shlist

share and manage lists between multiple people
Log | Files | Refs

commit ada1b460f1fa2b8a92956f378a64ac52a555c7e4
parent bc372439252338443b7651019d55a19c96db0945
Author: kyle <kyle@0x30.net>
Date:   Fri,  1 Jan 2016 23:39:16 -0700

sl: add list id checks for join_list

- before join_list would happily try and add you to a nonexistent list
- introduce list_id_valid() which can check if a given list id is valid
- add a new test, join_list_unit, to test this message types basic
  functionality

Diffstat:
Msl | 26+++++++++++++++++++++++++-
Atests/join_list_unit/Makefile | 1+
Atests/join_list_unit/server.log.good | 12++++++++++++
Atests/join_list_unit/test.pl | 38++++++++++++++++++++++++++++++++++++++
4 files changed, 76 insertions(+), 1 deletion(-)

diff --git a/sl b/sl @@ -280,6 +280,9 @@ sub msg_join_list return "err\0$err"; } + my $err = list_id_valid($sth_ref, $list_id); + return "err\0$err" if ($err); + log_print("join_list: device '$device_id'\n"); log_print("join_list: list '$list_id'\n"); @@ -290,7 +293,8 @@ sub msg_join_list $sth{new_list_member}->execute($list_id, $device_id, $time); log_print("join_list: device '$device_id' has been added to list '$list_id'\n"); } else { - log_print("join_list: tried to create a duplicate list member entry for device $device_id and list $list_id\n"); + log_print("join_list: tried to create a duplicate list member entry for device '$device_id' and list '$list_id'\n"); + return "err\0the device is already part of this list"; } return "ok\0$list_id"; @@ -570,6 +574,23 @@ sub device_id_invalid return; } +sub list_id_valid { + my ($sth_ref, $list_id) = @_; + + unless ($list_id =~ m/^[a-zA-Z0-9+\/=]*$/) { + log_print("list_id_valid: '$list_id' not base64\n"); + return "the client sent a list id that was not base64"; + } + + $sth_ref->{list_select}->execute($list_id); + unless ($sth_ref->{list_select}->fetchrow_array()) { + log_print("list_id_valid: unknown list '$list_id'\n"); + return "the client sent an unknown list id"; + } + + return; +} + sub create_tables { my $db_handle = DBI->connect( @@ -641,6 +662,9 @@ sub prepare_stmt_handles { my $sql; # list table queries + $sql = qq{select * from lists where list_id = ?}; + $stmt_handles{list_select} = $dbh->prepare($sql); + $sql = qq{insert into lists (list_id, name, first_created, last_updated) values (?, ?, ?, ?)}; $stmt_handles{new_list} = $dbh->prepare($sql); diff --git a/tests/join_list_unit/Makefile b/tests/join_list_unit/Makefile @@ -0,0 +1 @@ +include ../test.mk diff --git a/tests/join_list_unit/server.log.good b/tests/join_list_unit/server.log.good @@ -0,0 +1,12 @@ +accepting connections on <ip>:<port> (pid = <digits>) +new connection (pid = <digits>) +ssl ok, ver = 'TLSv1_2' cipher = 'ECDHE-RSA-AES128-SHA256' +new_device: success, <digits>:<base64> os <base64> +list_id_valid: unknown list <base64> +new_list: <string> +new_list: adding first member devid = <base64> +new_list: fingerprint = <base64> +join_list: device <base64> +join_list: list <base64> +join_list: tried to create a duplicate list member entry for device <base64> and list <base64> +disconnected! diff --git a/tests/join_list_unit/test.pl b/tests/join_list_unit/test.pl @@ -0,0 +1,38 @@ +#!/usr/bin/perl -I../ +use strict; +use warnings; +use test; + +# sanity checks the join_list message + +my $socket = new_socket(); +my $phnum = rand_phnum(); + +send_msg($socket, 'new_device', "$phnum\0unix"); +my ($msg_data) = recv_msg($socket, 'new_device'); + +my $device_id = check_status($msg_data, 'ok'); + +# try joining a list that doesn't exist +send_msg($socket, 'join_list', "$device_id\0listdoesntexist"); +($msg_data) = recv_msg($socket, 'join_list'); + +my $msg = check_status($msg_data, 'err'); +my $msg_good = "the client sent an unknown list id"; + +fail "unexpected message '$msg', expected '$msg_good'" if ($msg ne $msg_good); + +# test joining a list your already in +send_msg($socket, 'new_list', "$device_id\0some new list"); +($msg_data) = recv_msg($socket, 'new_list'); + +$msg = check_status($msg_data, 'ok'); +my ($list_id) = unpack('Z*', $msg); + +send_msg($socket, 'join_list', "$device_id\0$list_id"); +($msg_data) = recv_msg($socket, 'join_list'); + +$msg = check_status($msg_data, 'err'); +$msg_good = "the device is already part of this list"; + +fail "unexpected message '$msg', expected '$msg_good'" if ($msg ne $msg_good);