From 64b67598d72a2be700103a13fa3d3bc597b94f36 Mon Sep 17 00:00:00 2001 From: Bart Van Der Meerssche Date: Sat, 26 Mar 2011 11:06:06 +0000 Subject: [PATCH] [api] check against a sha-1 digest hex length of 40 chars --- server/api/flukso/src/flukso.hrl | 30 +++++++++++++++---------- server/api/flukso/src/flukso_sensor.erl | 4 ++-- 2 files changed, 20 insertions(+), 14 deletions(-) diff --git a/server/api/flukso/src/flukso.hrl b/server/api/flukso/src/flukso.hrl index 98f94b1..f7c6804 100644 --- a/server/api/flukso/src/flukso.hrl +++ b/server/api/flukso/src/flukso.hrl @@ -50,11 +50,26 @@ check_version(_, _) -> {false, false}. check_sensor(Sensor) -> - check_32hex(Sensor). + check_hex(Sensor, 32). -check_32hex(String) -> +check_token(undefined, undefined) -> + {false, false}; +check_token(Token, undefined) -> + check_hex(Token, 32); +check_token(undefined, Token) -> + check_hex(Token, 32); +check_token(_, _) -> + {false, false}. + +check_digest(Digest) -> + check_hex(Digest, 40). + +check_device(Device) -> + check_hex(Device, 32). + +check_hex(String, Length) -> case re:run(String, "[0-9a-f]+", []) of - {match, [{0,32}]} -> {String, true}; + {match, [{0, Length}]} -> {String, true}; _ -> {false, false} end. @@ -102,15 +117,6 @@ check_unit(Unit) -> {_Unit, RrdFactor} -> {RrdFactor, true} end. -check_token(undefined, undefined) -> - {false, false}; -check_token(Token, undefined) -> - check_32hex(Token); -check_token(undefined, Token) -> - check_32hex(Token); -check_token(_, _) -> - {false, false}. - check_jsonp_callback(undefined) -> {undefined, true}; check_jsonp_callback(JsonpCallback) -> diff --git a/server/api/flukso/src/flukso_sensor.erl b/server/api/flukso/src/flukso_sensor.erl index df72e4e..64101f6 100644 --- a/server/api/flukso/src/flukso_sensor.erl +++ b/server/api/flukso/src/flukso_sensor.erl @@ -40,8 +40,8 @@ allowed_methods(ReqData, State) -> malformed_request(ReqData, State) -> {_Version, ValidVersion} = check_version(wrq:get_req_header("X-Version", ReqData)), - {_Device, ValidDevice} = check_32hex(wrq:get_req_header("X-Device", ReqData)), - {_Digest, ValidDigest} = check_32hex(wrq:get_req_header("X-Digest", ReqData)), + {_Device, ValidDevice} = check_device(wrq:get_req_header("X-Device", ReqData)), + {_Digest, ValidDigest} = check_digest(wrq:get_req_header("X-Digest", ReqData)), {case {ValidVersion, ValidDevice, ValidDigest} of {true, true, true} -> false;