From bfc8039a974bec3dd382ec8c64cc93dfd002a498 Mon Sep 17 00:00:00 2001 From: kaotisk Date: Fri, 1 Sep 2023 09:23:14 +0300 Subject: Double check the input --- api/routes/getZblock/index.js | 56 ++++++++++++++++++++++++------------------- 1 file changed, 31 insertions(+), 25 deletions(-) diff --git a/api/routes/getZblock/index.js b/api/routes/getZblock/index.js index 878c240..c975594 100644 --- a/api/routes/getZblock/index.js +++ b/api/routes/getZblock/index.js @@ -11,38 +11,44 @@ const config = require("../../config"); * */ function fetchZblock(zblock, res){ - const command = spawn("ak-zblock-cache",[zblock]); - command.stdout.on("data", data => { - }); + regex= /Qm[A-Za-z0-9]{44}/; + if (regex.test(req.params.zblock)){ + const command = spawn("ak-zblock-cache",[zblock]); + command.stdout.on("data", data => { + }); - command.stderr.on("data", data => { - console.log(`stderr: ${data}`); - }); + command.stderr.on("data", data => { + console.log(`stderr: ${data}`); + }); - command.on('error', (error) => { - console.log(`error: ${error.message}`); - }); + command.on('error', (error) => { + console.log(`error: ${error.message}`); + }); - command.on("close", code => { - console.log(`child process exited with code ${code}`); + command.on("close", code => { + console.warn(`child process exited with code ${code}`); - if ( code === 0 ) { - const path = config.cacheDir+"/fzblocks/"+zblock; - console.log(path) - try { - if(fs.existsSync(path)){ - res.send(JSON.parse(fs.readFileSync(path))); + if ( code === 0 ) { + const path = config.cacheDir+"/fzblocks/"+zblock; + console.log(path) + try { + if(fs.existsSync(path)){ + res.send(JSON.parse(fs.readFileSync(path))); + } + } catch (error) { + res.send({"error":error.message}); } - } catch (error) { - res.send({"error":error.message}); + } else if ( code === 2){ + res.send({"error":"The roof is on fire"}); + } else { + res.send({"error":"invalid or unreachable"}); } - } else if ( code === 2){ - res.send({"error":"The roof is on fire"}); - } else { - res.send({"error":"invalid or unreachable"}); - } - }); + }); + } else { + res.send({error:"Invalid data: regexp failed to pass"}); + } }; + module.exports = (req, res) => { console.log(req.params) if ( (req.params.zblock) && req.params.zblock.length === 46 ){ -- cgit v1.2.3