aboutsummaryrefslogtreecommitdiff
path: root/src/api/mod.rs
diff options
context:
space:
mode:
authorDaniel Schadt <kingdread@gmx.de>2019-12-10 13:54:12 +0100
committerDaniel Schadt <kingdread@gmx.de>2019-12-10 13:54:12 +0100
commit8212e56fd470985bcb5dca94defc40854fb95894 (patch)
treeb1689d775e4240f67a12522ad6847effe1b8ac78 /src/api/mod.rs
parentaa3ade05b974d4897fdc9c652f38afdc4585edd8 (diff)
downloadkondou-8212e56fd470985bcb5dca94defc40854fb95894.tar.gz
kondou-8212e56fd470985bcb5dca94defc40854fb95894.tar.bz2
kondou-8212e56fd470985bcb5dca94defc40854fb95894.zip
sanitize ID before accessing or sending to the API
Diffstat (limited to 'src/api/mod.rs')
-rw-r--r--src/api/mod.rs29
1 files changed, 27 insertions, 2 deletions
diff --git a/src/api/mod.rs b/src/api/mod.rs
index 41034ec..9c771fd 100644
--- a/src/api/mod.rs
+++ b/src/api/mod.rs
@@ -121,7 +121,7 @@ impl Api {
let mut api_ids: Vec<R::Id> = Vec::new();
for id in ids {
- let cache_path = format!("{}{}", cache_prefix, id.to_string());
+ let cache_path = format!("{}{}", cache_prefix, sanitize_id(&id.to_string()));
match self.get_cached(cache_path)? {
Some(cached) => result.push(cached),
None => api_ids.push(id.clone()),
@@ -133,7 +133,11 @@ impl Api {
}
let url = self.make_url(endpoint);
- let api_arg = api_ids.iter().map(ToString::to_string).join(",");
+ let api_arg = api_ids
+ .iter()
+ .map(ToString::to_string)
+ .map(|s| sanitize_id(&s))
+ .join(",");
let resp: Vec<R> = self
.client
.get(url)
@@ -212,3 +216,24 @@ impl Api {
Ok(image::load_from_memory(&img)?)
}
}
+
+fn sanitize_id(input: &str) -> String {
+ input.replace(
+ |c: char| {
+ let is_valid = c.is_ascii() && (c.is_digit(10) || c.is_alphabetic());
+ !is_valid
+ },
+ "",
+ )
+}
+
+#[cfg(test)]
+mod tests {
+ use super::*;
+
+ #[test]
+ fn test_sanitize() {
+ assert_eq!("foobar", sanitize_id("../foo/bar"));
+ assert_eq!("foo1", sanitize_id("foo1"));
+ }
+}