added some input validation

2017-06-26 12:42:49 +02:00 · 2017-06-26 12:42:49 +02:00 · bd04c143c6
commit bd04c143c6
parent 8c663d97a9
1 changed files with 17 additions and 0 deletions
--- a/backend/api.go
+++ b/backend/api.go
@ -179,6 +179,18 @@ func validateQueryString(req *http.Request, key string) (string, error) {
 	return value, nil
 }

+// Helper: Validate prefix query
+func validatePrefixQuery(value string) (string, error) {
+
+	// Query constraints: Should at least include a dot or colon
+	if strings.Index(value, ".") == -1 &&
+		strings.Index(value, ":") == -1 {
+		return "", fmt.Errorf("Query needs at least a ':' or '.'")
+	}
+
+	return value, nil
+}
+
 // Handle status
 func apiStatus(_req *http.Request, params httprouter.Params) (api.Response, error) {
 	rsId, err := validateSourceId(params.ByName("id"))
@ -221,6 +233,11 @@ func apiLookupPrefixGlobal(req *http.Request, params httprouter.Params) (api.Res
 		return nil, err
 	}

+	prefix, err = validatePrefixQuery(prefix)
+	if err != nil {
+		return nil, err
+	}
+
 	// Make response
 	t0 := time.Now()
 	routes := AliceRoutesStore.Lookup(prefix)