From 28c2197ba7705fef3dc80b3642fd6b68399edacb Mon Sep 17 00:00:00 2001 From: Andrey Antukh Date: Thu, 20 Jun 2024 08:28:38 +0200 Subject: [PATCH] :recycle: Add string length validation to backend RPC methods fields --- backend/src/app/rpc/commands/binfile.clj | 10 ++++++---- backend/src/app/rpc/commands/comments.clj | 6 +++--- backend/src/app/rpc/commands/feedback.clj | 4 ++-- backend/src/app/rpc/commands/files.clj | 8 ++++---- backend/src/app/rpc/commands/files_create.clj | 2 +- backend/src/app/rpc/commands/files_share.clj | 4 ++-- backend/src/app/rpc/commands/files_temp.clj | 2 +- backend/src/app/rpc/commands/files_thumbnails.clj | 10 +++++----- backend/src/app/rpc/commands/files_update.clj | 2 +- backend/src/app/rpc/commands/management.clj | 4 ++-- backend/src/app/rpc/commands/media.clj | 4 ++-- backend/src/app/rpc/commands/teams.clj | 2 +- backend/src/app/rpc/commands/verify_token.clj | 2 +- 13 files changed, 31 insertions(+), 29 deletions(-) diff --git a/backend/src/app/rpc/commands/binfile.clj b/backend/src/app/rpc/commands/binfile.clj index 3f5bb931c..6b2b69c90 100644 --- a/backend/src/app/rpc/commands/binfile.clj +++ b/backend/src/app/rpc/commands/binfile.clj @@ -30,9 +30,10 @@ ;; --- Command: export-binfile -(def ^:private schema:export-binfile +(def ^:private + schema:export-binfile [:map {:title "export-binfile"} - [:name :string] + [:name [:string {:max 250}]] [:file-id ::sm/uuid] [:include-libraries :boolean] [:embed-assets :boolean]]) @@ -74,9 +75,10 @@ {:id project-id}) result)) -(def ^:private schema:import-binfile +(def ^:private + schema:import-binfile [:map {:title "import-binfile"} - [:name :string] + [:name [:string {:max 250}]] [:project-id ::sm/uuid] [:file ::media/upload]]) diff --git a/backend/src/app/rpc/commands/comments.clj b/backend/src/app/rpc/commands/comments.clj index 4949f1a43..41645a8be 100644 --- a/backend/src/app/rpc/commands/comments.clj +++ b/backend/src/app/rpc/commands/comments.clj @@ -292,7 +292,7 @@ [:map {:title "create-comment-thread"} [:file-id ::sm/uuid] [:position ::gpt/point] - [:content :string] + [:content [:string {:max 250}]] [:page-id ::sm/uuid] [:frame-id ::sm/uuid] [:share-id {:optional true} [:maybe ::sm/uuid]]]) @@ -418,7 +418,7 @@ schema:create-comment [:map {:title "create-comment"} [:thread-id ::sm/uuid] - [:content :string] + [:content [:string {:max 250}]] [:share-id {:optional true} [:maybe ::sm/uuid]]]) (sv/defmethod ::create-comment @@ -477,7 +477,7 @@ schema:update-comment [:map {:title "update-comment"} [:id ::sm/uuid] - [:content :string] + [:content [:string {:max 250}]] [:share-id {:optional true} [:maybe ::sm/uuid]]]) (sv/defmethod ::update-comment diff --git a/backend/src/app/rpc/commands/feedback.clj b/backend/src/app/rpc/commands/feedback.clj index 9bec88dde..29b79a87b 100644 --- a/backend/src/app/rpc/commands/feedback.clj +++ b/backend/src/app/rpc/commands/feedback.clj @@ -21,8 +21,8 @@ (def ^:private schema:send-user-feedback [:map {:title "send-user-feedback"} - [:subject :string] - [:content :string]]) + [:subject [:string {:max 250}]] + [:content [:string {:max 250}]]]) (sv/defmethod ::send-user-feedback {::doc/added "1.18" diff --git a/backend/src/app/rpc/commands/files.clj b/backend/src/app/rpc/commands/files.clj index b4d0e8b32..5c4c93e7d 100644 --- a/backend/src/app/rpc/commands/files.clj +++ b/backend/src/app/rpc/commands/files.clj @@ -177,7 +177,7 @@ [:features ::cfeat/features] [:has-media-trimmed :boolean] [:comment-thread-seqn {:min 0} :int] - [:name :string] + [:name [:string {:max 250}]] [:revn {:min 0} :int] [:modified-at ::dt/instant] [:is-shared :boolean] @@ -747,19 +747,19 @@ [:map {:title "RenameFileEvent"} [:id ::sm/uuid] [:project-id ::sm/uuid] - [:name :string] + [:name [:string {:max 250}]] [:created-at ::dt/instant] [:modified-at ::dt/instant]] ::sm/params [:map {:title "RenameFileParams"} - [:name {:min 1} :string] + [:name [:string {:min 1 :max 250}]] [:id ::sm/uuid]] ::sm/result [:map {:title "SimplifiedFile"} [:id ::sm/uuid] - [:name :string] + [:name [:string {:max 250}]] [:created-at ::dt/instant] [:modified-at ::dt/instant]]} diff --git a/backend/src/app/rpc/commands/files_create.clj b/backend/src/app/rpc/commands/files_create.clj index ab386eca0..b65efa3bf 100644 --- a/backend/src/app/rpc/commands/files_create.clj +++ b/backend/src/app/rpc/commands/files_create.clj @@ -88,7 +88,7 @@ (def ^:private schema:create-file [:map {:title "create-file"} - [:name :string] + [:name [:string {:max 250}]] [:project-id ::sm/uuid] [:id {:optional true} ::sm/uuid] [:is-shared {:optional true} :boolean] diff --git a/backend/src/app/rpc/commands/files_share.clj b/backend/src/app/rpc/commands/files_share.clj index 752fc0e54..98132e06e 100644 --- a/backend/src/app/rpc/commands/files_share.clj +++ b/backend/src/app/rpc/commands/files_share.clj @@ -22,8 +22,8 @@ (def ^:private schema:create-share-link [:map {:title "create-share-link"} [:file-id ::sm/uuid] - [:who-comment :string] - [:who-inspect :string] + [:who-comment [:string {:max 250}]] + [:who-inspect [:string {:max 250}]] [:pages [:set ::sm/uuid]]]) (sv/defmethod ::create-share-link diff --git a/backend/src/app/rpc/commands/files_temp.clj b/backend/src/app/rpc/commands/files_temp.clj index 4eef26214..250026076 100644 --- a/backend/src/app/rpc/commands/files_temp.clj +++ b/backend/src/app/rpc/commands/files_temp.clj @@ -35,7 +35,7 @@ (def ^:private schema:create-temp-file [:map {:title "create-temp-file"} - [:name :string] + [:name [:string {:max 250}]] [:project-id ::sm/uuid] [:id {:optional true} ::sm/uuid] [:is-shared :boolean] diff --git a/backend/src/app/rpc/commands/files_thumbnails.clj b/backend/src/app/rpc/commands/files_thumbnails.clj index 87b973643..7da22f859 100644 --- a/backend/src/app/rpc/commands/files_thumbnails.clj +++ b/backend/src/app/rpc/commands/files_thumbnails.clj @@ -85,8 +85,8 @@ ::doc/module :files ::sm/params [:map {:title "get-file-object-thumbnails"} [:file-id ::sm/uuid] - [:tag {:optional true} :string]] - ::sm/result [:map-of :string :string]} + [:tag {:optional true} [:string {:max 50}]]] + ::sm/result [:map-of [:string {:max 250}] [:string {:max 250}]]} [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id tag] :as params}] (dm/with-open [conn (db/open pool)] (files/check-read-permissions! conn profile-id file-id) @@ -275,9 +275,9 @@ schema:create-file-object-thumbnail [:map {:title "create-file-object-thumbnail"} [:file-id ::sm/uuid] - [:object-id :string] + [:object-id [:string {:max 250}]] [:media ::media/upload] - [:tag {:optional true} :string]]) + [:tag {:optional true} [:string {:max 50}]]]) (sv/defmethod ::create-file-object-thumbnail {::doc/added "1.19" @@ -316,7 +316,7 @@ (def ^:private schema:delete-file-object-thumbnail [:map {:title "delete-file-object-thumbnail"} [:file-id ::sm/uuid] - [:object-id :string]]) + [:object-id [:string {:max 250}]]]) (sv/defmethod ::delete-file-object-thumbnail {::doc/added "1.19" diff --git a/backend/src/app/rpc/commands/files_update.clj b/backend/src/app/rpc/commands/files_update.clj index b071b3f1a..f46764129 100644 --- a/backend/src/app/rpc/commands/files_update.clj +++ b/backend/src/app/rpc/commands/files_update.clj @@ -51,7 +51,7 @@ [:vector [:map [:changes [:vector ::cpc/change]] [:hint-origin {:optional true} :keyword] - [:hint-events {:optional true} [:vector :string]]]]] + [:hint-events {:optional true} [:vector [:string {:max 250}]]]]]] [:skip-validate {:optional true} :boolean]]) (def ^:private diff --git a/backend/src/app/rpc/commands/management.clj b/backend/src/app/rpc/commands/management.clj index bf7883175..afe3daad8 100644 --- a/backend/src/app/rpc/commands/management.clj +++ b/backend/src/app/rpc/commands/management.clj @@ -91,7 +91,7 @@ (sm/define [:map {:title "duplicate-file"} [:file-id ::sm/uuid] - [:name {:optional true} :string]])) + [:name {:optional true} [:string {:max 250}]]])) (sv/defmethod ::duplicate-file "Duplicate a single file in the same team." @@ -153,7 +153,7 @@ (sm/define [:map {:title "duplicate-project"} [:project-id ::sm/uuid] - [:name {:optional true} :string]])) + [:name {:optional true} [:string {:max 250}]]])) (sv/defmethod ::duplicate-project "Duplicate an entire project with all the files" diff --git a/backend/src/app/rpc/commands/media.clj b/backend/src/app/rpc/commands/media.clj index 28f96ac17..992c5d1da 100644 --- a/backend/src/app/rpc/commands/media.clj +++ b/backend/src/app/rpc/commands/media.clj @@ -47,7 +47,7 @@ [:id {:optional true} ::sm/uuid] [:file-id ::sm/uuid] [:is-local :boolean] - [:name :string] + [:name [:string {:max 250}]] [:content ::media/upload]]) (sv/defmethod ::upload-file-media-object @@ -177,7 +177,7 @@ [:is-local :boolean] [:url ::sm/uri] [:id {:optional true} ::sm/uuid] - [:name {:optional true} :string]]) + [:name {:optional true} [:string {:max 250}]]]) (sv/defmethod ::create-file-media-object-from-url {::doc/added "1.17" diff --git a/backend/src/app/rpc/commands/teams.clj b/backend/src/app/rpc/commands/teams.clj index f30bc8870..42c8ab76f 100644 --- a/backend/src/app/rpc/commands/teams.clj +++ b/backend/src/app/rpc/commands/teams.clj @@ -873,7 +873,7 @@ (def ^:private schema:create-team-with-invitations [:map {:title "create-team-with-invitations"} - [:name :string] + [:name [:string {:max 250}]] [:features {:optional true} ::cfeat/features] [:id {:optional true} ::sm/uuid] [:emails ::sm/set-of-emails] diff --git a/backend/src/app/rpc/commands/verify_token.clj b/backend/src/app/rpc/commands/verify_token.clj index de39fed79..997ba46a8 100644 --- a/backend/src/app/rpc/commands/verify_token.clj +++ b/backend/src/app/rpc/commands/verify_token.clj @@ -29,7 +29,7 @@ (def ^:private schema:verify-token [:map {:title "verify-token"} - [:token :string]]) + [:token [:string {:max 1000}]]]) (sv/defmethod ::verify-token {::rpc/auth false