-
Notifications
You must be signed in to change notification settings - Fork 229
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
sanitize id paths via base64 encoding (#5740)
- supports relaxed restrictions on entity names - prevents malicious path injection
- Loading branch information
Showing
5 changed files
with
157 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
45 changes: 45 additions & 0 deletions
45
projects/batfish-common-protocol/src/test/java/org/batfish/identifiers/BUILD
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
load("@rules_java//java:defs.bzl", "java_library") | ||
|
||
package( | ||
default_testonly = True, | ||
default_visibility = ["//visibility:public"], | ||
) | ||
|
||
load("@batfish//skylark:junit.bzl", "junit_tests") | ||
load("@batfish//skylark:pmd_test.bzl", "pmd_test") | ||
|
||
java_library( | ||
name = "identifiers", | ||
srcs = glob( | ||
["*.java"], | ||
exclude = ["*Test.java"], | ||
), | ||
deps = [ | ||
"//projects/batfish-common-protocol:common", | ||
"@maven//:com_google_code_findbugs_jsr305", | ||
], | ||
) | ||
|
||
pmd_test( | ||
name = "pmd", | ||
lib = ":identifiers", | ||
) | ||
|
||
junit_tests( | ||
name = "tests", | ||
srcs = glob( | ||
["*.java"], | ||
exclude = ["Test*.java"], | ||
|
||
), | ||
deps = [ | ||
"//projects/batfish-common-protocol:common", | ||
"@maven//:com_fasterxml_jackson_core_jackson_core", | ||
"@maven//:com_google_code_findbugs_jsr305", | ||
"@maven//:com_google_guava_guava", | ||
"@maven//:junit_junit", | ||
"@maven//:org_hamcrest_hamcrest", | ||
], | ||
) | ||
|
||
|
86 changes: 86 additions & 0 deletions
86
...atfish-common-protocol/src/test/java/org/batfish/identifiers/FileBasedIdResolverTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,86 @@ | ||
package org.batfish.identifiers; | ||
|
||
import static org.batfish.identifiers.FileBasedIdResolver.listResolvableNames; | ||
import static org.batfish.storage.FileBasedStorage.fromBase64; | ||
import static org.batfish.storage.FileBasedStorage.toBase64; | ||
import static org.hamcrest.Matchers.containsInAnyOrder; | ||
import static org.junit.Assert.assertNotNull; | ||
import static org.junit.Assert.assertThat; | ||
|
||
import java.io.IOException; | ||
import java.nio.file.Files; | ||
import java.nio.file.Path; | ||
import org.junit.Before; | ||
import org.junit.Rule; | ||
import org.junit.Test; | ||
import org.junit.rules.TemporaryFolder; | ||
|
||
/** Test of {@link FileBasedIdResolver}. */ | ||
public final class FileBasedIdResolverTest { | ||
|
||
private FileBasedIdResolver _resolver; | ||
|
||
@Rule public TemporaryFolder _folder = new TemporaryFolder(); | ||
|
||
@Before | ||
public void setup() { | ||
_resolver = new FileBasedIdResolver(_folder.getRoot().toPath()); | ||
} | ||
|
||
private static void assertLastComponentBase64Encoded(Path idPath) { | ||
assertNotNull(fromBase64(idPath.getFileName().toString())); | ||
} | ||
|
||
@Test | ||
public void testListResolvableNames() throws IOException { | ||
Path root = _folder.getRoot().toPath(); | ||
Files.createFile(root.resolve(toBase64("foo.id"))); | ||
Files.createFile(root.resolve(toBase64("bar.id"))); | ||
Files.createFile(root.resolve("baz.id")); // should be excluded because it is not base64-encoded | ||
Files.createFile( | ||
root.resolve(toBase64("bath"))); // should be excluded because it doesn't end in ID | ||
|
||
assertThat(listResolvableNames(root), containsInAnyOrder("foo", "bar")); | ||
} | ||
|
||
@Test | ||
public void testGetAnalysisIdPath() { | ||
assertLastComponentBase64Encoded( | ||
_resolver.getAnalysisIdPath("analysis1", new NetworkId("net1_id"))); | ||
} | ||
|
||
@Test | ||
public void testGetIssueSettingsIdPath() { | ||
assertLastComponentBase64Encoded( | ||
_resolver.getIssueSettingsIdPath("majorIssueType1", new NetworkId("net1_id"))); | ||
} | ||
|
||
@Test | ||
public void testGetNetworkIdPath() { | ||
assertLastComponentBase64Encoded(_resolver.getNetworkIdPath("net1")); | ||
} | ||
|
||
@Test | ||
public void testGetQuestionIdPath() { | ||
// with analysis | ||
assertLastComponentBase64Encoded( | ||
_resolver.getQuestionIdPath( | ||
"question1", new NetworkId("net1_id"), new AnalysisId("analysis1_id"))); | ||
|
||
// without analysis | ||
assertLastComponentBase64Encoded( | ||
_resolver.getQuestionIdPath("question1", new NetworkId("net1_id"), null)); | ||
} | ||
|
||
@Test | ||
public void testGetQuestionSettingsIdPath() { | ||
assertLastComponentBase64Encoded( | ||
_resolver.getQuestionSettingsIdPath("questionClassId1", new NetworkId("net1_id"))); | ||
} | ||
|
||
@Test | ||
public void testGetSnapshotIdPath() { | ||
assertLastComponentBase64Encoded( | ||
_resolver.getSnapshotIdPath("snapshot1", new NetworkId("net1_id"))); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters