fix(striker-ui-api): assert init striker input data

2 years ago · 8a8b3d798f
parent 06c3b9bae4
commit 8a8b3d798f
3 changed files with 107 additions and 27 deletions
--- a/striker-ui-api/src/lib/consts/REG_EXP_PATTERNS.ts
+++ b/striker-ui-api/src/lib/consts/REG_EXP_PATTERNS.ts
@ -1,8 +1,20 @@
-const partHex = '[0-9a-f]';
+const hex = '[0-9a-f]';
+const octet = '(?:25[0-5]|(?:2[0-4]|1[0-9]|[1-9]|)[0-9])';
+const alphanumeric = '[a-z0-9]';
+const alphanumericDash = '[a-z0-9-]';
+const ipv4 = `(?:${octet}[.]){3}${octet}`;
+
+export const REP_DOMAIN = new RegExp(
+  `^(?:${alphanumeric}(?:${alphanumericDash}{0,61}${alphanumeric})?[.])+${alphanumeric}${alphanumericDash}{0,61}${alphanumeric}$`,
+);

 export const REP_INTEGER = /^\d+$/;

+export const REP_IPV4 = new RegExp(`^${ipv4}$`);
+
+export const REP_IPV4_CSV = new RegExp(`(?:${ipv4},)*${ipv4}`);
+
 export const REP_UUID = new RegExp(
-  `^${partHex}{8}-${partHex}{4}-[1-5]${partHex}{3}-[89ab]${partHex}{3}-${partHex}{12}$`,
+  `^${hex}{8}-${hex}{4}-[1-5]${hex}{3}-[89ab]${hex}{3}-${hex}{12}$`,
  'i',
 );
--- a/striker-ui-api/src/lib/request_handlers/command/initializeStriker.ts
+++ b/striker-ui-api/src/lib/request_handlers/command/initializeStriker.ts
@ -1,5 +1,12 @@
+import assert from 'assert';
 import { RequestHandler } from 'express';

+import {
+  REP_DOMAIN,
+  REP_INTEGER,
+  REP_IPV4,
+  REP_IPV4_CSV,
+} from '../../consts/REG_EXP_PATTERNS';
 import SERVER_PATHS from '../../consts/SERVER_PATHS';

 import { sub } from '../../accessModule';
@ -10,39 +17,102 @@ const fvar = (configStepCount: number, fieldName: string) =>
 const buildNetworkLinks = (
  configStepCount: number,
  networkShortName: string,
-  interfaces: NetworkInterfaceOverview[],
+  interfaces: InitializeStrikerNetworkForm['interfaces'],
 ) =>
-  interfaces.reduce<string>(
-    (reduceContainer, { networkInterfaceMACAddress }, index) =>
-      `${reduceContainer}
+  interfaces.reduce<string>((reduceContainer, iface, index) => {
+    let result = reduceContainer;
+
+    if (iface) {
+      const { networkInterfaceMACAddress } = iface;
+
+      result += `
 ${fvar(
  configStepCount,
  `${networkShortName}_link${index + 1}_mac_to_set`,
-)}=${networkInterfaceMACAddress}`,
-    '',
-  );
+)}=${networkInterfaceMACAddress}`;
+    }
+
+    return result;
+  }, '');

 export const initializeStriker: RequestHandler<
  unknown,
  undefined,
  InitializeStrikerForm
-> = (request, response) => {
+> = ({ body }, response) => {
  console.log('Begin initialize Striker.');
-  console.dir(request.body);
+  console.dir(body, { depth: null });

  const {
-    body: {
-      adminPassword,
-      domainName,
-      hostName,
-      hostNumber,
-      networkDNS,
-      networkGateway,
-      networks,
-      organizationName,
-      organizationPrefix,
-    },
-  } = request;
+    adminPassword = '',
+    domainName = '',
+    hostName = '',
+    hostNumber = 0,
+    networkDNS = '',
+    networkGateway = '',
+    networks = [],
+    organizationName = '',
+    organizationPrefix = '',
+  } = body || {};
+
+  const dataAdminPassword = String(adminPassword);
+  const dataDomainName = String(domainName);
+  const dataHostName = String(hostName);
+  const dataHostNumber = String(hostNumber);
+  const dataNetworkDNS = String(networkDNS);
+  const dataNetworkGateway = String(networkGateway);
+  const dataOrganizationName = String(organizationName);
+  const dataOrganizationPrefix = String(organizationPrefix);
+
+  try {
+    assert(
+      !/['"/\\><}{]/g.test(dataAdminPassword),
+      `Data admin password cannot contain single-quote, double-quote, slash, backslash, angle brackets, and curly brackets; got [${dataAdminPassword}]`,
+    );
+
+    assert(
+      REP_DOMAIN.test(dataDomainName),
+      `Data domain name can only contain alphanumeric, hyphen, and dot characters; got [${dataDomainName}]`,
+    );
+
+    assert(
+      REP_DOMAIN.test(dataHostName),
+      `Data host name can only contain alphanumeric, hyphen, and dot characters; got [${dataHostName}]`,
+    );
+
+    assert(
+      REP_INTEGER.test(dataHostNumber) && hostNumber > 0,
+      `Data host number can only contain digits; got [${dataHostNumber}]`,
+    );
+
+    assert(
+      REP_IPV4_CSV.test(dataNetworkDNS),
+      `Data network DNS must be a comma separated list of valid IPv4 addresses; got [${dataNetworkDNS}]`,
+    );
+
+    assert(
+      REP_IPV4.test(dataNetworkGateway),
+      `Data network gateway must be a valid IPv4 address; got [${dataNetworkGateway}]`,
+    );
+
+    assert(
+      dataOrganizationName.length > 0,
+      `Data organization name cannot be empty; got [${dataOrganizationName}]`,
+    );
+
+    assert(
+      /^[a-z0-9]{1,5}$/.test(dataOrganizationPrefix),
+      `Data organization prefix can only contain 1 to 5 lowercase alphanumeric characters; got [${dataOrganizationPrefix}]`,
+    );
+  } catch (assertError) {
+    console.log(
+      `Failed to assert value when trying to initialize striker; CAUSE: ${assertError}.`,
+    );
+
+    response.status(400).send();
+
+    return;
+  }

  try {
    sub('insert_or_update_jobs', {
@ -87,9 +157,7 @@ ${buildNetworkLinks(2, networkShortName, interfaces)}`;
      },
    }).stdout;
  } catch (subError) {
-    console.log(
-      `Failed to queue fetch server screenshot job; CAUSE: ${subError}`,
-    );
+    console.log(`Failed to queue striker initialization; CAUSE: ${subError}`);

    response.status(500).send();

--- a/striker-ui-api/src/types/InitializeStrikerForm.d.ts
+++ b/striker-ui-api/src/types/InitializeStrikerForm.d.ts
@ -1,5 +1,5 @@
 type InitializeStrikerNetworkForm = {
-  interfaces: NetworkInterfaceOverview[];
+  interfaces: Array<NetworkInterfaceOverview | null | undefined>;
  ipAddress: string;
  name: string;
  subnetMask: string;