mirror of
https://github.com/adulau/hashlookup-server.git
synced 2024-11-22 01:57:08 +00:00
fix: [api:bulk] add proper check of MD5 and SHA1 value before further processing
This commit is contained in:
parent
a14e5aedf1
commit
4419052c4f
1 changed files with 26 additions and 10 deletions
|
@ -25,6 +25,22 @@ def is_hex(s):
|
||||||
except ValueError:
|
except ValueError:
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
def check_md5(value=None):
|
||||||
|
if value is None or len(value) != 32:
|
||||||
|
return False
|
||||||
|
if not is_hex(value):
|
||||||
|
return False
|
||||||
|
k = value.upper()
|
||||||
|
return k
|
||||||
|
|
||||||
|
def check_sha1(value=None):
|
||||||
|
if value is None or len(value) != 40:
|
||||||
|
return False
|
||||||
|
if not is_hex(value):
|
||||||
|
return False
|
||||||
|
k = value.upper()
|
||||||
|
return k
|
||||||
|
|
||||||
def client_info():
|
def client_info():
|
||||||
if request.environ.get('HTTP_X_FORWARDED_FOR') is None:
|
if request.environ.get('HTTP_X_FORWARDED_FOR') is None:
|
||||||
ip = request.environ['REMOTE_ADDR']
|
ip = request.environ['REMOTE_ADDR']
|
||||||
|
@ -59,11 +75,9 @@ def get_session():
|
||||||
@api.doc(description="Lookup MD5.")
|
@api.doc(description="Lookup MD5.")
|
||||||
class lookup(Resource):
|
class lookup(Resource):
|
||||||
def get(self, md5):
|
def get(self, md5):
|
||||||
if md5 is None or len(md5) != 32:
|
if check_md5(value=md5) is False:
|
||||||
return {'message': 'Expecting a MD5 hex value'}, 400
|
return {'message': 'MD5 value incorrect, expecting a MD5 value in hex format'}, 400
|
||||||
if not is_hex(md5):
|
k = check_md5(value=md5)
|
||||||
return {'message': 'MD5 is not in hex format'}, 400
|
|
||||||
k = md5.upper()
|
|
||||||
ttl = False
|
ttl = False
|
||||||
if session:
|
if session:
|
||||||
ttl = get_session()
|
ttl = get_session()
|
||||||
|
@ -110,11 +124,9 @@ class lookup(Resource):
|
||||||
@api.doc(description="Lookup SHA-1.")
|
@api.doc(description="Lookup SHA-1.")
|
||||||
class lookup(Resource):
|
class lookup(Resource):
|
||||||
def get(self, sha1):
|
def get(self, sha1):
|
||||||
if sha1 is None or len(sha1) != 40:
|
if check_sha1(value=sha1) is False:
|
||||||
return {'message': 'Expecting a SHA-1 hex value'}, 400
|
return {'message': 'SHA1 value incorrect, expecting a SHA1 value in hex format'}, 400
|
||||||
if not is_hex(sha1):
|
k = check_sha1(value=sha1)
|
||||||
return {'message': 'SHA-1 is not in hex format'}, 400
|
|
||||||
k = sha1.upper()
|
|
||||||
ttl = False
|
ttl = False
|
||||||
if session:
|
if session:
|
||||||
ttl = get_session()
|
ttl = get_session()
|
||||||
|
@ -182,6 +194,8 @@ class bulkmd5(Resource):
|
||||||
ret = []
|
ret = []
|
||||||
for val in json_data['hashes']:
|
for val in json_data['hashes']:
|
||||||
k = val.upper()
|
k = val.upper()
|
||||||
|
if check_md5(value=k) is False:
|
||||||
|
continue
|
||||||
if not rdb.exists("l:{}".format(k)):
|
if not rdb.exists("l:{}".format(k)):
|
||||||
if stats_pubsub:
|
if stats_pubsub:
|
||||||
pub_lookup(channel='nx', k=k)
|
pub_lookup(channel='nx', k=k)
|
||||||
|
@ -204,6 +218,8 @@ class bulksha1(Resource):
|
||||||
ret = []
|
ret = []
|
||||||
for val in json_data['hashes']:
|
for val in json_data['hashes']:
|
||||||
k = val.upper()
|
k = val.upper()
|
||||||
|
if check_sha1(value=k) is False:
|
||||||
|
continue
|
||||||
if not rdb.exists("h:{}".format(k)):
|
if not rdb.exists("h:{}".format(k)):
|
||||||
if stats_pubsub:
|
if stats_pubsub:
|
||||||
pub_lookup(channel='nx', k=k)
|
pub_lookup(channel='nx', k=k)
|
||||||
|
|
Loading…
Reference in a new issue