mirrors/puter
1
0
Fork 0
mirror of https://github.com/HeyPuter/puter synced 2024-11-14 22:06:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: validate size metadata

Browse Source
This commit is contained in:
KernelDeimos 2024-06-19 16:54:06 -04:00 committed by Eric Dubé
parent 44d340d429
commit 2008db0852
3 changed files with 30 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
packages/backend/src/routers/filesystem_api/batch/all.js
View File

@ -27,6 +27,7 @@ const { BatchExecutor } = require("../../../filesystem/batch/BatchExecutor");
const { TeePromise } = require("../../../util/promise"); const { TeePromise } = require("../../../util/promise");
const { EWMA, MovingMode } = require("../../../util/opmath"); const { EWMA, MovingMode } = require("../../../util/opmath");
const { get_app } = require('../../../helpers'); const { get_app } = require('../../../helpers');
const { valid_file_size } = require("../../../util/validutil");
const commands = require('../../../filesystem/batch/commands.js').commands; const commands = require('../../../filesystem/batch/commands.js').commands;
@ -189,9 +190,11 @@ module.exports = eggspress('/batch', {
if ( fieldname === 'fileinfo' ) { if ( fieldname === 'fileinfo' ) {
const fileinfo = JSON.parse(value); const fileinfo = JSON.parse(value);
if ( fileinfo.size < 0 ) { const { v: size, ok: size_ok } = valid_file_size(fileinfo.size);
if ( ! size_ok ) {
throw APIError.create('invalid_file_metadata'); throw APIError.create('invalid_file_metadata');
} }
fileinfo.size = size;
fileinfos.push(fileinfo); fileinfos.push(fileinfo);
return; return;
} }

13
packages/backend/src/routers/filesystem_api/write.js
View File

@ -26,6 +26,7 @@ const Busboy = require('busboy');
const { TeePromise } = require('../../util/promise.js'); const { TeePromise } = require('../../util/promise.js');
const APIError = require('../../api/APIError.js'); const APIError = require('../../api/APIError.js');
const api_error_handler = require('../../api/api_error_handler.js'); const api_error_handler = require('../../api/api_error_handler.js');
const { valid_file_size } = require('../../util/validutil.js');
// -----------------------------------------------------------------------// // -----------------------------------------------------------------------//
// POST /up | /write // POST /up | /write
@ -119,9 +120,19 @@ module.exports = eggspress(['/up', '/write'], {
const { const {
filename, mimetype, filename, mimetype,
} = details; } = details;
const { v: size, ok: size_ok } =
valid_file_size(req.body.size);
if ( ! size_ok ) {
p_ready.reject(
APIError.create('invalid_file_metadata')
);
return;
}
uploaded_file = { uploaded_file = {
size: req.body.size, size: size,
name: filename, name: filename,
mimetype, mimetype,
stream, stream,

14
packages/backend/src/util/validutil.js Normal file
View File

@ -0,0 +1,14 @@
const valid_file_size = v => {
v = Number(v);
if ( ! Number.isInteger(v) ) {
return { ok: false, v };
}
if ( ! (v >= 0) ) {
return { ok: false, v };
}
return { ok: true, v };
};
module.exports = {
valid_file_size,
};