From afe0297a9dce50ae03010a49dbb373fbc5b9005c Mon Sep 17 00:00:00 2001
From: Matthias Hannig <matthias@hannig.cc>
Date: Tue, 6 Dec 2016 13:02:12 +0100
Subject: [PATCH] added filtering for protocol params

---
 endpoints/filter.go      | 50 ++++++++++++++++++++++++++++++++++++++++
 endpoints/filter_test.go | 39 +++++++++++++++++++++++++++++++
 endpoints/routes.go      |  8 ++++++-
 3 files changed, 96 insertions(+), 1 deletion(-)
 create mode 100644 endpoints/filter.go
 create mode 100644 endpoints/filter_test.go

diff --git a/endpoints/filter.go b/endpoints/filter.go
new file mode 100644
index 0000000..4947ae5
--- /dev/null
+++ b/endpoints/filter.go
@@ -0,0 +1,50 @@
+package endpoints
+
+import (
+	"fmt"
+)
+
+/*
+ * Parameter / Request Validation
+ */
+
+// Check if the value is not longer than a given length
+func ValidateLength(value string, maxLength int) error {
+	if len(value) > maxLength {
+		return fmt.Errorf("Provided param value is too long.")
+	}
+	return nil
+}
+
+func ValidateCharset(value string, alphabet string) error {
+	for i := 0; i < len(value); i++ {
+		c := value[i]
+		ok := false
+		for j := 0; j < len(alphabet); j++ {
+			if alphabet[j] == c {
+				ok = true
+				break
+			}
+		}
+		if !ok {
+			return fmt.Errorf("Invalid character in param value")
+		}
+	}
+	return nil
+}
+
+func ValidateProtocolParam(value string) (string, error) {
+
+	// Check length
+	if err := ValidateLength(value, 80); err != nil {
+		return "", err
+	}
+
+	// Check input
+	allowed := "ID_AS:.abcdef1234567890"
+	if err := ValidateCharset(value, allowed); err != nil {
+		return "", err
+	}
+
+	return value, nil
+}
diff --git a/endpoints/filter_test.go b/endpoints/filter_test.go
new file mode 100644
index 0000000..b57f10a
--- /dev/null
+++ b/endpoints/filter_test.go
@@ -0,0 +1,39 @@
+package endpoints
+
+import (
+	"testing"
+)
+
+func TestValidateProtocol(t *testing.T) {
+
+	validProtocols := []string{
+		"ID421_AS11171_123.8.127.19",
+		"ID429_AS12240_2222:7af8:8:05:01:30bb:0:1",
+		"AI421_AS11171_123..8..127..19",
+	}
+
+	invalidProtocols := []string{
+		"ID421_AS11171_123.8.127.lö19",
+		"Test123",
+		"ThisValueIsTooLong12345678901234567890123456789012345678901234567890123456789012345678901234567890",
+	}
+
+	// Valid protocol values
+	for _, param := range validProtocols {
+		t.Log("Testing valid protocol:", param)
+		_, err := ValidateProtocolParam(param)
+		if err != nil {
+			t.Error(param, "should be a valid protocol param")
+		}
+	}
+
+	// Invalid protocol values
+	for _, param := range invalidProtocols {
+		t.Log("Testing invalid protocol:", param)
+		_, err := ValidateProtocolParam(param)
+		if err == nil {
+			t.Error(param, "should be an invalid protocol param")
+		}
+	}
+
+}
diff --git a/endpoints/routes.go b/endpoints/routes.go
index 961d9b1..3d1fcf2 100644
--- a/endpoints/routes.go
+++ b/endpoints/routes.go
@@ -1,12 +1,18 @@
 package endpoints
 
 import (
+	"fmt"
+
 	"github.com/ecix/birdwatcher/bird"
 	"github.com/julienschmidt/httprouter"
 )
 
 func ProtoRoutes(ps httprouter.Params) (bird.Parsed, bool) {
-	return bird.RoutesProto(ps.ByName("protocol"))
+	protocol, err := ValidateProtocolParam(ps.ByName("protocol"))
+	if err != nil {
+		return bird.Parsed{"error": fmt.Sprintf("%s", err)}, false
+	}
+	return bird.RoutesProto(protocol)
 }
 
 func TableRoutes(ps httprouter.Params) (bird.Parsed, bool) {