`c0fb997`

reject unknown request fields

Authored by mfwolffe <wolffemf@dukes.jmu.edu> 2 months ago

SHA: c0fb9974f7fe7f893b6dbeda8813a51e59a26d7b
Parents: 01cdf42
Tree: 50e1ab1

2 changed files

Status	File	+	-
M	`garwarp-ipc/src/lib.rs`	21	0
M	`garwarp/src/daemon.rs`	29	0

garwarp-ipc/src/lib.rsmodified

          match parts.next() {
              Some("inspect") => {
                  let fields = parse_fields(parts)?;
++                if !fields_only(&fields, &["id"]) {
++                    return None;
++                }
                  let id = fields.get("id")?.clone();
                  Some(Self::InspectRequest { id })
              }
              Some("begin") => {
                  let fields = parse_fields(parts)?;
++                if !fields_only(&fields, &["id", "sender", "app_id", "parent"]) {
++                    return None;
++                }
                  let id = fields.get("id")?.clone();
                  let sender = fields.get("sender")?.clone();
                  let app_id = fields.get("app_id").cloned();
              }
              Some("transition") => {
                  let fields = parse_fields(parts)?;
++                if !fields_only(&fields, &["id", "sender", "state", "app_id"]) {
++                    return None;
++                }
                  let id = fields.get("id")?.clone();
                  let sender = fields.get("sender")?.clone();
                  let app_id = fields.get("app_id").cloned();
      Some(fields)
  }
++fn fields_only(fields: &std::collections::HashMap<String, String>, allowed: &[&str]) -> bool {
++    fields
++        .keys()
++        .all(|key| allowed.iter().any(|allowed| key == allowed))
++}
++
  #[cfg(test)]
  mod tests {
      use super::{
          let parsed = ControlRequest::parse_line("inspect id=req-1 id=req-2");
          assert_eq!(parsed, None);
      }
++
++    #[test]
++    fn request_parse_rejects_unknown_fields() {
++        let parsed = ControlRequest::parse_line("inspect id=req-1 bogus=1");
++        assert_eq!(parsed, None);
++    }
  }

garwarp/src/daemon.rsmodified

          );
+     }
++    #[test]
++    fn unknown_request_fields_map_to_invalid_request() {
++        let (mut client, server) = UnixStream::pair().expect("pair should be created");
++        client
++            .write_all(b"begin id=req-1 sender=:1.2 bogus=1\n")
++            .expect("begin request should be written");
++
++        let mut state = DaemonState {
++            health: HealthStatus::Healthy,
++            requests: RequestRegistry::new(Duration::from_secs(5)),
++            running: true,
++        };
++        handle_connection(server, &mut state).expect("request should be handled");
++
++        let mut response_line = String::new();
++        let mut reader = BufReader::new(client);
++        reader
++            .read_line(&mut response_line)
++            .expect("response should be readable");
++        let response = ControlResponse::parse_line(&response_line).expect("response should parse");
++        assert_eq!(
++            response,
++            ControlResponse::Error {
++                code: 2,
++                reason: "invalid_request".to_string(),
++            }
++        );
++    }
++
      #[test]
      fn begin_request_tracks_parent_window_context() {
          let (mut client, server) = UnixStream::pair().expect("pair should be created");