darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2026-02-04 10:21:14 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix input handling

Browse Source
This commit is contained in:
Kenneth Kehl
2025-06-19 11:12:42 -07:00
parent b734b9cb9f
commit 69e7244485
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/job/rest.py
View File

@@ -45,12 +45,16 @@ job_blueprint = Blueprint("job", __name__, url_prefix="/service/<uuid:service_id
register_errors(job_blueprint)
def is_suspicious_input(str):
def is_suspicious_input(input_str):
if not isinstance(input_str, str):
return True
pattern = r"(?i)\b(OR|AND|UNION|SELECT|DROP|INSERT|UPDATE|DELETE|EXEC|TRUNCATE|CREATE|ALTER|--|/\*|\bpg_sleep\b|\bsleep\b)|[';]{2,}" # noqa
return bool(re.search(pattern, str))
return bool(re.search(pattern, input_str))
def is_valid_id(id):
if not isinstance(id, str):
return True
return bool(re.match(r"^[a-zA-Z0-9_-]{1,32}$", id))