccBadRequest, "invalid character in URI");
    ciP->httpStatusCode = SccBadRequest;
    ciP->answer         = error.render(ciP->outFormat, "");

    return false;
  }

  return true;
}
Exemplo n.º 4
0
/* ****************************************************************************
*
* Entity::check - 
*/
std::string Entity::check(ConnectionInfo* ciP, RequestType requestType)
{
  ssize_t len;
  char errorMsg[128];

  if ((requestType == EntitiesRequest) && (id == ""))
  {
    return "No Entity ID";
  }

  if ( (len = strlen(id.c_str())) > MAX_ID_LEN)
  {
    snprintf(errorMsg, sizeof errorMsg, "entity id length: %zd, max length supported: %d", len, MAX_ID_LEN);
    alarmMgr.badInput(clientIp, errorMsg);
    return std::string(errorMsg);
  }

  if (forbiddenIdChars(ciP->apiVersion, id.c_str()))
  {
    alarmMgr.badInput(clientIp, "found a forbidden character in the id of an entity");
    return "Invalid characters in entity id";
  }

  if ( (len = strlen(type.c_str())) > MAX_ID_LEN)
  {
    snprintf(errorMsg, sizeof errorMsg, "entity type length: %zd, max length supported: %d", len, MAX_ID_LEN);
    alarmMgr.badInput(clientIp, errorMsg);
    return std::string(errorMsg);
  }

  if (ciP->apiVersion == "v2" && (len = strlen(type.c_str())) < MIN_ID_LEN)
  {
    snprintf(errorMsg, sizeof errorMsg, "entity type length: %zd, min length supported: %d", len, MIN_ID_LEN);
    alarmMgr.badInput(clientIp, errorMsg);
    return std::string(errorMsg);
  }

  if (forbiddenIdChars(ciP->apiVersion, type.c_str()))
  {
    alarmMgr.badInput(clientIp, "found a forbidden character in the type of an entity");
    return "Invalid characters in entity type";
  }

  if (forbiddenChars(isPattern.c_str()))
  {
    alarmMgr.badInput(clientIp, "found a forbidden character in the pattern of an entity");
    return "Invalid characters in entity isPattern";
  }

  return attributeVector.check(ciP, requestType, "", "", 0);
}
Exemplo n.º 5
0
/* ****************************************************************************
*
* Metadata::check -
*/
std::string Metadata::check
(
  RequestType         requestType,
  Format              format,
  const std::string&  indent,
  const std::string&  predetectedError,
  int                 counter
)
{
  if (name == "")
  {
    return "missing metadata name";
  }

  if (forbiddenChars(name.c_str()))   { return "Invalid characters in metadata name";  }
  if (forbiddenChars(type.c_str()))   { return "Invalid characters in metadata type";  }

  if (valueType == orion::ValueTypeString)
  {
    if (forbiddenChars(stringValue.c_str()))
    {
      return "Invalid characters in metadata value";
    }

    if ((stringValue == "") && (type != "Association"))
    {
      return "missing metadata value";
    }
  }


  if (type == "Association")
  {
     return association.check(requestType, format, indent, predetectedError, counter);
  }

  return "OK";
}
Exemplo n.º 6
0
/* ****************************************************************************
*
* urlCheck - check for forbidden characters and remove trailing slashes
*
* Returns 'true' if the URL is OK, 'false' otherwise.
* ciP->answer and ciP->httpStatusCode are set if an error is encountered.
*
*/
bool urlCheck(ConnectionInfo* ciP, const std::string& url)
{
  if (forbiddenChars(url.c_str()) == true)
  {
    OrionError error(SccBadRequest, "invalid character in URI");
    ciP->httpStatusCode = SccBadRequest;
    ciP->answer         = error.render(ciP->outFormat, "");

    return false;
  }

  //
  // Remove '/' at end of URL path
  //
  char* s = (char*) url.c_str();
  while (s[strlen(s) - 1] == '/')
  {
    s[strlen(s) - 1] = 0;
  }

  return true;
}
Exemplo n.º 7
0
/* ****************************************************************************
*
* uriArgumentGet - 
*/
static int uriArgumentGet(void* cbDataP, MHD_ValueKind kind, const char* ckey, const char* val)
{
  ConnectionInfo*  ciP   = (ConnectionInfo*) cbDataP;
  std::string      key   = ckey;
  std::string      value = (val == NULL)? "" : val;

  if (val == NULL || *val == 0)
  {
    OrionError error(SccBadRequest, std::string("Empty right-hand-side for URI param /") + ckey + "/");
    ciP->httpStatusCode = SccBadRequest;
    ciP->answer         = error.render(ciP, "");
    return MHD_YES;
  }

  if (key == URI_PARAM_PAGINATION_OFFSET)
  {
    char* cP = (char*) val;

    while (*cP != 0)
    {
      if ((*cP < '0') || (*cP > '9'))
      {
        OrionError error(SccBadRequest, std::string("Bad pagination offset: /") + value + "/ [must be a decimal number]");
        ciP->httpStatusCode = SccBadRequest;
        ciP->answer         = error.render(ciP, "");
        return MHD_YES;
      }

      ++cP;
    }
  }
  else if (key == URI_PARAM_PAGINATION_LIMIT)
  {
    char* cP = (char*) val;

    while (*cP != 0)
    {
      if ((*cP < '0') || (*cP > '9'))
      {
        OrionError error(SccBadRequest, std::string("Bad pagination limit: /") + value + "/ [must be a decimal number]");
        ciP->httpStatusCode = SccBadRequest;
        ciP->answer         = error.render(ciP, "");
        return MHD_YES;
      }

      ++cP;
    }

    int limit = atoi(val);
    if (limit > atoi(MAX_PAGINATION_LIMIT))
    {
      OrionError error(SccBadRequest, std::string("Bad pagination limit: /") + value + "/ [max: " + MAX_PAGINATION_LIMIT + "]");
      ciP->httpStatusCode = SccBadRequest;
      ciP->answer         = error.render(ciP, "");
      return MHD_YES;
    }
    else if (limit == 0)
    {
      OrionError error(SccBadRequest, std::string("Bad pagination limit: /") + value + "/ [a value of ZERO is unacceptable]");
      ciP->httpStatusCode = SccBadRequest;
      ciP->answer         = error.render(ciP, "");
      return MHD_YES;
    }
  }
  else if (key == URI_PARAM_PAGINATION_DETAILS)
  {
    if ((strcasecmp(value.c_str(), "on") != 0) && (strcasecmp(value.c_str(), "off") != 0))
    {
      OrionError error(SccBadRequest, std::string("Bad value for /details/: /") + value + "/ [accepted: /on/, /ON/, /off/, /OFF/. Default is /off/]");
      ciP->httpStatusCode = SccBadRequest;
      ciP->answer         = error.render(ciP, "");
      return MHD_YES;
    }
  }
  else if (key == URI_PARAM_ATTRIBUTES_FORMAT)
  {
    // If URI_PARAM_ATTRIBUTES_FORMAT used, set URI_PARAM_ATTRIBUTE_FORMAT as well
    ciP->uriParam[URI_PARAM_ATTRIBUTE_FORMAT] = value;
  }
  else if (key == URI_PARAM_ATTRIBUTE_FORMAT)
  {
    // If URI_PARAM_ATTRIBUTE_FORMAT used, set URI_PARAM_ATTRIBUTES_FORMAT as well
    ciP->uriParam[URI_PARAM_ATTRIBUTES_FORMAT] = value;
  }
  else if (key == URI_PARAM_OPTIONS)
  {
    ciP->uriParam[URI_PARAM_OPTIONS] = value;

    if (uriParamOptionsParse(ciP, val) != 0)
    {
      OrionError error(SccBadRequest, "Invalid value for URI param /options/");

      ciP->httpStatusCode = SccBadRequest;
      ciP->answer         = error.render(ciP, "");
    }
  }
  else if (key == URI_PARAM_TYPE)
  {
    ciP->uriParam[URI_PARAM_TYPE] = value;

    if (strstr(val, ","))  // More than ONE type?
    {
      uriParamTypesParse(ciP, val);
    }
    else
    {
      ciP->uriParamTypes.push_back(val);
    }
  }
  else if (key != URI_PARAM_Q)  // FIXME P1: possible more known options here ...
  {
    LM_T(LmtUriParams, ("Received unrecognized URI parameter: '%s'", key.c_str()));
  }

  if (val != NULL)
  {
    ciP->uriParam[key] = value;
  }
  else
  {
    ciP->uriParam[key] = "SET";
  }

  LM_T(LmtUriParams, ("URI parameter:   %s: %s", key.c_str(), ciP->uriParam[key].c_str()));

  //
  // Now check the URI param has no invalid characters
  // Except for the URI params 'q' and 'idPattern' that are not to be checked for invalid characters
  //
  // Another exception: 'geometry' and 'coords' has a relaxed check for forbidden characters that
  // doesn't check for '=' and ';' as those characters are part of the syntaxis for the parameters.
  //
  bool containsForbiddenChars = false;

  if ((key == "geometry") || (key == "georel"))
  {
    containsForbiddenChars = forbiddenChars(val, "=;");
  }
  else if (key == "coords")
  {
    containsForbiddenChars = forbiddenChars(val, ";");
  }
  else if ((key != "q") && (key != "idPattern"))
  {
    containsForbiddenChars = forbiddenChars(ckey) || forbiddenChars(val);
  }

  if (containsForbiddenChars == true)
  {
    std::string details = std::string("found a forbidden character in URI param '") + key + "'";
    OrionError error(SccBadRequest, "invalid character in URI parameter");

    alarmMgr.badInput(clientIp, details);

    ciP->httpStatusCode = SccBadRequest;
    ciP->answer         = error.render(ciP, "");
  }

  return MHD_YES;
}
Exemplo n.º 8
0
/* ****************************************************************************
*
* eatCompound - consume the compound tree
*
* Three types of tree nodes here (4 actually);
*   - toplevel node
*   - string
*   - object node
*   - vector node
*/
void eatCompound(ConnectionInfo* ciP, orion::CompoundValueNode* containerP, xml_node<>* node, const std::string& indent)
{
  if (containerP == NULL)  // toplevel
  {
    std::string xmlAttribute = xmlTypeAttributeGet(node);

    if (xmlAttribute == "vector")
    {
      containerP = new CompoundValueNode(orion::CompoundValueNode::Vector);
    }
    else if (xmlAttribute =="")
    {
      containerP = new CompoundValueNode(orion::CompoundValueNode::Object);
    }
    else
    {
      ciP->httpStatusCode = SccBadRequest;

      ciP->answer = std::string("Bad value for XML attribute /type/ for /") +
        node->name() + "/: " + xmlAttribute;

      LM_W(("Bad Input (%s)", ciP->answer.c_str()));

      return;
    }

    ciP->compoundValueRoot = containerP;
  }
  else
  {
    std::string value = wsStrip(node->value());
    std::string name  = wsStrip(node->name());

    if (value == "")   // Object OR Vector
    {
      std::string xmlAttribute = xmlTypeAttributeGet(node);

      if (xmlAttribute == "vector")
      {
        containerP = containerP->add(orion::CompoundValueNode::Vector, name);
      }
      else if (xmlAttribute == "")
      {
        containerP = containerP->add(orion::CompoundValueNode::Object, name);
      }
      else
      {
        ciP->httpStatusCode = SccBadRequest;
        ciP->answer = std::string("Bad value for XML attribute /type/ for /") + name + "/: " + xmlAttribute;
        LM_W(("Bad Input (%s)", ciP->answer.c_str()));

        return;
      }
    }
    else  // String
    {
      if (forbiddenChars(value.c_str()) == true)
      {
        LM_E(("Found a forbidden value in '%s'", value.c_str()));
        ciP->httpStatusCode = SccBadRequest;
        ciP->answer = std::string("Illegal value for XML attribute");
        return;
      }

      containerP->add(orion::CompoundValueNode::String, name, value);
    }
  }

  xml_node<>* child = node->first_node();
  while (child != NULL)
  {
    if (child->name()[0] != 0)
    {
      eatCompound(ciP, containerP, child, indent + "  ");
    }

    child = child->next_sibling();
  }
}