From 363ca4dc65077a00f4275749659ee950f7f0fe8d Mon Sep 17 00:00:00 2001 From: Pierluigi Cau Date: Thu, 21 Apr 2016 17:23:13 +0200 Subject: [PATCH 1/2] Disallow multiple forward slashes in app id validation This fixes mesosphere/marathon#3660 --- src/js/constants/AppFormErrorMessages.js | 1 + src/js/stores/AppFormStore.js | 1 + src/js/stores/validators/AppFormValidators.js | 2 ++ src/test/units/AppFormValidators.test.js | 10 ++++++++++ 4 files changed, 14 insertions(+) diff --git a/src/js/constants/AppFormErrorMessages.js b/src/js/constants/AppFormErrorMessages.js index e0610c73e..7fe4c9232 100644 --- a/src/js/constants/AppFormErrorMessages.js +++ b/src/js/constants/AppFormErrorMessages.js @@ -7,6 +7,7 @@ const applicationFieldValidationErrors = Util.deepFreeze({ appId: [ "ID must not be empty", "Path must not contain whitespace", + "Path must not contain multiple forward slashes", "Path contains invalid characters " + "(allowed: lowercase letters, digits, hyphens, \".\", \"..\")", "Path is not well-formed" diff --git a/src/js/stores/AppFormStore.js b/src/js/stores/AppFormStore.js index cc7bc9b0c..6bf0bdecd 100644 --- a/src/js/stores/AppFormStore.js +++ b/src/js/stores/AppFormStore.js @@ -43,6 +43,7 @@ const validationRules = { "appId": [ AppFormValidators.appIdNotEmpty, AppFormValidators.appIdNoWhitespaces, + AppFormValidators.appIdNoMultipleSlashes, AppFormValidators.appIdValidChars, AppFormValidators.appIdWellFormedPath ], diff --git a/src/js/stores/validators/AppFormValidators.js b/src/js/stores/validators/AppFormValidators.js index f5622f443..bdc82e0a3 100644 --- a/src/js/stores/validators/AppFormValidators.js +++ b/src/js/stores/validators/AppFormValidators.js @@ -26,6 +26,8 @@ const AppFormValidators = { appIdNoWhitespaces: (str) => str.match(/ /g) == null, + appIdNoMultipleSlashes: (str) => str.match(/\/{2,}/g) == null, + appIdValidChars: (str) => str.match(/[^a-z0-9\-\.\/]/g) == null, appIdWellFormedPath: (str) => { diff --git a/src/test/units/AppFormValidators.test.js b/src/test/units/AppFormValidators.test.js index 1b4286a63..76310be96 100644 --- a/src/test/units/AppFormValidators.test.js +++ b/src/test/units/AppFormValidators.test.js @@ -30,6 +30,16 @@ describe("App Form Validators", function () { .to.be.false; }); + it("has no multiple forward slashes", function () { + expect(this.validatior.appIdNoMultipleSlashes("/hello/world")) + .to.be.true; + }); + + it("has multiple forward slashes", function () { + expect(this.validatior.appIdNoMultipleSlashes("/hello//world////")) + .to.be.false; + }); + it("has no illegal characters", function () { expect(this.validatior.appIdValidChars("./app-1.b")).to.be.true; }); From a48e944b3f28d3759c569296d626d1839048e036 Mon Sep 17 00:00:00 2001 From: Pierluigi Cau Date: Thu, 21 Apr 2016 17:23:50 +0200 Subject: [PATCH 2/2] Add changelog entry --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 28b6f221b..a80215d6e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,9 @@ applications - \#3793 Wrong application status +### Changed +- \#3660 - Multiple forward slashes allowed in app ID + ## 1.1.2 - 2016-04-14 ### Fixed - \#3763 - Enable multiple general errors from server response