Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate database prefix against DBNAME_REGEX for system dbs #1647

Merged
merged 1 commit into from
Oct 10, 2018
Merged

Validate database prefix against DBNAME_REGEX for system dbs #1647

merged 1 commit into from
Oct 10, 2018

Conversation

iilyak
Copy link
Contributor

@iilyak iilyak commented Oct 8, 2018
edited
Loading

Overview

Previously we only checked that the suffix of the database is
matching one of the predefined system databases. We really should
check the prefix against DBNAME_REGEXP to prevent creation of
illegally named databases.

Testing recommendations

make eunit apps=couch tests=validate_dbname_fail_test_,validate_dbname_success_test_,is_systemdb_test_

Related Issues or Pull Requests

This fixes #1644

Checklist

  • Code is written and works correctly;
  • Changes are covered by tests;
  • Documentation reflects the changes;

@lazedo
Copy link
Contributor

lazedo commented Oct 8, 2018

hello,

i just want to make sure that this doesn't break our current usage.
we create DBs with names like this account%2F85%2Fea%2F6075c6c1e266f8512e2233541bdb-201807

@iilyak
Copy link
Contributor Author

iilyak commented Oct 8, 2018

@lazedo

It would still work:

([email protected])3> couch_db:validate_dbname("account/85/ea/6075c6c1e266f8512e2233541bdb-201807").
ok

@iilyak iilyak force-pushed the validate-prefix-for-systemdbs branch 3 times, most recently from eedd250 to 695b633 Compare October 8, 2018 16:50
@jaydoane
Copy link
Contributor

jaydoane commented Oct 9, 2018
edited
Loading 

make eunit apps=couch tests=validate_dbname_fail_test_,validate_dbname_success_test_,is_systemdb_test_
...
=======================================================
  All 144 tests passed.

jaydoane
jaydoane approved these changes Oct 9, 2018
View reviewed changes
src/couch/src/couch_db.erl Outdated
{Prefix, true} ->
re:run(Prefix, ?DBNAME_REGEX, [{capture,none}, dollar_endonly])
==
match
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure why == match are not on the same line, but I guess it's not a big deal.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wish we (CouchDB community) have a syntax guidelines. I agree, this formatting is a bit haskellish (or ocamellish). However it provides a good structure visually which helps when reading the code. Although it could be just me because I used to this formatting. Let me know if you want me to change it and which one you would prefer.

  1. operand (new line) operator (new line) operand
re:run(Prefix, ?DBNAME_REGEX, [{capture,none}, dollar_endonly])
==
match
  1. operand (new line) (extra indent) operator operand
re:run(Prefix, ?DBNAME_REGEX, [{capture,none}, dollar_endonly])
    == match
  1. operand (new line) operator operand
re:run(Prefix, ?DBNAME_REGEX, [{capture,none}, dollar_endonly])
== match
  1. extract this into a function match_regexp/1 and use it in other places as well.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

personally I'd split it i two lines

ReOpts =  [{capture,none}, dollar_endonly]
re:run(Prefix, ?DBNAME_REGEX, ReOpts) == match

as it is right now looks more markupish than haskellish to me.

@iilyak iilyak mentioned this pull request Oct 10, 2018
Closed
3 tasks
@iilyak
Validate database prefix against DBNAME_REGEX for system dbs
aa63804 
Previously we only checked that the suffix of the database is
matching one of the predefined system databases. We really should
check the prefix against DBNAME_REGEXP to prevent creation of
illegally named databases.

This fixes apache#1644
@iilyak iilyak force-pushed the validate-prefix-for-systemdbs branch from 695b633 to aa63804 Compare October 10, 2018 16:58
@iilyak iilyak merged commit 9599455 into apache:master Oct 10, 2018
@iilyak iilyak deleted the validate-prefix-for-systemdbs branch October 10, 2018 17:53
jiangphcn
jiangphcn reviewed Oct 25, 2018
View reviewed changes
src/couch/src/couch_db.erl
Suffix = filename:basename(Normalized),
case {filename:dirname(Normalized), lists:member(Suffix, ?SYSTEM_DATABASES)} of
{<<".">>, Result} -> Result;
{Prefix, false} -> false;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just happen to find warning .../db/src/couchdb/src/couch/src/couch_db.erl:1748: Warning: variable 'Prefix' is unused

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eiri eiri eiri left review comments

@jiangphcn jiangphcn jiangphcn left review comments

@jaydoane jaydoane jaydoane approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Illegal DB creation permitted
5 participants
@iilyak @lazedo @jaydoane @eiri @jiangphcn