Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Validate source/destination indices correctly in nodejs support #5595

Merged
merged 9 commits into from
Jan 28, 2021
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
validate source/destination indices correctly
  • Loading branch information
karenzshea committed Nov 6, 2019

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
commit d3aad767ec24a17f72bc0f6ffc46c07703b0352e
8 changes: 4 additions & 4 deletions include/nodejs/node_osrm_support.hpp
Original file line number Diff line number Diff line change
@@ -1182,10 +1182,10 @@ argumentsToTableParameter(const Nan::FunctionCallbackInfo<v8::Value> &args,
if (source->IsUint32())
{
size_t source_value = static_cast<size_t>(source->NumberValue());
if (source_value > params->coordinates.size())
if (source_value >= params->coordinates.size())
{
Nan::ThrowError(
"Source indices must be less than or equal to the number of coordinates");
"Source indices must be less than the number of coordinates");
return table_parameters_ptr();
}

@@ -1221,9 +1221,9 @@ argumentsToTableParameter(const Nan::FunctionCallbackInfo<v8::Value> &args,
if (destination->IsUint32())
{
size_t destination_value = static_cast<size_t>(destination->NumberValue());
if (destination_value > params->coordinates.size())
if (destination_value >= params->coordinates.size())
{
Nan::ThrowError("Destination indices must be less than or equal to the number "
Nan::ThrowError("Destination indices must be less than the number "
"of coordinates");
return table_parameters_ptr();
}
12 changes: 9 additions & 3 deletions test/nodejs/table.js
Original file line number Diff line number Diff line change
@@ -130,7 +130,7 @@ tables.forEach(function(annotation) {
});

test('table: ' + annotation + ' throws on invalid arguments', function(assert) {
assert.plan(15);
assert.plan(17);
var osrm = new OSRM(data_path);
var options = {annotations: [annotation.slice(0,-1)]};
assert.throws(function() { osrm.table(options); },
@@ -157,21 +157,27 @@ tables.forEach(function(annotation) {
/Sources must be an array of indices \(or undefined\)/);
options.sources = [0, 4];
assert.throws(function() { osrm.table(options, function(err, response) {}) },
/Source indices must be less than or equal to the number of coordinates/);
/Source indices must be less than the number of coordinates/);
options.sources = [0.3, 1.1];
assert.throws(function() { osrm.table(options, function(err, response) {}) },
/Source must be an integer/);
options.sources = [0, 1, 2];
assert.throws(function() { osrm.table(options, function(err, response) {}) },
/Source indices must be less than the number of coordinates/);

options.destinations = true;
delete options.sources;
assert.throws(function() { osrm.table(options, function(err, response) {}) },
/Destinations must be an array of indices \(or undefined\)/);
options.destinations = [0, 4];
assert.throws(function() { osrm.table(options, function(err, response) {}) },
/Destination indices must be less than or equal to the number of coordinates/);
/Destination indices must be less than the number of coordinates/);
options.destinations = [0.3, 1.1];
assert.throws(function() { osrm.table(options, function(err, response) {}) },
/Destination must be an integer/);
options.destinations = [0, 4];
assert.throws(function() { osrm.table(options, function(err, response) {}) },
/Destination indices must be less than the number of coordinates/);

// does not throw: the following two have been changed in OSRM v5
options.sources = [0, 1];
2 changes: 2 additions & 0 deletions unit_tests/server/parameters_parser.cpp
Original file line number Diff line number Diff line change
@@ -108,6 +108,8 @@ BOOST_AUTO_TEST_CASE(invalid_table_urls)
BOOST_CHECK_EQUAL(
testInvalidOptions<TableParameters>("1,2;3,4?annotations=durations&fallback_speed=-1"),
28UL);
BOOST_CHECK_EQUAL(testInvalidOptions<TableParameters>("1,2;3,4?sources=2"), 7UL);
BOOST_CHECK_EQUAL(testInvalidOptions<TableParameters>("1,2;3,4?destinations=2"), 7UL);
}

BOOST_AUTO_TEST_CASE(valid_route_hint)