Commit ee667a99 authored by Volker Krause's avatar Volker Krause
Browse files

Harden and test input processing in SchemaEntry

parent 31c6388c
......@@ -43,9 +43,9 @@ class SchemaEntry
{
if ($this->type != self::SCALAR_TPYE && $this->type != self::LIST_TYPE && $this->type != self::MAP_TYPE)
return false;
if ($this->name != "")
return true;
return false;
if (!Utils::isValidIdentifier($this->name))
return false;
return true;
}
/** Checks if this is a scalar type, ie. samples go into the primary data table. */
......@@ -188,7 +188,8 @@ class SchemaEntry
$e->name = strval($jsonObj->name);
$e->type = strval($jsonObj->type);
$e->aggregationType = strval($jsonObj->aggregationType);
$e->elements = SchemaEntryElement::fromJson($jsonObj->elements, $e);
if (property_exists($jsonObj, 'elements'))
$e->elements = SchemaEntryElement::fromJson($jsonObj->elements, $e);
if (!$e->isValid())
throw new RESTException('Invalid schema entry.', 400);
array_push($entries, $e);
......
......@@ -31,6 +31,7 @@ add_test(NAME providertest COMMAND providertest)
set(php_test_srcs
utilstest.php
schemaentrytest.php
producttest.php
sampletest.php
surveytest.php
......
<?php
/*
Copyright (C) 2016 Volker Krause <vkrause@kde.org>
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU Library General Public License as published by
the Free Software Foundation; either version 2 of the License, or (at your
option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
require_once('../../server/shared/product.php');
require_once('../../server/shared/schemaentry.php');
class UtilTest extends PHPUnit_Framework_TestCase
{
public function testDataTableName_data()
{
return [
'normal' => [ 'foo', 'product_org_kde_TestProduct_foo' ],
'dot' => [ 'my.value', 'product_org_kde_TestProduct_my_value' ]
];
}
/** @dataProvider testDataTableName_data */
public function testDataTableName($input, $output)
{
$p = new Product;
$p->name = 'org.kde.TestProduct';
$se = new SchemaEntry($p);
$se->name = $input;
$this->assertEquals($output, $se->dataTableName());
}
public function testInvalidJson_data()
{
return [
'empty' => [ '{}' ],
'empty name' => [ '{ "name": "", "type": "scalar", "aggregationType": "none" }' ],
'empty type' => [ '{ "name": "foo", "type": "", "aggregationType": "none" }' ],
'invalid type' => [ '{ "name": "foo", "type": "bla", "aggregationType": "none" }' ],
'invalid name' => [ '{ "name": " foo ", "type": "scalar", "aggregationType": "none" }' ],
'invalid name 2' => [ '{ "name": "1foo ", "type": "scalar", "aggregationType": "none" }' ]
];
}
/**
* @dataProvider testInvalidJson_data
* @expectedException RESTException
* @exceptedExceptionCode 400
*/
public function testInvalidJson($input)
{
$p = new Product;
$se = SchemaEntry::fromJson(json_decode('[ ' . $input . ' ]'), $p);
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment