From 3ccb8ecd8c085275cac9bdfd6e5e4121f50c9fe6 Mon Sep 17 00:00:00 2001 From: asonix Date: Fri, 7 Jul 2023 13:33:27 -0500 Subject: [PATCH] Validate alias represents real file before setting not found --- src/lib.rs | 26 +++++++++++++++++--------- src/repo.rs | 4 ++-- 2 files changed, 19 insertions(+), 11 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index ba051cc..ca93495 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -602,14 +602,17 @@ async fn not_found_hash(repo: &R) -> Result() - .expect("Infallible"); + let Some(alias) = Alias::from_slice(not_found.as_ref()) else { + tracing::warn!("Couldn't parse not-found alias"); + return Ok(None); + }; - repo.hash(&alias) - .await - .map(|opt| opt.map(|hash| (alias, hash))) - .map_err(Error::from) + let Some(hash) = repo.hash(&alias).await? else { + tracing::warn!("No hash found for not-found alias"); + return Ok(None); + }; + + Ok(Some((alias, hash))) } /// Process files @@ -1005,8 +1008,13 @@ async fn set_not_found( ) -> Result { let alias = json.into_inner().alias; - repo.set(NOT_FOUND_KEY, Vec::from(alias.to_string()).into()) - .await?; + if repo.hash(&alias).await?.is_none() { + return Ok(HttpResponse::BadRequest().json(serde_json::json!({ + "msg": "No hash associated with provided alias" + }))); + } + + repo.set(NOT_FOUND_KEY, alias.to_bytes().into()).await?; Ok(HttpResponse::Created().json(serde_json::json!({ "msg": "ok", diff --git a/src/repo.rs b/src/repo.rs index cf60d87..1dc83e4 100644 --- a/src/repo.rs +++ b/src/repo.rs @@ -746,7 +746,7 @@ impl Alias { self.extension.as_deref() } - fn to_bytes(&self) -> Vec { + pub(crate) fn to_bytes(&self) -> Vec { let mut v = self.id.as_bytes().to_vec(); if let Some(ext) = self.extension() { @@ -756,7 +756,7 @@ impl Alias { v } - fn from_slice(bytes: &[u8]) -> Option { + pub(crate) fn from_slice(bytes: &[u8]) -> Option { if let Ok(s) = std::str::from_utf8(bytes) { Some(Self::from_existing(s)) } else if bytes.len() >= 16 {