From 3f7ef0f1929d739be9d4a9176f389f90e3700126 Mon Sep 17 00:00:00 2001
From: Martin <marcin.j.chrzanowski@gmail.com>
Date: Sun, 24 Nov 2019 16:53:37 +0100
Subject: Validate query names (#33)

---
 .../java/pl/edu/mimuw/cloudatlas/agent/ApiImplementation.java     | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'src/main/java/pl/edu')

diff --git a/src/main/java/pl/edu/mimuw/cloudatlas/agent/ApiImplementation.java b/src/main/java/pl/edu/mimuw/cloudatlas/agent/ApiImplementation.java
index 4ac6f5c..d2e808a 100644
--- a/src/main/java/pl/edu/mimuw/cloudatlas/agent/ApiImplementation.java
+++ b/src/main/java/pl/edu/mimuw/cloudatlas/agent/ApiImplementation.java
@@ -8,6 +8,9 @@ import java.util.List;
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
+import java.util.regex.Pattern;
+import java.util.regex.Matcher;
+
 
 import pl.edu.mimuw.cloudatlas.interpreter.Interpreter;
 import pl.edu.mimuw.cloudatlas.interpreter.InterpreterException;
@@ -58,6 +61,11 @@ public class ApiImplementation implements Api {
     }
 
     public void installQuery(String name, String queryCode) throws RemoteException {
+        Pattern queryNamePattern = Pattern.compile("&[a-zA-Z][\\w_]*");
+        Matcher matcher = queryNamePattern.matcher(name);
+        if (!matcher.matches()) {
+            throw new RemoteException("Invalid query identifier");
+        }
         try {
             ValueQuery query = new ValueQuery(queryCode);
             Attribute attributeName = new Attribute(name);
-- 
cgit v1.2.3