diff options
author | Daniel Schadt <kingdread@gmx.de> | 2019-12-10 13:54:12 +0100 |
---|---|---|
committer | Daniel Schadt <kingdread@gmx.de> | 2019-12-10 13:54:12 +0100 |
commit | 8212e56fd470985bcb5dca94defc40854fb95894 (patch) | |
tree | b1689d775e4240f67a12522ad6847effe1b8ac78 /src/api | |
parent | aa3ade05b974d4897fdc9c652f38afdc4585edd8 (diff) | |
download | kondou-8212e56fd470985bcb5dca94defc40854fb95894.tar.gz kondou-8212e56fd470985bcb5dca94defc40854fb95894.tar.bz2 kondou-8212e56fd470985bcb5dca94defc40854fb95894.zip |
sanitize ID before accessing or sending to the API
Diffstat (limited to 'src/api')
-rw-r--r-- | src/api/mod.rs | 29 |
1 files changed, 27 insertions, 2 deletions
diff --git a/src/api/mod.rs b/src/api/mod.rs index 41034ec..9c771fd 100644 --- a/src/api/mod.rs +++ b/src/api/mod.rs @@ -121,7 +121,7 @@ impl Api { let mut api_ids: Vec<R::Id> = Vec::new(); for id in ids { - let cache_path = format!("{}{}", cache_prefix, id.to_string()); + let cache_path = format!("{}{}", cache_prefix, sanitize_id(&id.to_string())); match self.get_cached(cache_path)? { Some(cached) => result.push(cached), None => api_ids.push(id.clone()), @@ -133,7 +133,11 @@ impl Api { } let url = self.make_url(endpoint); - let api_arg = api_ids.iter().map(ToString::to_string).join(","); + let api_arg = api_ids + .iter() + .map(ToString::to_string) + .map(|s| sanitize_id(&s)) + .join(","); let resp: Vec<R> = self .client .get(url) @@ -212,3 +216,24 @@ impl Api { Ok(image::load_from_memory(&img)?) } } + +fn sanitize_id(input: &str) -> String { + input.replace( + |c: char| { + let is_valid = c.is_ascii() && (c.is_digit(10) || c.is_alphabetic()); + !is_valid + }, + "", + ) +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_sanitize() { + assert_eq!("foobar", sanitize_id("../foo/bar")); + assert_eq!("foo1", sanitize_id("foo1")); + } +} |