github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2024-09-16 02:52:31 -04:00
Code Issues Projects Releases Packages Wiki Activity

check for null bytes from JSON.stringify

Browse source
This commit is contained in:
Brian Gough 2017-06-01 11:27:56 +01:00
parent db824d9730
commit ab6fe1d948
2 changed files with 26 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
services/real-time/app/coffee/DocumentUpdaterManager.coffee
View file

@ -54,6 +54,10 @@ module.exports = DocumentUpdaterManager =
queueChange: (project_id, doc_id, change, callback = ()->)-> queueChange: (project_id, doc_id, change, callback = ()->)->
jsonChange = JSON.stringify change jsonChange = JSON.stringify change
if jsonChange.indexOf("\u0000") != -1
error = new Error("null bytes found in op")
logger.error err: error, project_id: project_id, doc_id: doc_id, jsonChange: jsonChange, error.message
return callback(error)
doc_key = "#{project_id}:#{doc_id}" doc_key = "#{project_id}:#{doc_id}"
# Push onto pendingUpdates for doc_id first, because once the doc updater # Push onto pendingUpdates for doc_id first, because once the doc updater
# gets an entry on pending-updates-list, it starts processing. # gets an entry on pending-updates-list, it starts processing.

30
services/real-time/test/unit/coffee/DocumentUpdaterManagerTests.coffee
View file

@ -17,14 +17,17 @@ describe 'DocumentUpdaterManager', ->
pendingUpdates: ({doc_id}) -> "PendingUpdates:#{doc_id}" pendingUpdates: ({doc_id}) -> "PendingUpdates:#{doc_id}"
@rclient = {auth:->} @rclient = {auth:->}
@DocumentUpdaterManager = SandboxedModule.require modulePath, requires: @DocumentUpdaterManager = SandboxedModule.require modulePath,
'settings-sharelatex':@settings requires:
'logger-sharelatex': @logger = {log: sinon.stub(), error: sinon.stub(), warn: sinon.stub()} 'settings-sharelatex':@settings
'request': @request = {} 'logger-sharelatex': @logger = {log: sinon.stub(), error: sinon.stub(), warn: sinon.stub()}
'redis-sharelatex' : createClient: () => @rclient 'request': @request = {}
'metrics-sharelatex': @Metrics = 'redis-sharelatex' : createClient: () => @rclient
Timer: class Timer 'metrics-sharelatex': @Metrics =
done: () -> Timer: class Timer
done: () ->
globals:
JSON: @JSON = Object.create(JSON) # avoid modifying JSON object directly
describe "getDocument", -> describe "getDocument", ->
beforeEach -> beforeEach ->
@ -147,3 +150,14 @@ describe 'DocumentUpdaterManager', ->
it "should return an error", -> it "should return an error", ->
@callback.calledWithExactly(sinon.match(Error)).should.equal true @callback.calledWithExactly(sinon.match(Error)).should.equal true
describe "with null byte corruption", ->
beforeEach ->
@JSON.stringify = () -> return '["bad bytes! \u0000 <- here"]'
@DocumentUpdaterManager.queueChange(@project_id, @doc_id, @change, @callback)
it "should return an error", ->
@callback.calledWithExactly(sinon.match(Error)).should.equal true
it "should not push the change onto the pending-updates-list queue", ->
@rclient.rpush.called.should.equal false