Craftadoc/clsi
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[misc] wordcount: restrict image to an allow list and add tests

Browse Source
This commit is contained in:
Jakob Ackermann
2020-06-26 13:17:45 +01:00
parent 5ed09d1a98
commit 6edb458910
4 changed files with 86 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
app/js/CompileController.js
View File

@@ -218,6 +218,13 @@ module.exports = CompileController = {
const { project_id } = req.params const { project_id } = req.params
const { user_id } = req.params const { user_id } = req.params
const { image } = req.query const { image } = req.query
if (
image &&
Settings.allowedImageNamesFlat &&
Settings.allowedImageNamesFlat.indexOf(image) === -1
) {
return res.status(400).send('invalid image')
}
logger.log({ image, file, project_id }, 'word count request') logger.log({ image, file, project_id }, 'word count request')
return CompileManager.wordcount(project_id, user_id, file, image, function( return CompileManager.wordcount(project_id, user_id, file, image, function(

29
test/acceptance/js/AllowedImageNames.js
View File

@@ -70,4 +70,33 @@ Hello world
expect(pdf).to.not.exist expect(pdf).to.not.exist
}) })
}) })
describe('wordcount', function() {
beforeEach(function(done) {
Client.compile(this.project_id, this.request, done)
})
it('should error out with an invalid imageName', function() {
Client.wordcountWithImage(
this.project_id,
'main.tex',
'something/evil:1337',
(error, result) => {
expect(String(error)).to.include('statusCode=400')
}
)
})
it('should produce a texcout a valid imageName', function() {
Client.wordcountWithImage(
this.project_id,
'main.tex',
process.env.TEXLIVE_IMAGE,
(error, result) => {
expect(error).to.not.exist
expect(result).to.exist
expect(result.texcount).to.exist
}
)
})
})
}) })

9
test/acceptance/js/helpers/Client.js
View File

@@ -189,6 +189,11 @@ module.exports = Client = {
}, },
wordcount(project_id, file, callback) { wordcount(project_id, file, callback) {
const image = undefined
Client.wordcountWithImage(project_id, file, image, callback)
},
wordcountWithImage(project_id, file, image, callback) {
if (callback == null) { if (callback == null) {
callback = function(error, pdfPositions) {} callback = function(error, pdfPositions) {}
} }
@@ -196,6 +201,7 @@ module.exports = Client = {
{ {
url: `${this.host}/project/${project_id}/wordcount`, url: `${this.host}/project/${project_id}/wordcount`,
qs: { qs: {
image,
file file
} }
}, },
@@ -203,6 +209,9 @@ module.exports = Client = {
if (error != null) { if (error != null) {
return callback(error) return callback(error)
} }
if (response.statusCode !== 200) {
return callback(new Error(`statusCode=${response.statusCode}`))
}
return callback(null, JSON.parse(body)) return callback(null, JSON.parse(body))
} }
) )

43
test/unit/js/CompileControllerTests.js
View File

@@ -12,6 +12,7 @@
const SandboxedModule = require('sandboxed-module') const SandboxedModule = require('sandboxed-module')
const sinon = require('sinon') const sinon = require('sinon')
require('chai').should() require('chai').should()
const { expect } = require('chai')
const modulePath = require('path').join( const modulePath = require('path').join(
__dirname, __dirname,
'../../../app/js/CompileController' '../../../app/js/CompileController'
@@ -287,21 +288,59 @@ describe('CompileController', function() {
this.CompileManager.wordcount = sinon this.CompileManager.wordcount = sinon
.stub() .stub()
.callsArgWith(4, null, (this.texcount = ['mock-texcount'])) .callsArgWith(4, null, (this.texcount = ['mock-texcount']))
return this.CompileController.wordcount(this.req, this.res, this.next)
}) })
it('should return the word count of a file', function() { it('should return the word count of a file', function() {
this.CompileController.wordcount(this.req, this.res, this.next)
return this.CompileManager.wordcount return this.CompileManager.wordcount
.calledWith(this.project_id, undefined, this.file, this.image) .calledWith(this.project_id, undefined, this.file, this.image)
.should.equal(true) .should.equal(true)
}) })
return it('should return the texcount info', function() { it('should return the texcount info', function() {
this.CompileController.wordcount(this.req, this.res, this.next)
return this.res.json return this.res.json
.calledWith({ .calledWith({
texcount: this.texcount texcount: this.texcount
}) })
.should.equal(true) .should.equal(true)
}) })
describe('when allowedImageNamesFlat is set', function() {
beforeEach(function() {
this.Settings.allowedImageNamesFlat = [
'repo/image:tag1',
'repo/image:tag2'
]
this.res.send = sinon.stub()
this.res.status = sinon.stub().returns({ send: this.res.send })
})
describe('with an invalid image', function() {
beforeEach(function() {
this.req.query.image = 'something/evil:1337'
this.CompileController.wordcount(this.req, this.res, this.next)
})
it('should return a 400', function() {
expect(this.res.status.calledWith(400)).to.equal(true)
})
it('should not run the query', function() {
expect(this.CompileManager.wordcount.called).to.equal(false)
})
})
describe('with a valid image', function() {
beforeEach(function() {
this.req.query.image = 'repo/image:tag1'
this.CompileController.wordcount(this.req, this.res, this.next)
})
it('should not return a 400', function() {
expect(this.res.status.calledWith(400)).to.equal(false)
})
it('should run the query', function() {
expect(this.CompileManager.wordcount.called).to.equal(true)
})
})
})
}) })
}) })