diff options
| author | Joram Wilander <jwawilander@gmail.com> | 2017-12-05 18:19:33 -0500 |
|---|---|---|
| committer | Christopher Speller <crspeller@gmail.com> | 2017-12-05 15:19:33 -0800 |
| commit | 7cefef6d21fa76de0683d2fe9ff56a6e28816628 (patch) | |
| tree | 3aff5d34a44bb65cfefa5e69084d2bd484d1dd51 /app/plugin.go | |
| parent | 150de584c348d6317199fd619f0c144464b8f755 (diff) | |
| download | chat-7cefef6d21fa76de0683d2fe9ff56a6e28816628.tar.gz chat-7cefef6d21fa76de0683d2fe9ff56a6e28816628.tar.bz2 chat-7cefef6d21fa76de0683d2fe9ff56a6e28816628.zip | |
Hash key for plugin store and limit id length (#7933)
Diffstat (limited to 'app/plugin.go')
| -rw-r--r-- | app/plugin.go | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/app/plugin.go b/app/plugin.go index 087ce1abf..f91a2e414 100644 --- a/app/plugin.go +++ b/app/plugin.go @@ -6,12 +6,15 @@ package app import ( "bytes" "context" + "crypto/sha256" + "encoding/base64" "io" "io/ioutil" "net/http" "os" "path/filepath" "strings" + "unicode/utf8" l4g "github.com/alecthomas/log4go" @@ -28,6 +31,10 @@ import ( "github.com/mattermost/mattermost-server/plugin/pluginenv" ) +const ( + PLUGIN_MAX_ID_LENGTH = 190 +) + var prepackagedPlugins map[string]func(string) ([]byte, error) = map[string]func(string) ([]byte, error){ "jira": jira.Asset, "zoom": zoom.Asset, @@ -149,6 +156,10 @@ func (a *App) installPlugin(pluginFile io.Reader, allowPrepackaged bool) (*model return nil, model.NewAppError("installPlugin", "app.plugin.prepackaged.app_error", nil, "", http.StatusBadRequest) } + if utf8.RuneCountInString(manifest.Id) > PLUGIN_MAX_ID_LENGTH { + return nil, model.NewAppError("installPlugin", "app.plugin.id_length.app_error", map[string]interface{}{"Max": PLUGIN_MAX_ID_LENGTH}, err.Error(), http.StatusBadRequest) + } + bundles, err := a.PluginEnv.Plugins() if err != nil { return nil, model.NewAppError("installPlugin", "app.plugin.install.app_error", nil, err.Error(), http.StatusInternalServerError) @@ -475,10 +486,16 @@ func (a *App) ShutDownPlugins() { a.PluginEnv = nil } +func getKeyHash(key string) string { + hash := sha256.New() + hash.Write([]byte(key)) + return base64.StdEncoding.EncodeToString(hash.Sum(nil)) +} + func (a *App) SetPluginKey(pluginId string, key string, value []byte) *model.AppError { kv := &model.PluginKeyValue{ PluginId: pluginId, - Key: key, + Key: getKeyHash(key), Value: value, } @@ -492,7 +509,7 @@ func (a *App) SetPluginKey(pluginId string, key string, value []byte) *model.App } func (a *App) GetPluginKey(pluginId string, key string) ([]byte, *model.AppError) { - result := <-a.Srv.Store.Plugin().Get(pluginId, key) + result := <-a.Srv.Store.Plugin().Get(pluginId, getKeyHash(key)) if result.Err != nil { if result.Err.StatusCode == http.StatusNotFound { @@ -508,7 +525,7 @@ func (a *App) GetPluginKey(pluginId string, key string) ([]byte, *model.AppError } func (a *App) DeletePluginKey(pluginId string, key string) *model.AppError { - result := <-a.Srv.Store.Plugin().Delete(pluginId, key) + result := <-a.Srv.Store.Plugin().Delete(pluginId, getKeyHash(key)) if result.Err != nil { l4g.Error(result.Err.Error()) |