From 3f7ef0f1929d739be9d4a9176f389f90e3700126 Mon Sep 17 00:00:00 2001 From: Martin Date: Sun, 24 Nov 2019 16:53:37 +0100 Subject: Validate query names (#33) --- .../java/pl/edu/mimuw/cloudatlas/agent/ApiImplementation.java | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'src/main/java') diff --git a/src/main/java/pl/edu/mimuw/cloudatlas/agent/ApiImplementation.java b/src/main/java/pl/edu/mimuw/cloudatlas/agent/ApiImplementation.java index 4ac6f5c..d2e808a 100644 --- a/src/main/java/pl/edu/mimuw/cloudatlas/agent/ApiImplementation.java +++ b/src/main/java/pl/edu/mimuw/cloudatlas/agent/ApiImplementation.java @@ -8,6 +8,9 @@ import java.util.List; import java.util.HashSet; import java.util.Map; import java.util.Set; +import java.util.regex.Pattern; +import java.util.regex.Matcher; + import pl.edu.mimuw.cloudatlas.interpreter.Interpreter; import pl.edu.mimuw.cloudatlas.interpreter.InterpreterException; @@ -58,6 +61,11 @@ public class ApiImplementation implements Api { } public void installQuery(String name, String queryCode) throws RemoteException { + Pattern queryNamePattern = Pattern.compile("&[a-zA-Z][\\w_]*"); + Matcher matcher = queryNamePattern.matcher(name); + if (!matcher.matches()) { + throw new RemoteException("Invalid query identifier"); + } try { ValueQuery query = new ValueQuery(queryCode); Attribute attributeName = new Attribute(name); -- cgit v1.2.3