diff options
| author | Joas Schilling <coding@schilljs.com> | 2019-02-07 22:45:14 +0300 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2019-02-20 14:17:36 +0300 |
| commit | 9a1980dff2bd0572ccb009b370b97ed64e8d189b (patch) | |
| tree | a0b63d806f7b7ed2a25f7b72ab16536c559ec04b /lib/Service/CommandService.php | |
| parent | 105eda53bcec123cebef27f650ffee2e2c3f379a (diff) | |
Add validation for name, cmd and script
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'lib/Service/CommandService.php')
| -rw-r--r-- | lib/Service/CommandService.php | 41 |
1 files changed, 38 insertions, 3 deletions
diff --git a/lib/Service/CommandService.php b/lib/Service/CommandService.php index abe3869bd..99163bc19 100644 --- a/lib/Service/CommandService.php +++ b/lib/Service/CommandService.php @@ -23,6 +23,7 @@ declare(strict_types=1); namespace OCA\Spreed\Service; +use OCA\Spreed\Chat\Command\ShellExecutor; use OCA\Spreed\Model\Command; use OCA\Spreed\Model\CommandMapper; use OCP\AppFramework\Db\DoesNotExistException; @@ -32,8 +33,12 @@ class CommandService { /** @var CommandMapper */ protected $mapper; - public function __construct(CommandMapper $mapper) { + /** @var ShellExecutor */ + protected $shellExecutor; + + public function __construct(CommandMapper $mapper, ShellExecutor $shellExecutor) { $this->mapper = $mapper; + $this->shellExecutor = $shellExecutor; } /** @@ -53,6 +58,22 @@ class CommandService { } catch (DoesNotExistException $e) { } + if (preg_match('/^[a-z0-9]{1..64}$/', $cmd)) { + throw new \InvalidArgumentException('command', 1); + } + + if (preg_match('/^.{1..64}$/', $name)) { + throw new \InvalidArgumentException('name', 2); + } + + if ($app === '' && $cmd !== 'help') { + try { + $this->shellExecutor->execShell($script, '--help'); + } catch (\InvalidArgumentException $e) { + throw new \InvalidArgumentException('script', 3); + } + } + if (!\in_array($response, [Command::RESPONSE_NONE, Command::RESPONSE_USER, Command::RESPONSE_ALL], true)) { throw new \InvalidArgumentException('response', 4); } @@ -64,9 +85,7 @@ class CommandService { $command = new Command(); $command->setApp($app); $command->setCommand($cmd); - // FIXME Validate "bot name" $command->setName($name); - // FIXME Validate "script" $command->setScript($script); $command->setResponse($response); $command->setEnabled($enabled); @@ -104,6 +123,22 @@ class CommandService { throw new \InvalidArgumentException('app', 0); } + if (preg_match('/^[a-z0-9]{1..64}$/', $cmd)) { + throw new \InvalidArgumentException('command', 1); + } + + if (preg_match('/^.{1..64}$/', $name)) { + throw new \InvalidArgumentException('name', 2); + } + + if ($command->getApp() === '') { + try { + $this->shellExecutor->execShell($script, '--help'); + } catch (\InvalidArgumentException $e) { + throw new \InvalidArgumentException('script', 3); + } + } + if (!\in_array($response, [Command::RESPONSE_NONE, Command::RESPONSE_USER, Command::RESPONSE_ALL], true)) { throw new \InvalidArgumentException('response', 4); } |