search

dtolabs / yana2

Yet Another Node Authority ... because you wanted an agile Real-Time Service Model (RTSM)
8 stars 1 forks source link

Filters API output needs proper encoding #107

Closed ahonor closed 12 years ago

ahonor commented 12 years ago

Filters contain regular expression strings which need to be encoded to ensure valid representation formatting.

Eg, Here's the output of the /api/filter/list endpoint. Notice the expressions are not encoded and can create invalid XML (similar issues will be true for JSON):

<filters>
  <filter id='1' dataType='String' regex='^.*$' />
  <filter id='2' dataType='Boolean' regex='^([0-1]|true|false)$' />
  <filter id='3' dataType='Integer' regex='^[0-9]$' />
  <filter id='4' dataType='Float' regex='^([+-]?(((\d+(\.)?)|(\d*\.\d+))([eE][+-]?\d+)?))' />
  <filter id='5' dataType='URL' regex='^(http(?:s)?\:\/\/[a-zA-Z0-9\-]+(?:\.[a-zA-Z0-9\-]+)*\.[a-zA-Z]{2,6}(?:\/?|(?:\/[\w\-]+)*)(?:\/?|\/\w+\.[a-zA-Z]{2,4}(?:\?[\w]+\=[\w\-]+)?)?(?:\&amp;[\w]+\=[\w\-]+)*)$' />
  <filter id='6' dataType='Email' regex='^[_A-Za-z0-9-]+(\.[_A-Za-z0-9-]+)*@[A-Za-z0-9]+(\.[A-Za-z0-9]+)*(\.[A-Za-z]{2,})$' />
  <filter id='7' dataType='Date' regex='^(0[1-9]|1[012])[-](0[1-9]|[12][0-9]|3[01])[-](19|20)\d\d$ ' />
  <filter id='8' dataType='Time' regex='^((([0]?[1-9]|1[0-2])(:|\.)[0-5][0-9]((:|\.)[0-5][0-9])?( )?(AM|am|aM|Am|PM|pm|pM|Pm))|(([0]?[0-9]|1[0-9]|2[0-3])(:|\.)[0-5][0-9]((:|\.)[0-5][0-9])?))$' />
  <filter id='9' dataType='DateTime' regex='^([0-9]{4}-(((0[13578]|(10|12))-(0[1-9]|[1-2][0-9]|3[0-1]))|(02-(0[1-9]|[1-2][0-9]))|((0[469]|11)-(0[1-9]|[1-2][0-9]|30))))( (0[0-9]|1[0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9])){0,1}|0000-00-00 00:00:00|0000-00-00$' />
  <filter id='10' dataType='IP' regex='^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$' />
  <filter id='11' dataType='OS' regex='^(Linux|linux|Unix|unix|Windows|windows|Mac|mac|Sun|sun|BSD|bsd)$' />
  <filter id='12' dataType='test2' regex='test' />
</filters>
orubel commented 12 years ago

This is a KNOWN issue with the regex due to special character being unable to be escaped through XML validators see issue #68 ); even when properly escaped, the 'special characters' still throw errors. As long as they do NOT go through a XML validator, they are fine from what I am seeing regardless of not being escaped or being escaped. Otherwise we have to come up with an alternative method for importing/outporting filters

orubel commented 12 years ago

oops sorry... meant 106

gschueler commented 12 years ago

what specifically is not being encoded correctly? I created a filter containing XML-special characters, including these: <>'"&.

the xml output was properly encoded.

running "xmlstarlet val output.xml" produces: "output.xml - valid"

orubel commented 12 years ago

I think you guys are going a different route at this point so it doesn't matter at this point.