~chipaca/snappy/auth-config

« back to all changes in this revision

Viewing changes to snappy/click.go

Committer: Snappy Tarmac
Author(s): John R. Lenton
Date: 2015-10-05 19:22:47 UTC
mfrom: (724.3.1 whitelist-rx)
Revision ID: snappy_tarmac-20151005192247-m4xq8cts9gqrq9zw

use a compiled regexp instead of a string for whitelisting by chipaca approved by mvo

files modified:
snappy/click.go

Show diffs side-by-side

added added

removed removed

snappy/click.go

// servicesBinariesStringsWhitelist is the whitelist of legal chars

// in the "binaries" and "services" section of the package.yaml

const servicesBinariesStringsWhitelist = `^[A-Za-z0-9/. _#:-]*$`

var servicesBinariesStringsWhitelist = regexp.MustCompile(`^[A-Za-z0-9/. _#:-]*$`)

// Execute the hook.Exec command

func execHook(execCmd string) (err error) {

373

374

// verifyStructStringsAgainstWhitelist takes a struct and ensures that

375

// the given whitelist regexp matches all string fields of the struct

376

func verifyStructStringsAgainstWhitelist(s interface{}, whitelist string) error {

377

r, err := regexp.Compile(whitelist)

378

if err != nil {

379

return err

380

}

376

func verifyStructStringsAgainstWhitelist(s interface{}, whitelist *regexp.Regexp) error {

381

377

382

378

// check all members of the services struct against our whitelist

383

379

t := reflect.TypeOf(s)

401

397

if v.Field(i).Kind() == reflect.String {

402

398

key := t.Field(i).Name

403

399

value := v.Field(i).String()

404

if !r.MatchString(value) {

400

if !whitelist.MatchString(value) {

405

401

return &ErrStructIllegalContent{

406

402

Field: key,

407

403

Content: value,

408

Whitelist: whitelist,

404

Whitelist: whitelist.String(),

409

405

}

410

406

}

411

407

}

Older »