aboutsummaryrefslogtreecommitdiffhomepage
path: root/experimental
diff options
context:
space:
mode:
authorGravatar commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81>2014-04-15 00:43:51 +0000
committerGravatar commit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81>2014-04-15 00:43:51 +0000
commit4bd8fdc04c143e3c43a0e48a5444da02cacf1803 (patch)
tree2ff5938536506492162ccdc817e7e30991f8f1d5 /experimental
parent479bad560a10178b82406072a194ab5008299c7e (diff)
More sanitizing input.
Also fix issue with parsing time on MySQL. BUG=skia: R=mtklein@google.com Author: jcgregorio@google.com Review URL: https://codereview.chromium.org/235953008 git-svn-id: http://skia.googlecode.com/svn/trunk@14195 2bbb7eff-a529-9590-31e7-b0007b416f81
Diffstat (limited to 'experimental')
-rw-r--r--experimental/webtry/webtry.go30
1 files changed, 27 insertions, 3 deletions
diff --git a/experimental/webtry/webtry.go b/experimental/webtry/webtry.go
index 008ea82929..1b678ecb77 100644
--- a/experimental/webtry/webtry.go
+++ b/experimental/webtry/webtry.go
@@ -34,6 +34,8 @@ p.setStrokeWidth(10);
canvas->drawLine(20, 20, 100, 100, p);
`
+ // Don't increase above 2^16 w/o altering the db tables to accept something bigger than TEXT.
+ MAX_TRY_SIZE = 64000
)
var (
@@ -115,7 +117,7 @@ func init() {
// The IP address of the database is found here:
// https://console.developers.google.com/project/31977622648/sql/instances/webtry/overview
// And 3306 is the default port for MySQL.
- db, err = sql.Open("mysql", fmt.Sprintf("webtry:%s@tcp(173.194.83.52:3306)/webtry", password))
+ db, err = sql.Open("mysql", fmt.Sprintf("webtry:%s@tcp(173.194.83.52:3306)/webtry?parseTime=true", password))
if err != nil {
log.Printf("ERROR: Failed to open connection to SQL server: %q\n", err)
panic(err)
@@ -292,6 +294,17 @@ func recentHandler(w http.ResponseWriter, r *http.Request) {
}
}
+// hasPreProcessor returns true if any line in the code begins with a # char.
+func hasPreProcessor(code string) bool {
+ lines := strings.Split(code, "\n")
+ for _, s := range lines {
+ if strings.HasPrefix(strings.TrimSpace(s), "#") {
+ return true
+ }
+ }
+ return false
+}
+
// mainHandler handles the GET and POST of the main page.
func mainHandler(w http.ResponseWriter, r *http.Request) {
log.Printf("Main Handler: %q\n", r.URL.Path)
@@ -316,12 +329,23 @@ func mainHandler(w http.ResponseWriter, r *http.Request) {
}
} else if r.Method == "POST" {
w.Header().Set("Content-Type", "application/json")
- b, err := ioutil.ReadAll(r.Body)
+ buf := bytes.NewBuffer(make([]byte, 0, MAX_TRY_SIZE))
+ n, err := buf.ReadFrom(r.Body)
if err != nil {
reportError(w, r, err, "Failed to read a request body.")
return
}
- code := string(b)
+ if n == MAX_TRY_SIZE {
+ err := fmt.Errorf("Code length equal to, or exceeded, %d", MAX_TRY_SIZE)
+ reportError(w, r, err, "Code too large.")
+ return
+ }
+ code := string(buf.Bytes())
+ if hasPreProcessor(code) {
+ err := fmt.Errorf("Found preprocessor macro in code.")
+ reportError(w, r, err, "Preprocessor macros aren't allowed.")
+ return
+ }
hash, err := expandCode(LineNumbers(code))
if err != nil {
reportError(w, r, err, "Failed to write the code to compile.")