Skip to content

Commit

Permalink
Reassign sanitized string, throwing exception if not sanitized (#2409)
Browse files Browse the repository at this point in the history
  • Loading branch information
@imnasnainaec
imnasnainaec authored Jul 24, 2023
1 parent 506ca5e commit f9bc1e0
Show file tree
Hide file tree
Showing 8 changed files with 141 additions and 78 deletions.
25 changes: 23 additions & 2 deletions Backend.Tests/Controllers/AudioControllerTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
using BackendFramework.Models;
using BackendFramework.Services;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using NUnit.Framework;

namespace Backend.Tests.Controllers
Expand Down Expand Up @@ -52,6 +53,26 @@ public void TearDown()
_projRepo.Delete(_projId);
}

[Test]
public void TestDownloadAudioFileInvalidArguments()
{
var result = _audioController.DownloadAudioFile("invalid/projId", "wordId", "fileName");
Assert.That(result is UnsupportedMediaTypeResult);

result = _audioController.DownloadAudioFile("projId", "invalid/wordId", "fileName");
Assert.That(result is UnsupportedMediaTypeResult);

result = _audioController.DownloadAudioFile("projId", "wordId", "invalid/fileName");
Assert.That(result is UnsupportedMediaTypeResult);
}

[Test]
public void TestDownloadAudioFileNoFile()
{
var result = _audioController.DownloadAudioFile("projId", "wordId", "fileName");
Assert.That(result is BadRequestObjectResult);
}

[Test]
public void TestAudioImport()
{
Expand All @@ -69,7 +90,7 @@ public void TestAudioImport()
_ = _audioController.UploadAudioFile(_projId, word.Id, fileUpload).Result;

var foundWord = _wordRepo.GetWord(_projId, word.Id).Result;
Assert.IsNotNull(foundWord?.Audio);
Assert.That(foundWord?.Audio, Is.Not.Null);
}

[Test]
Expand Down Expand Up @@ -98,7 +119,7 @@ public void DeleteAudio()

// Ensure the word with deleted audio is in the frontier
Assert.That(frontier, Has.Count.EqualTo(1));
Assert.AreNotEqual(frontier[0].Id, origWord.Id);
Assert.That(frontier[0].Id, Is.Not.EqualTo(origWord.Id));
Assert.That(frontier[0].Audio, Has.Count.EqualTo(0));
Assert.That(frontier[0].History, Has.Count.EqualTo(1));
}
Expand Down
27 changes: 10 additions & 17 deletions Backend.Tests/Helper/FileStorageTests.cs
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
using System;
using BackendFramework.Helper;
using static BackendFramework.Helper.FileStorage;
using NUnit.Framework;

Expand All @@ -11,30 +12,22 @@ public void TestFileTypeExtension()
{
Assert.That(FileTypeExtension(FileType.Audio), Is.EqualTo(".webm"));
Assert.That(FileTypeExtension(FileType.Avatar), Is.EqualTo(".jpg"));
Assert.Throws<NotImplementedException>(() => { FileTypeExtension((FileType)99); });
Assert.That(() => FileTypeExtension((FileType)99), Throws.TypeOf<NotImplementedException>());
}

[Test]
public void TestFilePathIdSanitization()
{
const string invalidId = "@";
const string validId = "a";
Assert.Throws<InvalidIdException>(
() => GenerateAudioFilePathForWord(invalidId, validId));
Assert.Throws<InvalidIdException>(
() => GenerateAudioFilePathForWord(validId, invalidId));
Assert.Throws<InvalidIdException>(
() => GenerateAudioFilePath(invalidId, "file.mp3"));
Assert.Throws<InvalidIdException>(
() => GenerateAudioFileDirPath(invalidId));
Assert.Throws<InvalidIdException>(
() => GenerateImportExtractedLocationDirPath(invalidId));
Assert.Throws<InvalidIdException>(
() => GenerateLiftImportDirPath(invalidId));
Assert.Throws<InvalidIdException>(
() => GenerateAvatarFilePath(invalidId));
Assert.Throws<InvalidIdException>(
() => GetProjectDir(invalidId));
Assert.That(() => GenerateAudioFilePathForWord(invalidId, validId), Throws.TypeOf<InvalidIdException>());
Assert.That(() => GenerateAudioFilePathForWord(validId, invalidId), Throws.TypeOf<InvalidIdException>());
Assert.That(() => GenerateAudioFilePath(invalidId, "file.mp3"), Throws.TypeOf<InvalidIdException>());
Assert.That(() => GenerateAudioFileDirPath(invalidId), Throws.TypeOf<InvalidIdException>());
Assert.That(() => GenerateImportExtractedLocationDirPath(invalidId), Throws.TypeOf<InvalidIdException>());
Assert.That(() => GenerateLiftImportDirPath(invalidId), Throws.TypeOf<InvalidIdException>());
Assert.That(() => GenerateAvatarFilePath(invalidId), Throws.TypeOf<InvalidIdException>());
Assert.That(() => GetProjectDir(invalidId), Throws.TypeOf<InvalidIdException>());
}
}
}
9 changes: 5 additions & 4 deletions Backend.Tests/Helper/SanitizationTests.cs
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
using System.Collections.Generic;
using BackendFramework.Helper;
using static BackendFramework.Helper.Sanitization;
using NUnit.Framework;

Expand All @@ -15,7 +16,7 @@ public class SanitizationTests
[TestCaseSource(nameof(_validIds))]
public void TestValidIds(string id)
{
Assert.That(SanitizeId(id));
Assert.That(SanitizeId(id), Is.EqualTo(id));
}

private static List<string> _invalidIds = new()
Expand Down Expand Up @@ -48,7 +49,7 @@ public void TestValidIds(string id)
[TestCaseSource(nameof(_invalidIds))]
public void TestInvalidIds(string id)
{
Assert.False(SanitizeId(id));
Assert.That(() => SanitizeId(id), Throws.TypeOf<InvalidIdException>());
}

private static List<string> _validFileNames = new()
Expand All @@ -68,7 +69,7 @@ public void TestInvalidIds(string id)
[TestCaseSource(nameof(_validFileNames))]
public void TestValidFileNames(string fileName)
{
Assert.That(SanitizeFileName(fileName));
Assert.That(SanitizeFileName(fileName), Is.EqualTo(fileName));
}

private static List<string> _invalidFileNames = new()
Expand Down Expand Up @@ -97,7 +98,7 @@ public void TestValidFileNames(string fileName)
[TestCaseSource(nameof(_invalidFileNames))]
public void TestInvalidFileNames(string fileName)
{
Assert.False(SanitizeFileName(fileName));
Assert.That(() => SanitizeFileName(fileName), Throws.TypeOf<InvalidFileNameException>());
}

private static List<List<string>> _namesUnfriendlyFriendly = new()
Expand Down
24 changes: 20 additions & 4 deletions Backend/Controllers/AudioController.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,8 +39,13 @@ public IActionResult DownloadAudioFile(string projectId, string wordId, string f
// }

// Sanitize user input
if (!Sanitization.SanitizeId(projectId) || !Sanitization.SanitizeId(wordId) ||
!Sanitization.SanitizeFileName(fileName))
try
{
fileName = Sanitization.SanitizeFileName(fileName);
projectId = Sanitization.SanitizeId(projectId);
wordId = Sanitization.SanitizeId(wordId);
}
catch
{
return new UnsupportedMediaTypeResult();
}
Expand Down Expand Up @@ -71,7 +76,12 @@ public async Task<IActionResult> UploadAudioFile(string projectId, string wordId
}

// sanitize user input
if (!Sanitization.SanitizeId(projectId) || !Sanitization.SanitizeId(wordId))
try
{
projectId = Sanitization.SanitizeId(projectId);
wordId = Sanitization.SanitizeId(wordId);
}
catch
{
return new UnsupportedMediaTypeResult();
}
Expand Down Expand Up @@ -123,7 +133,13 @@ public async Task<IActionResult> DeleteAudioFile(string projectId, string wordId
}

// sanitize user input
if (!Sanitization.SanitizeId(projectId) || !Sanitization.SanitizeId(wordId))
try
{
fileName = Sanitization.SanitizeFileName(fileName);
projectId = Sanitization.SanitizeId(projectId);
wordId = Sanitization.SanitizeId(wordId);
}
catch
{
return new UnsupportedMediaTypeResult();
}
Expand Down
30 changes: 25 additions & 5 deletions Backend/Controllers/LiftController.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,11 @@ public async Task<IActionResult> FinishUploadLiftFile(string projectId)
internal async Task<IActionResult> FinishUploadLiftFile(string projectId, string userId)
{
// Sanitize projectId
if (!Sanitization.SanitizeId(projectId))
try
{
projectId = Sanitization.SanitizeId(projectId);
}
catch
{
return new UnsupportedMediaTypeResult();
}
Expand Down Expand Up @@ -150,7 +154,11 @@ public async Task<IActionResult> UploadLiftFile(string projectId, [FromForm] Fil
}

// Sanitize projectId
if (!Sanitization.SanitizeId(projectId))
try
{
projectId = Sanitization.SanitizeId(projectId);
}
catch
{
return new UnsupportedMediaTypeResult();
}
Expand Down Expand Up @@ -188,7 +196,11 @@ public async Task<IActionResult> UploadLiftFile(string projectId, [FromForm] Fil
private async Task<IActionResult> AddImportToProject(string liftStoragePath, string projectId)
{
// Sanitize projectId
if (!Sanitization.SanitizeId(projectId))
try
{
projectId = Sanitization.SanitizeId(projectId);
}
catch
{
return new UnsupportedMediaTypeResult();
}
Expand Down Expand Up @@ -277,7 +289,11 @@ private async Task<IActionResult> ExportLiftFile(string projectId, string userId
}

// Sanitize projectId
if (!Sanitization.SanitizeId(projectId))
try
{
projectId = Sanitization.SanitizeId(projectId);
}
catch
{
return new UnsupportedMediaTypeResult();
}
Expand Down Expand Up @@ -402,7 +418,11 @@ public async Task<IActionResult> CanUploadLift(string projectId)
}

// Sanitize user input
if (!Sanitization.SanitizeId(projectId))
try
{
projectId = Sanitization.SanitizeId(projectId);
}
catch
{
return new UnsupportedMediaTypeResult();
}
Expand Down
6 changes: 5 additions & 1 deletion Backend/Controllers/ProjectController.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -187,7 +187,11 @@ public async Task<IActionResult> DeleteProject(string projectId)
}

// Sanitize user input.
if (!Sanitization.SanitizeId(projectId))
try
{
projectId = Sanitization.SanitizeId(projectId);
}
catch
{
return new UnsupportedMediaTypeResult();
}
Expand Down
53 changes: 15 additions & 38 deletions Backend/Helper/FileStorage.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,26 +33,15 @@ protected HomeFolderNotFoundException(SerializationInfo info, StreamingContext c
: base(info, context) { }
}

/// <summary> Indicates an invalid input id. </summary>
[Serializable]
public class InvalidIdException : Exception
{
public InvalidIdException() { }

protected InvalidIdException(SerializationInfo info, StreamingContext context)
: base(info, context) { }
}

/// <summary>
/// Generate a path to the file name of an audio file for the Project based on the Word ID.
/// </summary>
/// <exception cref="InvalidIdException"> Throws when id invalid. </exception>
public static string GenerateAudioFilePathForWord(string projectId, string wordId)
{
if (!Sanitization.SanitizeId(projectId) || !Sanitization.SanitizeId(wordId))
{
throw new InvalidIdException();
}
projectId = Sanitization.SanitizeId(projectId);
wordId = Sanitization.SanitizeId(wordId);

return GenerateProjectFilePath(projectId, AudioPathSuffix, wordId, FileType.Audio);
}

Expand All @@ -62,10 +51,8 @@ public static string GenerateAudioFilePathForWord(string projectId, string wordI
/// <exception cref="InvalidIdException"> Throws when id invalid. </exception>
public static string GenerateAudioFilePath(string projectId, string fileName)
{
if (!Sanitization.SanitizeId(projectId))
{
throw new InvalidIdException();
}
projectId = Sanitization.SanitizeId(projectId);

return GenerateProjectFilePath(projectId, AudioPathSuffix, fileName);
}

Expand All @@ -75,10 +62,8 @@ public static string GenerateAudioFilePath(string projectId, string fileName)
/// <exception cref="InvalidIdException"> Throws when id invalid. </exception>
public static string GenerateAudioFileDirPath(string projectId, bool createDir = true)
{
if (!Sanitization.SanitizeId(projectId))
{
throw new InvalidIdException();
}
projectId = Sanitization.SanitizeId(projectId);

return GenerateProjectDirPath(projectId, AudioPathSuffix, createDir);
}

Expand All @@ -89,10 +74,8 @@ public static string GenerateAudioFileDirPath(string projectId, bool createDir =
/// <remarks> This function is not expected to be used often. </remarks>
public static string GenerateImportExtractedLocationDirPath(string projectId, bool createDir = true)
{
if (!Sanitization.SanitizeId(projectId))
{
throw new InvalidIdException();
}
projectId = Sanitization.SanitizeId(projectId);

return GenerateProjectDirPath(projectId, ImportExtractedLocation, createDir);
}

Expand All @@ -102,10 +85,8 @@ public static string GenerateImportExtractedLocationDirPath(string projectId, bo
/// <exception cref="InvalidIdException"> Throws when id invalid. </exception>
public static string GenerateLiftImportDirPath(string projectId, bool createDir = true)
{
if (!Sanitization.SanitizeId(projectId))
{
throw new InvalidIdException();
}
projectId = Sanitization.SanitizeId(projectId);

return GenerateProjectDirPath(projectId, LiftImportSuffix, createDir);
}

Expand All @@ -115,10 +96,8 @@ public static string GenerateLiftImportDirPath(string projectId, bool createDir
/// <exception cref="InvalidIdException"> Throws when id invalid. </exception>
public static string GenerateAvatarFilePath(string userId)
{
if (!Sanitization.SanitizeId(userId))
{
throw new InvalidIdException();
}
userId = Sanitization.SanitizeId(userId);

return GenerateFilePath(AvatarsDir, userId, FileType.Avatar);
}

Expand All @@ -128,10 +107,8 @@ public static string GenerateAvatarFilePath(string userId)
/// <exception cref="InvalidIdException"> Throws when id invalid. </exception>
public static string GetProjectDir(string projectId)
{
if (!Sanitization.SanitizeId(projectId))
{
throw new InvalidIdException();
}
projectId = Sanitization.SanitizeId(projectId);

return GenerateProjectDirPath(projectId, "", false);
}

Expand Down
Loading

0 comments on commit f9bc1e0

Please sign in to comment.