diff options
author | Martin <marcin.j.chrzanowski@gmail.com> | 2019-11-24 16:53:37 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-11-24 16:53:37 +0100 |
commit | 3f7ef0f1929d739be9d4a9176f389f90e3700126 (patch) | |
tree | 9c8ae44787f2b9a5d6974200050c36fef40fe962 | |
parent | d8c3798d068aa2e128ca7a43a9451ce6d87cc230 (diff) |
Validate query names (#33)
-rw-r--r-- | src/main/java/pl/edu/mimuw/cloudatlas/agent/ApiImplementation.java | 8 | ||||
-rw-r--r-- | src/test/java/pl/edu/mimuw/cloudatlas/agent/ApiImplementationTests.java | 12 |
2 files changed, 20 insertions, 0 deletions
diff --git a/src/main/java/pl/edu/mimuw/cloudatlas/agent/ApiImplementation.java b/src/main/java/pl/edu/mimuw/cloudatlas/agent/ApiImplementation.java index 4ac6f5c..d2e808a 100644 --- a/src/main/java/pl/edu/mimuw/cloudatlas/agent/ApiImplementation.java +++ b/src/main/java/pl/edu/mimuw/cloudatlas/agent/ApiImplementation.java @@ -8,6 +8,9 @@ import java.util.List; import java.util.HashSet; import java.util.Map; import java.util.Set; +import java.util.regex.Pattern; +import java.util.regex.Matcher; + import pl.edu.mimuw.cloudatlas.interpreter.Interpreter; import pl.edu.mimuw.cloudatlas.interpreter.InterpreterException; @@ -58,6 +61,11 @@ public class ApiImplementation implements Api { } public void installQuery(String name, String queryCode) throws RemoteException { + Pattern queryNamePattern = Pattern.compile("&[a-zA-Z][\\w_]*"); + Matcher matcher = queryNamePattern.matcher(name); + if (!matcher.matches()) { + throw new RemoteException("Invalid query identifier"); + } try { ValueQuery query = new ValueQuery(queryCode); Attribute attributeName = new Attribute(name); diff --git a/src/test/java/pl/edu/mimuw/cloudatlas/agent/ApiImplementationTests.java b/src/test/java/pl/edu/mimuw/cloudatlas/agent/ApiImplementationTests.java index d98377c..c964ed9 100644 --- a/src/test/java/pl/edu/mimuw/cloudatlas/agent/ApiImplementationTests.java +++ b/src/test/java/pl/edu/mimuw/cloudatlas/agent/ApiImplementationTests.java @@ -102,6 +102,18 @@ public class ApiImplementationTests { assertAttributeInZmiEquals("num_processes", new ValueInt(799l), "/"); } + @Test + public void testInstallQueryWithInvalidNameFails() throws Exception { + String name = "query"; + String queryCode = "SELECT 1 AS one"; + try { + api.installQuery(name, queryCode); + assertTrue("should have thrown", false); + } catch (Exception e) { + assertEquals("Invalid query identifier", e.getMessage()); + } + } + public void assertAttributeInZmiEquals(String attribute, Value expected, String zmiPath) throws Exception { AttributesMap attributes = api.getZoneAttributeValues(zmiPath); assertEquals(expected, attributes.get(attribute)); |