3pp-mirror/penpot
1
0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2025-06-03 22:01:39 +02:00
Code Issues Projects Releases Packages Wiki Activity

Sanitize plugins uuid parsing

Browse source
This commit is contained in:
Andrey Antukh 2025-04-11 12:21:36 +02:00
parent a7c1f7ba69
commit 38e5c161e7
5 changed files with 17 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

16
common/src/app/common/uuid.cljc
View file

@ -17,9 +17,14 @@
java.util.UUID java.util.UUID
java.nio.ByteBuffer))) java.nio.ByteBuffer)))
(def ^:private uuid-regex
#"^[0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F]-[0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F]-[0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F]-[0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F]-[0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F]$")
(defn uuid (defn uuid
"Creates an UUID instance from string, expectes valid uuid strings, "Creates an UUID instance from string, expectes valid uuid strings,
the existense of validation is implementation detail" the existense of validation is implementation detail.
UNSAFE: this can accept invalid uuids or incomplete uuids"
[s] [s]
#?(:clj (UUID/fromString s) #?(:clj (UUID/fromString s)
:cljs (c/uuid s))) :cljs (c/uuid s)))
@ -27,8 +32,13 @@
(defn parse (defn parse
"Parse string uuid representation into proper UUID instance, validates input" "Parse string uuid representation into proper UUID instance, validates input"
[s] [s]
#?(:clj (UUID/fromString s) (if (and (string? s) ^boolean (re-matches uuid-regex s))
:cljs (c/parse-uuid s))) #?(:clj (UUID/fromString s)
:cljs (uuid s))
(let [message (str "invalid string '" s "' for uuid")]
(throw #?(:clj (IllegalArgumentException. message)
:cljs (js/Error. message))))))
(defn next (defn next
[] []

3
frontend/src/app/main/ui/dashboard/sidebar.cljs
View file

@ -283,8 +283,7 @@
(fn [event] (fn [event]
(let [team-id (-> (dom/get-current-target event) (let [team-id (-> (dom/get-current-target event)
(dom/get-data "value") (dom/get-data "value")
(uuid/parse))] (uuid/uuid))]
(st/emit! (dcm/go-to-dashboard-recent :team-id team-id))))) (st/emit! (dcm/go-to-dashboard-recent :team-id team-id)))))
handle-select-default handle-select-default

2
frontend/src/app/plugins/library.cljs
View file

@ -969,7 +969,7 @@
:else :else
(let [file-id (:current-file-id @st/state) (let [file-id (:current-file-id @st/state)
library-id (uuid/uuid library-id)] library-id (uuid/parse library-id)]
(->> st/stream (->> st/stream
(rx/filter (ptk/type? ::dwl/attach-library-finished)) (rx/filter (ptk/type? ::dwl/attach-library-finished))
(rx/take 1) (rx/take 1)

2
frontend/src/app/plugins/page.cljs
View file

@ -160,7 +160,7 @@
(u/display-not-valid :getShapeById shape-id) (u/display-not-valid :getShapeById shape-id)
:else :else
(let [shape-id (uuid/uuid shape-id) (let [shape-id (uuid/parse shape-id)
shape (u/locate-shape file-id id shape-id)] shape (u/locate-shape file-id id shape-id)]
(when (some? shape) (when (some? shape)
(shape/shape-proxy plugin-id file-id id shape-id))))) (shape/shape-proxy plugin-id file-id id shape-id)))))

2
frontend/src/app/plugins/parser.cljs
View file

@ -13,7 +13,7 @@
(defn parse-id (defn parse-id
[id] [id]
(when id (uuid/uuid id))) (when id (uuid/parse id)))
(defn parse-keyword (defn parse-keyword
[kw] [kw]