Similar to the issue #265, here also the validation functions are implemented at client side so I can easily bypass them and I am able to register entries with illegal names successfully !
As you can see, the server also gives successful message, so the entry is being noted with illegal name !
Below is the process/commands that I followed ...
root@9f521ba69000:/app_client# gdb --args ./logappend -T 2 -K secret -A -G 1 log1
GNU gdb (Ubuntu 9.2-0ubuntu1~20.04.2) 9.2
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./logappend...
(gdb) break logappend.cpp:166
Breakpoint 1 at 0xea76: file ./logappend.cpp, line 168.
(gdb) break logappend.cpp:278
Breakpoint 2 at 0xf4b2: file ./logappend.cpp, line 281.
(gdb) run
Starting program: /app_client/logappend -T 2 -K secret -A -G 1 log1
warning: Error disabling address space randomization: Operation not permitted
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Breakpoint 1, process_logappend (argc=9, argv=0x7ffd530cf438) at ./logappend.cpp:168
168 for (int i = 0; i < argc; ++i) {
(gdb) break logappend.cpp:274
Breakpoint 3 at 0x62db47aeb48d: file ./logappend.cpp, line 274.
(gdb) continue
Continuing.
Breakpoint 3, process_logappend (argc=9, argv=0x7ffd530cf438) at ./logappend.cpp:274
274 logBool = true; // Final argument is the log file
(gdb) p log_file
$1 = "/app_client/logappend"
(gdb) set log_file = "log1"
Invalid cast.
(gdb) set log_file = "log1"
Invalid cast.
(gdb) set log_file = std::string("log1")
A syntax error in expression, near `("log1")'.
(gdb) set log_file = string("log1")
Invalid data type for function to be called.
(gdb) set log_file = std::string("log1");
A syntax error in expression, near `("log1");'.
(gdb) set log_file = std::string("log1")
A syntax error in expression, near `("log1")'.
(gdb) call log_file.assign("log1")
$2 = "log1"
(gdb) p log_file
$3 = "log1"
(gdb) continue
Continuing.
Invalid! Name contains non-alphabetic characters
[Inferior 1 (process 202) exited normally]
(gdb) continue
The program is not being run.
(gdb) run
Starting program: /app_client/logappend -T 2 -K secret -A -G 1 log1
warning: Error disabling address space randomization: Operation not permitted
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Breakpoint 1, process_logappend (argc=9, argv=0x7ffddc3323f8) at ./logappend.cpp:168
168 for (int i = 0; i < argc; ++i) {
(gdb) break logappend.cpp:241
Breakpoint 4 at 0x5c335020d1d0: file ./logappend.cpp, line 241.
(gdb) continue
Continuing.
Breakpoint 3, process_logappend (argc=9, argv=0x7ffddc3323f8) at ./logappend.cpp:274
274 logBool = true; // Final argument is the log file
(gdb) call log_file.assign("log1")
$4 = "log1"
(gdb) continue
Continuing.
Breakpoint 4, process_logappend (argc=9, argv=0x7ffddc3323f8) at ./logappend.cpp:241
241 role = "Guest";
(gdb) jump logappend.cpp:250
Continuing at 0x5c335020d2c8.
Valid name: 1
Invalid! Give proper command
[Inferior 1 (process 206) exited with code 0377]
(gdb) p args
No symbol "args" in current context.
(gdb) i args
No frame selected.
(gdb) call argv[0].assign("./logappend")
No symbol "argv" in current context.
(gdb) p argv
No symbol "argv" in current context.
(gdb) continue
The program is not being run.
(gdb) run
Starting program: /app_client/logappend -T 2 -K secret -A -G 1 log1
warning: Error disabling address space randomization: Operation not permitted
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Breakpoint 1, process_logappend (argc=9, argv=0x7ffff9045688) at ./logappend.cpp:168
168 for (int i = 0; i < argc; ++i) {
(gdb) p argv
$5 = (char **) 0x7ffff9045688
(gdb) p argv[0]
$6 = 0x7ffff9046886 "/app_client/logappend"
(gdb) call argv[0].assign("./logappend")
Attempt to extract a component of a value that is not a struct or union
(gdb) set argv[0] = "./logappend"
(gdb) continue
Continuing.
Breakpoint 4, process_logappend (argc=9, argv=0x7ffff9045688) at ./logappend.cpp:241
241 role = "Guest";
(gdb) jump logappend.cpp:250
Continuing at 0x5a83d1bec2c8.
Valid name: 1
Breakpoint 3, process_logappend (argc=9, argv=0x7ffff9045688) at ./logappend.cpp:274
274 logBool = true; // Final argument is the log file
(gdb) continue
Continuing.
Breakpoint 2, process_logappend (argc=9, argv=0x7ffff9045688) at ./logappend.cpp:281
281 if (!TBool || !KBool || !ActionBool || !PersonBool || !logBool) {
(gdb) continue
Continuing.
Log data being sent: {"log_name": "log1", "timestamp": "2", "token": "secret", "action": "Arrival", "name": "1", "role": "", "room_id": ""}
Response from server: HTTP/1.1 200 OK
Content-Type: text/plain
Content-Length: 32
Log entry recorded successfully.
Log entry successfully sent to server
[Inferior 1 (process 207) exited normally]
(gdb)
Similar to the issue #265, here also the validation functions are implemented at client side so I can easily bypass them and I am able to register entries with illegal names successfully !
As you can see, the server also gives successful message, so the entry is being noted with illegal name !
Below is the process/commands that I followed ...