Improve input validation for download_report controller #1503

jpwhite4 · 2021-03-05T16:19:39Z

The download_report controller endpoint already checks that the
filename is acceptable. However, in the case of an invalid filename
it potentially would try to open a file called [TMPDIR]/.[SUFFIX].

This change add an explicit exit if an invalid filename is supplied.

Also add a test for this scenario and to check some of the other input
validation code.

The download_report controller endpoint already checks that the filename is acceptable. However, in the case of an invalid filename it potentially would try to open a file called [TMPDIR]/.[SUFFIX]. This change add an explicit exit if an invalid filename is supplied. Also add a test for this scenario and to check some of the other input validation code.

If a default is not supplied then the validator returns false if validation fails. The isValidFormat() function expects a string and this leads to a warning if false is supplied (although the isValidFormat correctly returns). This change updates the default to be an empty string which is not a valid format, but is the coreect data type for the isValidFormat() function.

jpwhite4 added the bug Bugfixes label Mar 5, 2021

jpwhite4 added this to the 9.5.0 milestone Mar 5, 2021

jpwhite4 requested a review from hltaylor26 March 5, 2021 16:20

hltaylor26 approved these changes Mar 5, 2021

View reviewed changes

jpwhite4 merged commit 9415244 into ubccr:xdmod9.5 Mar 9, 2021

jpwhite4 deleted the report_download branch March 9, 2021 01:41

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Improve input validation for download_report controller #1503

Improve input validation for download_report controller #1503

jpwhite4 commented Mar 5, 2021

Improve input validation for download_report controller #1503

Improve input validation for download_report controller #1503

Conversation

jpwhite4 commented Mar 5, 2021