Bug mysql database after creation prototype

AmpersandTarski / RAP

RAP is a tool that lets you analyse Ampersand models, generate functional specifications and make prototypes of information systems. It is the primary tool for students of the Open University of the Netherlands in the course Rule Based Design.

5 stars 3 forks source link

Bug mysql database after creation prototype #356

Closed lucsomers101 closed 5 months ago

lucsomers101 commented 7 months ago

Bug: RAP allows the user to choose their own user name. This user name is then used in various places within the application. Each part puts its own restrictions on what kind of characters can be used. Before we didn't check for special characters. This was later changed but the solution still didn't produce usable strings.

Solution: Refactor the code that takes care of the sanitisation of the user name. To prevent an all number string we append st to the front. Furthermore we remove all special characters, hash them and append the first five characters from the hash at the end.

lucsomers101 commented 7 months ago

During creation of a prototype when you made an account with the name aa-123 it gives the following error.

lucsomers101 commented 7 months ago

following file contains the trace of the error message above:

trace mysql name error'.txt

hanjoosten commented 7 months ago

This issue is comparable with issue https://github.com/AmpersandTarski/RAP/issues/331 . In both cases the user writes her name as a string. Then, there is a function that maps that string to a name of a table/database. In issue https://github.com/AmpersandTarski/RAP/issues/331 that mapping was done by using the lowercase function. Clearly, this isn't enough. - isn't allowed and probably several other characters aren't allowed as name. Also, what happens if a user types a veeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeery long name?

To solve this issue, the requirements of the mapping should be considered. Then, it will be quite straightforward to solve it, I guess.

FranSlot commented 5 months ago

This issue is comparable with issue #331 . In both cases the user writes her name as a string. Then, there is a function that maps that string to a name of a table/database. In issue #331 that mapping was done by using the lowercase function. Clearly, this isn't enough. - isn't allowed and probably several other characters aren't allowed as name. Also, what happens if a user types a veeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeery long name?

To solve this issue, the requirements of the mapping should be considered. Then, it will be quite straightforward to solve it, I guess.

Actually hyphens are allowed in SQL strings but the string should be put within backticks `. As of now the prototype project does not do this causing problems with hyphens.

FranSlot commented 5 months ago

After call with @hanjoosten decided to make a function in RAP to properly sanitize the name.