Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stricter report_id validation #788

Merged
merged 1 commit into from Sep 15, 2022
Merged

Stricter report_id validation #788

merged 1 commit into from Sep 15, 2022

Conversation

majakomel
Copy link
Contributor

Adds stricter report_id regex to avoid making unnecessary api requests.
Regex matches the one on the backend: ooni/api#301

@vercel
Copy link

vercel bot commented Aug 17, 2022
edited

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Updated
explorer ✅ Ready (Inspect) Visit Preview Sep 15, 2022 at 3:05PM (UTC)

@majakomel majakomel self-assigned this Aug 17, 2022
@majakomel majakomel requested a review from hellais August 18, 2022 13:19
hellais
hellais reviewed Sep 15, 2022
View reviewed changes
pages/measurement/[[...report_id]].js Outdated
@@ -40,7 +40,7 @@ export async function getServerSideProps({ query }) {
// in which case, the extra segments are available inside query.report_id[1+]
const report_id = query?.report_id?.[0]
// If there is no report_id to use, fail early with MeasurementNotFound
if (typeof report_id !== 'string' || report_id.length < 1) {
if (typeof report_id !== 'string' || !report_id.match(/[a-zA-Z0-9_-]{5,100}/)) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we can be even a bit more aggressive with the filter here by setting the minimum length to 40 (according to the fastpath table the shortest non-null report_id is 45 characters, and it's of the new format 20201028T073929Z_ndt_ZZ_0_n1_Ed95brGpL3sZ4dUN, so even in the case of a single character test name we would be at 43 chars).

hellais
hellais approved these changes Sep 15, 2022
View reviewed changes
Copy link
Member

@hellais hellais left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested a small improvement to the report_id validation filter, but otherwise LGTM

@majakomel majakomel merged commit e2acb8e into master Sep 15, 2022
@majakomel majakomel deleted the report-id-regex branch September 15, 2022 15:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hellais hellais hellais approved these changes

Assignees

@majakomel majakomel

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@majakomel @hellais