fix: improve the backend verification for security entry settings #7810
Conversation
|
Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
| } | ||
| result, _ := regexp.MatchString("^[a-zA-Z0-9]{5,116}$", val) | ||
| return result | ||
| } |
There was a problem hiding this comment.
- Unused Variable: The variable
erris declared but not used in the functioncheckEntrancePattern. This could be removed to clean up the code. - Variable Naming: Use lowercase variables (
pattern) instead of camelCase for better readability and convention consistency. - Regex Usage: Ensure that the regex pattern is accurate. If it should only allow alphanumeric characters, consider using
[a-zA-Z0-9]+. - Null Check: Add a check at the beginning of
UpdateSettingto avoid unnecessary processing ifreq.Keyis missing. - Error Handling: Consider handling potential errors outside of the return clause.
Here's the improved code:
package v1
import (
"encoding/base64"
"errors"
"fmt"
"os"
"path"
"github.com/1Panel-dev/1Panel/backend/app/api/v1/helper"
"github.com/1Panel-dev/1Panel/backend/app/dto"
)
func (b *BaseApi) UpdateSetting(c *gin.Context) {
req := dto.SettingUpdateReq{}
var err error
if err = helper.CheckBindAndValidate(&req, c); err != nil {
return
}
defer func() {
if r := recover(); r != nil {
c.AbortWithStatusJSON(500, gin.H{"error": fmt.Sprint(r)})
}
}()
if req.Key == "SecurityEntrance" && req.Value != "" {
pattern := "^([A-Za-z0-9]{5,116})?$" // Allow only numbers and letters
match, err := regexp.MatchString(pattern, req.Value)
if err != nil || !match {
helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, fmt.Sprintf("regexp match string with %s failed", req.Value))
return
}
}
err = settingService.Update(req.Key, req.Value)
if err != nil {
helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
return
}
helper.SuccessWithData(c, nil)
}
func checkEntrancePattern(value string) bool {
return len(value) > 0 &&
regexp.MustCompile(`^([A-Za-z0-9]{5,116})$`).MatchString(value)
}This refactored code addresses some issues such as unused variables and improves readability while maintaining functionality.
ssongliu
force-pushed
the
pr@dev@fix_entrance_validate
branch
from
02f14ea to
4365779
Compare
| } | ||
| result, _ := regexp.MatchString("^[a-zA-Z0-9]{5,116}$", val) | ||
| return result | ||
| } |
There was a problem hiding this comment.
The provided code is almost correct but includes minor issues that can be addressed:
-
Missing Import: The package
fmtis used in thecheckEntrancePatternfunction, but it might not have been imported at the top of the file. Ensure you have this import statement:import "fmt". -
Regex String: In the regex pattern
"^[a-zA-Z0-9]{5,116}$", there should be quotation marks around all characters within the brackets to correctly define the character set. -
Empty Value Check: The
checkEntrancePatternfunction now returnstrueif the value is empty, which might unintentionally allow empty strings. You might want to change this to returnfalseinstead since an empty security entrance seems invalid.
Here's the corrected version of the code with these adjustments:
package v1
import (
"encoding/base64"
"errors"
"fmt"
"os"
"path"
"github.com/1Panel-dev/1Panel/backend/app/api/v1/helper"
"github.com/1Panel-dev/1Panel/backend/app/dto"
)
// ... (rest of the code remains unchanged except for...
func (b *BaseApi) UpdateSetting(c *gin.Context) {
// ... (existing logic...)
}
// ... (rest of the code remains unchanged except for...
func checkEntrancePattern(val string) bool {
if len(val) == 0 {
return false
}
result, _ := regexp.MatchString(`^[a-zA-Z0-9]{5,116}$`, val)
return result
}These changes ensure the code is more robust and follows best practices.
|
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: wanghe-fit2cloud The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Refs #7657