Browse Source

Add length checks for inputs

This commit replaces the type check modules used in the model with
manually defined isa refs to check length.  The secret and
passphrase attributes in the model still only check for non empty
string since the string can vary between initializing and getting
data from the column.  The id and created_at attributes now verify
length, however, since their lengths will be static.

The root post route is now checking the secret string for max
10000 length, and passphrase for max 100 length, so checks for max
length are being done there.
add-test-db-and-override
Blaine Motsinger 1 year ago
parent
commit
07c68ae02b
  1. 2
      cpanfile
  2. 12
      lib/Pasteburn/Controller/Root.pm
  3. 35
      lib/Pasteburn/Model/Secrets.pm
  4. 2
      t/000_deps.t

2
cpanfile

@ -16,8 +16,6 @@ requires 'Session::Storage::Secure';
requires 'Template::Toolkit';
requires 'Time::Piece';
requires 'Try::Tiny';
requires 'Types::Common::Numeric';
requires 'Types::Common::String';
requires 'namespace::clean';
requires 'strictures';

12
lib/Pasteburn/Controller/Root.pm

@ -28,6 +28,18 @@ post q{/} => sub {
return template root => $template_params;
}
if ( length $secret > 10000 ) {
$template_params->{message} = 'The secret parameter cannot be greater than 10000';
response->{status} = HTTP::Status::HTTP_BAD_REQUEST;
return template root => $template_params;
}
if ( length $passphrase > 100 ) {
$template_params->{message} = 'The passphrase parameter cannot be greater than 100';
response->{status} = HTTP::Status::HTTP_BAD_REQUEST;
return template root => $template_params;
}
my $secret_obj = Pasteburn::Model::Secrets->new( secret => $secret, passphrase => $passphrase );
$secret_obj->store;

35
lib/Pasteburn/Model/Secrets.pm

@ -2,9 +2,6 @@ package Pasteburn::Model::Secrets;
use strictures version => 2;
use Types::Common::String qw{ NonEmptyStr };
use Types::Common::Numeric qw{ PositiveInt };
use Pasteburn::DB ();
use Time::Piece;
@ -22,28 +19,44 @@ use namespace::clean;
our $VERSION = '0.001';
has id => (
is => 'rwp',
isa => NonEmptyStr,
is => 'rwp',
isa => sub {
if ( length $_[0] != 64 ) {
die "id must have a length == 64\n";
}
},
writer => '_set_id',
);
has passphrase => (
is => 'rw',
required => 1,
isa => NonEmptyStr,
writer => '_set_passphrase',
isa => sub {
if ( !defined $_[0] ) {
die "passphrase must be a non empty string\n";
}
},
writer => '_set_passphrase',
);
has secret => (
is => 'rw',
required => 1,
isa => NonEmptyStr,
writer => '_set_secret',
isa => sub {
if ( !defined $_[0] ) {
die "secret must be a non empty string\n";
}
},
writer => '_set_secret',
);
has created_at => (
is => 'rwp',
isa => PositiveInt,
is => 'rwp',
isa => sub {
if ( length $_[0] != 10 ) {
die "created_at must have a length == 10\n";
}
},
writer => '_set_created_at',
);

2
t/000_deps.t

@ -22,8 +22,6 @@ my @required_modules = qw{
Template::Toolkit
Time::Piece
Try::Tiny
Types::Common::Numeric
Types::Common::String
namespace::clean
strictures
};

Loading…
Cancel
Save