Page MenuHomePhabricator

D12387.diff
No OneTemporary

D12387.diff

diff --git a/keyserver/src/endpoints.js b/keyserver/src/endpoints.js
--- a/keyserver/src/endpoints.js
+++ b/keyserver/src/endpoints.js
@@ -519,6 +519,7 @@
obj[endpoint].inputValidator,
endpointValidators[endpoint].validator,
obj[endpoint].policies,
+ endpoint,
);
result[endpoint] = responder;
});
diff --git a/keyserver/src/responders/comm-landing-responders.js b/keyserver/src/responders/comm-landing-responders.js
--- a/keyserver/src/responders/comm-landing-responders.js
+++ b/keyserver/src/responders/comm-landing-responders.js
@@ -22,7 +22,11 @@
throw new ServerError('invalid_parameters');
}
const input: any = req.body;
- checkInputValidator(emailSubscriptionInputValidator, input);
+ checkInputValidator(
+ emailSubscriptionInputValidator,
+ input,
+ 'emailSubscriptionResponder',
+ );
const subscriptionRequest: EmailSubscriptionRequest = input;
await sendEmailSubscriptionRequestToAshoat(subscriptionRequest);
res.json({ success: true });
diff --git a/keyserver/src/responders/handlers.js b/keyserver/src/responders/handlers.js
--- a/keyserver/src/responders/handlers.js
+++ b/keyserver/src/responders/handlers.js
@@ -3,6 +3,7 @@
import type { $Response, $Request } from 'express';
import type { TType } from 'tcomb';
+import type { Endpoint } from 'lib/types/endpoints.js';
import { ServerError } from 'lib/utils/errors.js';
import {
assertWithValidator,
@@ -39,10 +40,16 @@
inputValidator: TType<I>,
outputValidator: TType<O>,
requiredPolicies: $ReadOnlyArray<PolicyType>,
+ endpoint: Endpoint,
): JSONResponder {
return {
responder: async (viewer, input) => {
- const request = await validateInput(viewer, inputValidator, input);
+ const request = await validateInput(
+ viewer,
+ inputValidator,
+ input,
+ endpoint,
+ );
const result = await responder(viewer, request);
return await validateOutput(
viewer.platformDetails,
diff --git a/keyserver/src/socket/socket.js b/keyserver/src/socket/socket.js
--- a/keyserver/src/socket/socket.js
+++ b/keyserver/src/socket/socket.js
@@ -181,6 +181,7 @@
const clientSocketMessageWithClientIDs = checkInputValidator(
clientSocketMessageInputValidator,
messageObject,
+ 'socket message',
);
responseTo = clientSocketMessageWithClientIDs.id;
if (
@@ -221,6 +222,7 @@
viewer,
clientSocketMessageInputValidator,
clientSocketMessageWithClientIDs,
+ `socket message type ${clientSocketMessageWithClientIDs.type}`,
);
const serverResponses =
diff --git a/keyserver/src/utils/validation-utils.js b/keyserver/src/utils/validation-utils.js
--- a/keyserver/src/utils/validation-utils.js
+++ b/keyserver/src/utils/validation-utils.js
@@ -31,11 +31,12 @@
viewer: Viewer,
inputValidator: TType<T>,
input: mixed,
+ source: string,
): Promise<T> {
if (!viewer.isSocket) {
await checkClientSupported(viewer, inputValidator, input);
}
- const convertedInput = checkInputValidator(inputValidator, input);
+ const convertedInput = checkInputValidator(inputValidator, input, source);
const keyserverID = await thisKeyserverID();
@@ -86,12 +87,21 @@
return data;
}
-function checkInputValidator<T>(inputValidator: TType<T>, input: mixed): T {
+function checkInputValidator<T>(
+ inputValidator: TType<T>,
+ input: mixed,
+ source: string,
+): T {
if (inputValidator.is(input)) {
return assertWithValidator(input, inputValidator);
}
const error = new ServerError('invalid_parameters');
- error.sanitizedInput = input ? sanitizeInput(inputValidator, input) : null;
+ try {
+ error.sanitizedInput = input ? sanitizeInput(inputValidator, input) : null;
+ } catch {
+ error.sanitizedInput = null;
+ }
+ console.log(`failed input validation on ${source}`);
throw error;
}

File Metadata

Mime Type
text/plain
Expires
Wed, Dec 25, 8:46 PM (59 m, 9 s)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2703052
Default Alt Text
D12387.diff (3 KB)

Event Timeline