Skip to content
Snippets Groups Projects
Unverified Commit 07c3981d authored by xgui3783's avatar xgui3783 Committed by GitHub
Browse files

Merge pull request #289 from HumanBrainProject/chore/handlePoisonedEncoding 

chore: handle poisoned char
parents 5f62f735 0b384590
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/atlasViewer/atlasViewer.constantService.service.spec.ts
+ 22
0
View file @ 07c3981d
......@@ -107,4 +107,26 @@ describe('encodeNumber/decodeToNumber', () => {
expect(floatNums.map(v => v.toFixed(FLOAT_PRECISION))).toEqual(decodedNumber.map(n => n.toFixed(FLOAT_PRECISION)))
})
it('poisoned hash should throw', () => {
const illegialCharacters = './\\?#!@#^%&*()+={}[]\'"\n\t;:'
for (let char of illegialCharacters.split('')) {
expect(function (){
decodeToNumber(char)
}).toThrow()
}
})
it('poisoned hash can be caught', () => {
const testArray = ['abc', './\\', 'Cde']
const decodedNum = testArray.map(v => {
try {
return decodeToNumber(v)
} catch (e) {
return null
}
}).filter(v => !!v)
expect(decodedNum.length).toEqual(2)
})
})
\ No newline at end of file
src/atlasViewer/atlasViewer.constantService.service.ts
+ 4
3
View file @ 07c3981d
......@@ -312,8 +312,7 @@ const negString = '~'
const encodeInt = (number: number) => {
if (number % 1 !== 0) throw 'cannot encodeInt on a float. Ensure float flag is set'
if (isNaN(Number(number)) || number === null || number === Number.POSITIVE_INFINITY)
throw 'The input is not valid'
if (isNaN(Number(number)) || number === null || number === Number.POSITIVE_INFINITY) throw 'The input is not valid'
let rixit // like 'digit', only in some non-decimal radix
let residual
......@@ -370,7 +369,9 @@ const decodetoInt = (encodedString: string) => {
_encodedString = encodedString
}
return (negFlag ? -1 : 1) * [..._encodedString].reduce((acc,curr) => {
return acc * 64 + cipher.indexOf(curr)
const index = cipher.indexOf(curr)
if (index < 0) throw new Error(`Poisoned b64 encoding ${encodedString}`)
return acc * 64 + index
}, 0)
}
......
src/atlasViewer/atlasViewer.urlService.service.ts
+ 33
17
View file @ 07c3981d
......@@ -170,7 +170,16 @@ export class AtlasViewerURLService{
for (let ngId in json) {
const val = json[ngId]
const labelIndicies = val.split(separator).map(n =>decodeToNumber(n))
const labelIndicies = val.split(separator).map(n =>{
try{
return decodeToNumber(n)
} catch (e) {
/**
* TODO poisonsed encoded char, send error message
*/
return null
}
}).filter(v => !!v)
for (let labelIndex of labelIndicies) {
selectRegionIds.push(`${ngId}#${labelIndex}`)
}
......@@ -208,22 +217,29 @@ export class AtlasViewerURLService{
const cViewerState = searchparams.get('cNavigation')
if (cViewerState) {
const [ cO, cPO, cPZ, cP, cZ ] = cViewerState.split(`${separator}${separator}`)
const o = cO.split(separator).map(s => decodeToNumber(s, {float: true}))
const po = cPO.split(separator).map(s => decodeToNumber(s, {float: true}))
const pz = decodeToNumber(cPZ)
const p = cP.split(separator).map(s => decodeToNumber(s))
const z = decodeToNumber(cZ)
this.store.dispatch({
type : CHANGE_NAVIGATION,
navigation : {
orientation: o,
perspectiveOrientation: po,
perspectiveZoom: pz,
position: p,
zoom: z
}
})
try {
const [ cO, cPO, cPZ, cP, cZ ] = cViewerState.split(`${separator}${separator}`)
const o = cO.split(separator).map(s => decodeToNumber(s, {float: true}))
const po = cPO.split(separator).map(s => decodeToNumber(s, {float: true}))
const pz = decodeToNumber(cPZ)
const p = cP.split(separator).map(s => decodeToNumber(s))
const z = decodeToNumber(cZ)
this.store.dispatch({
type : CHANGE_NAVIGATION,
navigation : {
orientation: o,
perspectiveOrientation: po,
perspectiveZoom: pz,
position: p,
zoom: z
}
})
} catch (e) {
/**
* TODO Poisoned encoded char
* send error message
*/
}
}
const niftiLayers = searchparams.get('niftiLayers')
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment