* internal/perms: Fix grant parser bugs
This fixes two bugs in the grant parser:
1. The parser would accept "," as an output field when parsing from JSON.
This would then make it into the canonical string,
which would make it look like we had a trailing comma.
Disallow the use of a comma as an output field.
2. The parser would accept empty IDs when parsing from JSON.
Make this behavior consistent with the text behavior.
* internal/perms: also handle empty IDs in text form
* internal/perms: disallow any commas
Commas anywhere in ids or output fields corrupt
the canonical output string.
* internal/perms: disallow any reserved characters
id, ids and actions could all contain one of the
reserved characters ",", "=" or ";" when used with
JSON.
pull/3677/head
Johan Brandhorst-Satzkorn3 years agocommitted byGitHub
textErr:`perms.(Grant).unmarshalText: segment "output_fields=ids=version,name" not formatted correctly, wrong number of equal signs: parameter violation: error #100`,
},
{
name:"bad output fields comma",
jsonInput:`{"output_fields":[","]}`,
jsonErr:`perms.(Grant).unmarshalJSON: output fields cannot contain a comma, semicolon or equals sign: parameter violation: error #100`,
},
{
name:"output fields starting with comma",
jsonInput:`{"output_fields":[",something"]}`,
jsonErr:`perms.(Grant).unmarshalJSON: output fields cannot contain a comma, semicolon or equals sign: parameter violation: error #100`,
},
{
name:"output fields with comma",
jsonInput:`{"output_fields":["some,thing"]}`,
jsonErr:`perms.(Grant).unmarshalJSON: output fields cannot contain a comma, semicolon or equals sign: parameter violation: error #100`,
},
{
name:"output fields ending with comma",
jsonInput:`{"output_fields":["something,"]}`,
jsonErr:`perms.(Grant).unmarshalJSON: output fields cannot contain a comma, semicolon or equals sign: parameter violation: error #100`,
},
{
name:"segment ids semicolon",
jsonInput:`{"ids":[";"]}`,
jsonErr:`perms.(Grant).unmarshalJSON: ID cannot contain a comma, semicolon or equals sign: parameter violation: error #100`,
},
{
name:"segment ids starting with semicolon",
jsonInput:`{"ids":[";something"]}`,
jsonErr:`perms.(Grant).unmarshalJSON: ID cannot contain a comma, semicolon or equals sign: parameter violation: error #100`,
},
{
name:"segment ids with semicolon",
jsonInput:`{"ids":["some;thing"]}`,
jsonErr:`perms.(Grant).unmarshalJSON: ID cannot contain a comma, semicolon or equals sign: parameter violation: error #100`,
},
{
name:"segment ids ending with semicolon",
jsonInput:`{"ids":["something;"]}`,
jsonErr:`perms.(Grant).unmarshalJSON: ID cannot contain a comma, semicolon or equals sign: parameter violation: error #100`,
},
{
name:"segment ids equals sign",
jsonInput:`{"ids":["="]}`,
jsonErr:`perms.(Grant).unmarshalJSON: ID cannot contain a comma, semicolon or equals sign: parameter violation: error #100`,
},
{
name:"segment ids starting with equals sign",
jsonInput:`{"ids":["=something"]}`,
jsonErr:`perms.(Grant).unmarshalJSON: ID cannot contain a comma, semicolon or equals sign: parameter violation: error #100`,
},
{
name:"segment ids with equals sign",
jsonInput:`{"ids":["some=thing"]}`,
jsonErr:`perms.(Grant).unmarshalJSON: ID cannot contain a comma, semicolon or equals sign: parameter violation: error #100`,
},
{
name:"segment ids ending with equals sign",
jsonInput:`{"ids":["something="]}`,
jsonErr:`perms.(Grant).unmarshalJSON: ID cannot contain a comma, semicolon or equals sign: parameter violation: error #100`,
Johan Brandhorst-Satzkorn
3 years ago
committed by
GitHub