mirror of https://github.com/CIRCL/AIL-framework
fix: [paste_submit] restrict source characters
parent
a2ebd09c2a
commit
d4829273c5
|
@ -7,6 +7,7 @@
|
||||||
##################################
|
##################################
|
||||||
# Import External packages
|
# Import External packages
|
||||||
##################################
|
##################################
|
||||||
|
import re
|
||||||
import os
|
import os
|
||||||
import sys
|
import sys
|
||||||
import json
|
import json
|
||||||
|
@ -278,12 +279,18 @@ def submit():
|
||||||
paste_content = request.form['paste_content']
|
paste_content = request.form['paste_content']
|
||||||
paste_source = request.form['paste_source']
|
paste_source = request.form['paste_source']
|
||||||
|
|
||||||
|
if paste_source:
|
||||||
# limit source length
|
# limit source length
|
||||||
paste_source = paste_source.replace('/', '')[:80]
|
paste_source = paste_source.replace('/', '')[:80]
|
||||||
if paste_source in ['crawled', 'tests']:
|
if paste_source in ['crawled', 'tests']:
|
||||||
content = f'Invalid source'
|
content = f'Invalid source'
|
||||||
logger.info(paste_source)
|
logger.info(paste_source)
|
||||||
return content, 400
|
return content, 400
|
||||||
|
|
||||||
|
if not re.match('^[0-9a-zA-Z-_\+@#&\.;=:!]*$', paste_source):
|
||||||
|
content = f'Invalid source name: Forbidden character(s)'
|
||||||
|
logger.info(content)
|
||||||
|
return content, 400
|
||||||
|
|
||||||
is_file = False
|
is_file = False
|
||||||
if 'file' in request.files:
|
if 'file' in request.files:
|
||||||
|
|
Loading…
Reference in New Issue