Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

feat(general): Reject non http/https in help_link #192

Merged
merged 2 commits into from
Apr 5, 2019
Merged

feat(general): Reject non http/https in help_link #192

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e2a2c31
feat(general): Reject non http/https in help_link
mitsuhiko Apr 5, 2019
2d162ff
ref: fmt
mitsuhiko Apr 5, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion general/src/store/normalize.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -269,10 +269,12 @@ impl<'a> NormalizeProcessor<'a> {
// the operating system version the event was generated on. Some
// normalization still works without sdk_info, such as mach_exception
// names (they can only occur on macOS).
//
// We also want to validate some other aspects of it.
for exception in exceptions {
if let Some(exception) = exception.value_mut() {
if let Some(mechanism) = exception.mechanism.value_mut() {
mechanism::normalize_mechanism_meta(mechanism, os_hint);
mechanism::normalize_mechanism(mechanism, os_hint);
}
}
}
Expand Down
80 changes: 67 additions & 13 deletions general/src/store/normalize/mechanism.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
use crate::protocol::{Context, ContextInner, Event, Mechanism};
use crate::types::Annotated;
use crate::types::{Annotated, Error, ValueAction};

#[cfg(test)]
use crate::protocol::{CError, MachException, MechanismMeta, PosixSignal};
Expand Down Expand Up @@ -595,7 +595,16 @@ impl OsHint {
}

/// Normalizes the exception mechanism in place.
pub fn normalize_mechanism_meta(mechanism: &mut Mechanism, os_hint: Option<OsHint>) {
pub fn normalize_mechanism(mechanism: &mut Mechanism, os_hint: Option<OsHint>) {
mechanism.help_link.apply(|value, meta| {
if value.starts_with("http://") || value.starts_with("https://") {
ValueAction::Keep
} else {
meta.add_error(Error::expected("http URL"));
ValueAction::DeleteSoft
}
});

let meta = match mechanism.meta.value_mut() {
Some(meta) => meta,
None => return,
Expand Down Expand Up @@ -651,7 +660,7 @@ fn test_normalize_missing() {

let old_mechanism = mechanism.clone();

normalize_mechanism_meta(&mut mechanism, None);
normalize_mechanism(&mut mechanism, None);

assert_eq!(mechanism, old_mechanism);
}
Expand All @@ -670,7 +679,7 @@ fn test_normalize_errno() {
..Default::default()
};

normalize_mechanism_meta(&mut mechanism, Some(OsHint::Linux));
normalize_mechanism(&mut mechanism, Some(OsHint::Linux));

let errno = mechanism.meta.value().unwrap().errno.value().unwrap();
assert_eq!(
Expand All @@ -696,7 +705,7 @@ fn test_normalize_errno_override() {
..Default::default()
};

normalize_mechanism_meta(&mut mechanism, Some(OsHint::Linux));
normalize_mechanism(&mut mechanism, Some(OsHint::Linux));

let errno = mechanism.meta.value().unwrap().errno.value().unwrap();
assert_eq!(
Expand All @@ -722,7 +731,7 @@ fn test_normalize_errno_fail() {
..Default::default()
};

normalize_mechanism_meta(&mut mechanism, None);
normalize_mechanism(&mut mechanism, None);

let errno = mechanism.meta.value().unwrap().errno.value().unwrap();
assert_eq!(
Expand All @@ -749,7 +758,7 @@ fn test_normalize_signal() {
..Default::default()
};

normalize_mechanism_meta(&mut mechanism, Some(OsHint::Darwin));
normalize_mechanism(&mut mechanism, Some(OsHint::Darwin));

let signal = mechanism.meta.value().unwrap().signal.value().unwrap();
assert_eq!(
Expand Down Expand Up @@ -777,7 +786,7 @@ fn test_normalize_partial_signal() {
..Default::default()
};

normalize_mechanism_meta(&mut mechanism, Some(OsHint::Linux));
normalize_mechanism(&mut mechanism, Some(OsHint::Linux));

let signal = mechanism.meta.value().unwrap().signal.value().unwrap();

Expand Down Expand Up @@ -807,7 +816,7 @@ fn test_normalize_signal_override() {
..Default::default()
};

normalize_mechanism_meta(&mut mechanism, Some(OsHint::Linux));
normalize_mechanism(&mut mechanism, Some(OsHint::Linux));

let signal = mechanism.meta.value().unwrap().signal.value().unwrap();

Expand Down Expand Up @@ -837,7 +846,7 @@ fn test_normalize_signal_fail() {
..Default::default()
};

normalize_mechanism_meta(&mut mechanism, None);
normalize_mechanism(&mut mechanism, None);

let signal = mechanism.meta.value().unwrap().signal.value().unwrap();

Expand Down Expand Up @@ -870,7 +879,7 @@ fn test_normalize_mach() {
// We do not need SDK information here because mach exceptions only
// occur on Darwin

normalize_mechanism_meta(&mut mechanism, None);
normalize_mechanism(&mut mechanism, None);

let mach_exception = mechanism
.meta
Expand Down Expand Up @@ -910,7 +919,7 @@ fn test_normalize_mach_override() {
// We do not need SDK information here because mach exceptions only
// occur on Darwin

normalize_mechanism_meta(&mut mechanism, None);
normalize_mechanism(&mut mechanism, None);

let mach_exception = mechanism
.meta
Expand Down Expand Up @@ -949,7 +958,7 @@ fn test_normalize_mach_fail() {
// We do not need SDK information here because mach exceptions only
// occur on Darwin

normalize_mechanism_meta(&mut mechanism, None);
normalize_mechanism(&mut mechanism, None);

let mach_exception = mechanism
.meta
Expand All @@ -968,3 +977,48 @@ fn test_normalize_mach_fail() {
}
);
}

#[test]
fn test_normalize_http_url() {
use crate::types::SerializableAnnotated;
use insta::assert_ron_snapshot_matches;

let mut good_mechanism = Mechanism {
ty: Annotated::new("generic".to_string()),
help_link: Annotated::new("https://example.com/".to_string()),
..Default::default()
};

normalize_mechanism(&mut good_mechanism, None);
assert_ron_snapshot_matches!(SerializableAnnotated(&Annotated::new(good_mechanism)), @r###"{
"type": "generic",
"help_link": "https://example.com/",
}"###);

let mut bad_mechanism = Mechanism {
ty: Annotated::new("generic".to_string()),
help_link: Annotated::new("javascript:alert(document.cookie)".to_string()),
..Default::default()
};

normalize_mechanism(&mut bad_mechanism, None);
assert_ron_snapshot_matches!(SerializableAnnotated(&Annotated::new(bad_mechanism)), @r###"{
"type": "generic",
"help_link": (),
"_meta": {
"help_link": {
"": Meta(Some(MetaInner(
err: [
[
"invalid_data",
{
"reason": "expected http URL",
},
],
],
val: Some("javascript:alert(document.cookie)"),
))),
},
},
}"###);
}