diff options
| author | Daniil Baturin <daniil@baturin.org> | 2017-01-13 21:46:16 +0700 |
|---|---|---|
| committer | Daniil Baturin <daniil@baturin.org> | 2017-01-13 21:46:16 +0700 |
| commit | 3de4790370ec8ee485c3f723c3471116dd094019 (patch) | |
| tree | e839e0fd9e7b1d879033dca0932e09c98dabb260 /src | |
| parent | ae5ad1099d6e751354ca4b1ded35cf178639c29f (diff) | |
| download | vyconf-3de4790370ec8ee485c3f723c3471116dd094019.tar.gz vyconf-3de4790370ec8ee485c3f723c3471116dd094019.zip | |
T254: disallow node names with characters significant to the curly config parser
(whitespace, braces, square brackets, quotes, and hash).
Diffstat (limited to 'src')
| -rw-r--r-- | src/reference_tree.ml | 28 |
1 files changed, 21 insertions, 7 deletions
diff --git a/src/reference_tree.ml b/src/reference_tree.ml index 5243e82..61e1efa 100644 --- a/src/reference_tree.ml +++ b/src/reference_tree.ml @@ -127,7 +127,18 @@ let load_from_xml reftree file = (* Validation function *) -(* A path can be created in the config tree unless: +let has_illegal_characters name = + (** Checks if string name has illegal characters in it. + All whitespace, curly braces, square brackets, and quotes + are disallowed due to their special significance to the curly config + format parser *) + try Some (Pcre.get_substring (Pcre.exec ~pat:"[\\s\\{\\}\\[\\]\"\'#]" name) 0) + with Not_found -> None + +(** Takes a list of string that represents a configuration path that may have + node value at the end, validates it, and splits it into path and value parts. + + A list of strings is a valid path that can be created in the config tree unless: 1. It's a tag node without a child 2. It's a non-valueless leaf node without a value 3. It's a valueless node with a value @@ -156,12 +167,15 @@ let rec validate_path validators_dir node path = | Tag -> (match path with | p :: p' :: ps -> - if (Value_checker.validate_any validators_dir data.constraints p) then - let child = Vytree.find node p' in - (match child with - | Some c -> aux c ps (p' :: p :: acc) - | None -> raise (Validation_error (Printf.sprintf "Node %s has no child %s" (show_path acc) p'))) - else raise (Validation_error (Printf.sprintf "%s is not a valid child name for node %s" p (show_path acc))) + (match (has_illegal_characters p) with + | Some c -> raise (Validation_error (Printf.sprintf "Illegal character \"%s\" in node name \"%s\"" c p)) + | None -> + if (Value_checker.validate_any validators_dir data.constraints p) then + let child = Vytree.find node p' in + (match child with + | Some c -> aux c ps (p' :: p :: acc) + | None -> raise (Validation_error (Printf.sprintf "Node %s has no child %s" (show_path acc) p'))) + else raise (Validation_error (Printf.sprintf "%s is not a valid child name for node %s" p (show_path acc)))) | [p] -> if (Value_checker.validate_any validators_dir data.constraints p) then (List.rev acc, None) else raise (Validation_error (Printf.sprintf "Node %s has no child %s" (show_path acc) p)) | _ -> raise (Validation_error (Printf.sprintf "Path %s is incomplete" (show_path acc)))) |