Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[backend] expose IsSafeKey #46967

Merged
merged 1 commit into from
Sep 30, 2024
Merged

[backend] expose IsSafeKey #46967

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 15 additions & 15 deletions lib/backend/sanitize.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,8 +41,8 @@ var denyPatterns = []*regexp.Regexp{
regexp.MustCompile(`(^|/)\.\.?(/|$)`),
}

// isKeySafe checks if the passed in key conforms to whitelist
func isKeySafe(s Key) bool {
// IsKeySafe checks if the passed in key conforms to whitelist
func IsKeySafe(s Key) bool {
return allowPattern.Match(s) && !denyPatternsMatch(s) && utf8.Valid(s)
}

Expand Down Expand Up @@ -74,15 +74,15 @@ func NewSanitizer(backend Backend) *Sanitizer {

// GetRange returns query range
func (s *Sanitizer) GetRange(ctx context.Context, startKey, endKey Key, limit int) (*GetResult, error) {
if !isKeySafe(startKey) {
if !IsKeySafe(startKey) {
return nil, trace.BadParameter(errorMessage, startKey)
}
return s.backend.GetRange(ctx, startKey, endKey, limit)
}

// Create creates item if it does not exist
func (s *Sanitizer) Create(ctx context.Context, i Item) (*Lease, error) {
if !isKeySafe(i.Key) {
if !IsKeySafe(i.Key) {
return nil, trace.BadParameter(errorMessage, i.Key)
}
return s.backend.Create(ctx, i)
Expand All @@ -91,7 +91,7 @@ func (s *Sanitizer) Create(ctx context.Context, i Item) (*Lease, error) {
// Put puts value into backend (creates if it does not
// exists, updates it otherwise)
func (s *Sanitizer) Put(ctx context.Context, i Item) (*Lease, error) {
if !isKeySafe(i.Key) {
if !IsKeySafe(i.Key) {
return nil, trace.BadParameter(errorMessage, i.Key)
}

Expand All @@ -100,7 +100,7 @@ func (s *Sanitizer) Put(ctx context.Context, i Item) (*Lease, error) {

// Update updates value in the backend
func (s *Sanitizer) Update(ctx context.Context, i Item) (*Lease, error) {
if !isKeySafe(i.Key) {
if !IsKeySafe(i.Key) {
return nil, trace.BadParameter(errorMessage, i.Key)
}

Expand All @@ -110,7 +110,7 @@ func (s *Sanitizer) Update(ctx context.Context, i Item) (*Lease, error) {
// ConditionalUpdate updates the value in the backend if the revision of the [Item] matches
// the stored revision.
func (s *Sanitizer) ConditionalUpdate(ctx context.Context, i Item) (*Lease, error) {
if !isKeySafe(i.Key) {
if !IsKeySafe(i.Key) {
return nil, trace.BadParameter(errorMessage, i.Key)
}

Expand All @@ -119,7 +119,7 @@ func (s *Sanitizer) ConditionalUpdate(ctx context.Context, i Item) (*Lease, erro

// Get returns a single item or not found error
func (s *Sanitizer) Get(ctx context.Context, key Key) (*Item, error) {
if !isKeySafe(key) {
if !IsKeySafe(key) {
return nil, trace.BadParameter(errorMessage, key)
}
return s.backend.Get(ctx, key)
Expand All @@ -128,7 +128,7 @@ func (s *Sanitizer) Get(ctx context.Context, key Key) (*Item, error) {
// CompareAndSwap compares item with existing item
// and replaces is with replaceWith item
func (s *Sanitizer) CompareAndSwap(ctx context.Context, expected Item, replaceWith Item) (*Lease, error) {
if !isKeySafe(expected.Key) {
if !IsKeySafe(expected.Key) {
return nil, trace.BadParameter(errorMessage, expected.Key)
}

Expand All @@ -137,15 +137,15 @@ func (s *Sanitizer) CompareAndSwap(ctx context.Context, expected Item, replaceWi

// Delete deletes item by key
func (s *Sanitizer) Delete(ctx context.Context, key Key) error {
if !isKeySafe(key) {
if !IsKeySafe(key) {
return trace.BadParameter(errorMessage, key)
}
return s.backend.Delete(ctx, key)
}

// ConditionalDelete deletes the item by key if the revision matches the stored revision.
func (s *Sanitizer) ConditionalDelete(ctx context.Context, key Key, revision string) error {
if !isKeySafe(key) {
if !IsKeySafe(key) {
return trace.BadParameter(errorMessage, key)
}
return s.backend.ConditionalDelete(ctx, key, revision)
Expand All @@ -155,7 +155,7 @@ func (s *Sanitizer) ConditionalDelete(ctx context.Context, key Key, revision str
func (s *Sanitizer) DeleteRange(ctx context.Context, startKey, endKey Key) error {
// we only validate the start key, since we often compute the end key
// in order to delete a bunch of related entries
if !isKeySafe(startKey) {
if !IsKeySafe(startKey) {
return trace.BadParameter(errorMessage, startKey)
}

Expand All @@ -164,7 +164,7 @@ func (s *Sanitizer) DeleteRange(ctx context.Context, startKey, endKey Key) error

func (s *Sanitizer) AtomicWrite(ctx context.Context, condacts []ConditionalAction) (revision string, err error) {
for _, ca := range condacts {
if !isKeySafe(ca.Key) {
if !IsKeySafe(ca.Key) {
return "", trace.BadParameter(errorMessage, ca.Key)
}
}
Expand All @@ -177,7 +177,7 @@ func (s *Sanitizer) AtomicWrite(ctx context.Context, condacts []ConditionalActio
// some backends may ignore expires based on the implementation
// in case if the lease managed server side
func (s *Sanitizer) KeepAlive(ctx context.Context, lease Lease, expires time.Time) error {
if !isKeySafe(lease.Key) {
if !IsKeySafe(lease.Key) {
return trace.BadParameter(errorMessage, lease.Key)
}
return s.backend.KeepAlive(ctx, lease, expires)
Expand All @@ -186,7 +186,7 @@ func (s *Sanitizer) KeepAlive(ctx context.Context, lease Lease, expires time.Tim
// NewWatcher returns a new event watcher
func (s *Sanitizer) NewWatcher(ctx context.Context, watch Watch) (Watcher, error) {
for _, prefix := range watch.Prefixes {
if !isKeySafe(prefix) {
if !IsKeySafe(prefix) {
return nil, trace.BadParameter(errorMessage, prefix)
}
}
Expand Down
Loading