Fixing Issue [TeamMentor#682] Part 1. The second part is fixed in the…

… GraphDb (i.e if the attacker send the long request to the graphDB without using TM as an intermediary).
michaelhidalgo · Apr 10, 2015 · 60049a0 · 60049a0
1 parent 0c924e8
commit 60049a0
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 1 deletion.
diff --git a/src/services/Graph-Service.coffee b/src/services/Graph-Service.coffee
@@ -18,7 +18,7 @@ class Graph_Service
       url_Article_Html.GET_Json callback
 
   article: (article_Ref, callback)=>
-    if not article_Ref
+    if not article_Ref or article_Ref.length >12
       callback ''
     else
       url_Article = "#{@server}/data/article/#{article_Ref.str().url_Encode()}"

diff --git a/test/services/Graph-Service.test.coffee b/test/services/Graph-Service.test.coffee
@@ -45,6 +45,20 @@ describe '| services | Graph-Service.test |', ->
       data.url.assert_Is "/data/article/#{ref}"
       done()
 
+  it 'article id needs to be 12 character long', (done)->
+    server.respond_With_Request_Url()
+    ref = 'abc_'.add_Random_Letters(8)
+    graphService.article ref, (data)=>
+      data.url.assert_Is "/data/article/#{ref}"
+      done()
+
+  it 'GraphDB should not be invoked if article id is longer than 12 characters', (done)->
+    server.respond_With_Request_Url()
+    ref = 'abc_'.add_Random_Letters(9)
+    graphService.article ref, (data)=>
+      data.assert_Is_Undefined();
+      done()
+
   it 'articles', (done)->
     graphService.articles (data)=>
       data.assert_Is { url: '/data/articles/' }