Skip to content

Commit

Permalink
add scan-id validation
Browse files Browse the repository at this point in the history
  • Loading branch information
tarunKoyalwar committed May 10, 2024
1 parent 65f9299 commit 12589f0
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 3 deletions.
13 changes: 11 additions & 2 deletions internal/pdcp/writer.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import (
"io"
"net/http"
"net/url"
"regexp"
"sync/atomic"
"time"

Expand All @@ -27,9 +28,13 @@ const (
appendEndpoint = "/v1/scans/%s/import"
flushTimer = time.Duration(1) * time.Minute
MaxChunkSize = 1024 * 1024 * 4 // 4 MB
xidRe = `^[a-z0-9]{20}$`
)

var _ output.Writer = &UploadWriter{}
var (
xidRegex = regexp.MustCompile(xidRe)
_ output.Writer = &UploadWriter{}
)

// UploadWriter is a writer that uploads its output to pdcp
// server to enable web dashboard and more
Expand Down Expand Up @@ -87,8 +92,12 @@ func NewUploadWriter(ctx context.Context, creds *pdcpauth.PDCPCredentials) (*Upl
}

// SetScanID sets the scan id for the upload writer
func (u *UploadWriter) SetScanID(id string) {
func (u *UploadWriter) SetScanID(id string) error {
if !xidRegex.MatchString(id) {
return fmt.Errorf("invalid scan id provided")
}
u.scanID = id
return nil
}

// SetScanName sets the scan name for the upload writer
Expand Down
4 changes: 3 additions & 1 deletion internal/runner/runner.go
Original file line number Diff line number Diff line change
Expand Up @@ -414,7 +414,9 @@ func (r *Runner) setupPDCPUpload(writer output.Writer) output.Writer {
return writer
}
if r.options.ScanID != "" {
uploadWriter.SetScanID(r.options.ScanID)
if err := uploadWriter.SetScanID(r.options.ScanID); err != nil {
gologger.Fatal().Msgf("failed to set scan id: %s", err)
}
}
if r.options.ScanName != "" {
uploadWriter.SetScanName(r.options.ScanName)
Expand Down

0 comments on commit 12589f0

Please sign in to comment.