Merge pull request #2295 from telefonicaid/bug/0968_ngsi10_asterisk_subs

Add check for regex when isPattern is true
telefonicaid · Jun 17, 2016 · ce4f774 · ce4f774
2 parents fc3b270 + 27eafab
commit ce4f774
Show file tree

Hide file tree

Showing 8 changed files with 122 additions and 5 deletions.
diff --git a/CHANGES_NEXT_RELEASE b/CHANGES_NEXT_RELEASE
@@ -20,4 +20,5 @@
 - Fix: Correctly returning error on present but empty attribute types in PATCH v2/entites/{id} operation (Issue #1785)
 - Fix: Error returned on encountering non-existing attributes in PATCH /v2/entities/<id>/attrs (Issue #1784)
 - Fix: Error payload returned on encountering non-existing entity/attribute in PUT /v2/entities/<entity-id>/attrs/<attr-name> (Issue #1360)
+- Fix: invalid regex patterns detection (#968)
 - Fix: Better error returned on invalid geoquery (Issue #2174)
diff --git a/src/lib/cache/subCache.cpp b/src/lib/cache/subCache.cpp
@@ -81,7 +81,7 @@ EntityInfo::EntityInfo(const std::string& _entityId, const std::string& _entityT
   {
     // FIXME P5: recomp error should be captured? have a look to other usages of regcomp()
     // in order to see how it works
-    if (regcomp(&entityIdPattern, _entityId.c_str(), 0) != 0)
+    if (regcomp(&entityIdPattern, _entityId.c_str(), REG_EXTENDED) != 0)
     {
       alarmMgr.badInput(clientIp, "invalid regular expression for idPattern");
       isPattern = false;  // FIXME P6: this entity should not be let into the system. Must be stopped before.

diff --git a/src/lib/jsonParseV2/parseEntityObject.cpp b/src/lib/jsonParseV2/parseEntityObject.cpp
@@ -79,6 +79,13 @@ std::string parseEntityObject(ConnectionInfo* ciP, Value::ConstValueIterator val
         return "invalid JSON type for entity idPattern";
       }
 
+      regex_t re;
+      if (regcomp(&re, iter->value.GetString(), REG_EXTENDED) != 0)
+      {
+        return "invalid regex for entity id pattern";
+      }
+      regfree(&re);
+
       eP->id        = iter->value.GetString();
       eP->isPattern = "true";
     }

diff --git a/src/lib/jsonParseV2/parseSubscription.cpp b/src/lib/jsonParseV2/parseSubscription.cpp
@@ -348,7 +348,7 @@ static std::string parseEntitiesVector(ConnectionInfo* ciP, std::vector<EntID>*
 
         // FIXME P5: Keep the regex and propagate to sub-cache
         regex_t re;
-        if (regcomp(&re, idPattern.c_str(), 0) != 0)
+        if (regcomp(&re, idPattern.c_str(), REG_EXTENDED) != 0)
         {
           return badInput(ciP, "Invalid regex for entity id pattern");
         }

diff --git a/src/lib/mongoBackend/MongoGlobal.cpp b/src/lib/mongoBackend/MongoGlobal.cpp
@@ -580,7 +580,7 @@ bool matchEntity(const EntityId* en1, const EntityId* en2)
     regex_t regex;
 
     idMatch = false;
-    if (regcomp(&regex, en2->id.c_str(), 0) != 0)
+    if (regcomp(&regex, en2->id.c_str(), REG_EXTENDED) != 0)
     {
       std::string details = std::string("error compiling regex for id: '") + en2->id + "'";
       alarmMgr.badInput(clientIp, details);

diff --git a/src/lib/ngsi/EntityId.cpp b/src/lib/ngsi/EntityId.cpp
@@ -23,6 +23,7 @@
 * Author: Ken Zangelin
 */
 #include <string>
+#include <regex.h>
 
 #include "logMsg/logMsg.h"
 #include "logMsg/traceLevels.h"
@@ -183,6 +184,15 @@ std::string EntityId::check
     return "isPattern set to true for a registration";
   }
 
+  if (isTrue(isPattern))
+  {
+    regex_t re;
+    if (regcomp(&re, id.c_str(), REG_EXTENDED) != 0)
+    {
+      return "invalid regex for entity id pattern";
+    }
+    regfree(&re);
+  }
   return "OK";
 }
 

diff --git a/src/lib/rest/StringFilter.cpp b/src/lib/rest/StringFilter.cpp
@@ -76,7 +76,7 @@ bool StringFilterItem::fill(StringFilterItem* sfiP, std::string* errorStringP)
     // We don't know of a better way to copy the regex from sfiP, and have a question out on SOF:
     // http://stackoverflow.com/questions/36846426/best-way-of-cloning-compiled-regex-t-struct-in-c
     //
-    if (regcomp(&patternValue, stringValue.c_str(), 0) != 0)
+    if (regcomp(&patternValue, stringValue.c_str(), REG_EXTENDED) != 0)
     {
       *errorStringP = std::string("error compiling filter regex: '") + stringValue + "'";
       return false;
@@ -139,7 +139,7 @@ bool StringFilterItem::valueParse(char* s, std::string* errorStringP)
 
   if (op == SfopMatchPattern)
   {
-    if (regcomp(&patternValue, stringValue.c_str(), 0) != 0)
+    if (regcomp(&patternValue, stringValue.c_str(), REG_EXTENDED) != 0)
     {
       *errorStringP = std::string("error compiling filter regex: '") + stringValue + "'";
       return false;

diff --git a/test/functionalTest/cases/0968_ngsi10_asterisk_subs/0968_ngsi10_asterisk_subs.test b/test/functionalTest/cases/0968_ngsi10_asterisk_subs/0968_ngsi10_asterisk_subs.test
@@ -0,0 +1,99 @@
+# Copyright 2016 Telefonica Investigacion y Desarrollo, S.A.U
+#
+# This file is part of Orion Context Broker.
+#
+# Orion Context Broker is free software: you can redistribute it and/or
+# modify it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# Orion Context Broker is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero
+# General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with Orion Context Broker. If not, see http://www.gnu.org/licenses/.
+#
+# For those usages not covered by this license please contact with
+# iot_support at tid dot es
+
+# VALGRIND_READY - to mark the test ready for valgrindTestSuite.sh
+
+--NAME--
+NGSI10 subscription with invalid regex "*"
+
+--SHELL-INIT--
+dbInit CB
+brokerStart CB
+
+--SHELL--
+
+#
+# 01. Create subscription with invalid regex in idPattern
+#
+
+echo "01. Create subscription with invalid regex"
+echo "=========================================="
+payload='
+{
+    "entities": [
+        {
+            "type": "Patient",
+            "isPattern": "true",
+            "id": "*"
+        }
+    ],
+    "attributes": [
+        "Blood glucose",
+        "Body temperature",
+        "Systolic blood pressure",
+        "Diastolic blood pressure",
+        "Respiration rate",
+        "Heart rate",
+        "Blood oxygen",
+        "timestamp"
+    ],
+    "reference": "http://A.B.C.D:5999/orion2mysql",
+    "duration": "P1Y",
+    "notifyConditions": [
+        {
+            "type": "ONCHANGE",
+            "condValues": [
+                "timestamp"
+            ]
+        }
+    ],
+    "throttling": "PT1S"
+}
+'
+
+orionCurl --url /v1/subscribeContext --payload "$payload"
+echo
+echo
+
+
+--REGEXPECT--
+01. Create subscription with invalid regex
+==========================================
+HTTP/1.1 200 OK
+Content-Length: 190
+Content-Type: application/json
+Fiware-Correlator: REGEX([0-9a-f\-]{36})
+Date: REGEX(.*)
+
+{
+    "subscribeError": {
+        "errorCode": {
+            "code": "400",
+            "details": "invalid payload: invalid regex for entity id pattern",
+            "reasonPhrase": "Bad Request"
+        }
+    }
+}
+
+
+--TEARDOWN--
+brokerStop CB
+dbDrop CB
+