enhance robust validation for --url-path-prefix parameter

4e0874e1 · liangyongxiong · b8cefff4 · 4e0874e1 · 4e0874e1 · 4e0874e1
隐藏空白更改
内联并排

Showing with 15 addition and 5 deletion

.gitignore .gitignore +2 -0

mindinsight/scripts/start.py mindinsight/scripts/start.py +12 -4

mindinsight/ui/public/index.html mindinsight/ui/public/index.html +1 -1

未找到文件。
--- a/.gitignore
+++ b/.gitignore
@@ -86,3 +86,5 @@ build/*
 output/
 !output/README.md
+mindinsight/ui/public/static/js/graphvizlib.wasm
--- a/mindinsight/scripts/start.py
+++ b/mindinsight/scripts/start.py
@@ -122,7 +122,8 @@ class PortAction(argparse.Action):
 class UrlPathPrefixAction(argparse.Action):
    """Url Path prefix action class definition."""
-    REGEX = r'^(\/[a-zA-Z0-9-\-\.]+)+$'
+    INVALID_SEGMENTS = ('.', '..')
+    REGEX = r'^[a-zA-Z0-9_\-\.]+$'
    def __call__(self, parser, namespace, values, option_string=None):
        """
@@ -135,8 +136,12 @@ class UrlPathPrefixAction(argparse.Action):
            option_string (str): Optional string for specific argument name. Default: None.
        """
        prefix = values
-        if not re.match(self.REGEX, prefix):
+        segments = prefix.split('/')
-            parser.error(f'{option_string} value is invalid url path prefix')
+        for index, segment in enumerate(segments):
+            if not segment and index in (0, len(segments) - 1):
+                continue
+            if segment in self.INVALID_SEGMENTS or not re.match(self.REGEX, segment):
+                parser.error(f'{option_string} value is invalid url path prefix')
        setattr(namespace, self.dest, prefix)
@@ -186,7 +191,10 @@ class Command(BaseCommand):
            type=str,
            action=UrlPathPrefixAction,
            help="""
-                Custom path prefix for web page address. Default value is ''.
+                Custom URL path prefix for web page address. URL path prefix 
+                consists of segments separated by slashes. Each segment supports
+                alphabets / digits / underscores / dashes / dots, but cannot just 
+                be emtpy string / single dot / double dots. Default value is ''.
            """)
        for hook in HookUtils.instance().hooks():

--- a/mindinsight/ui/public/index.html
+++ b/mindinsight/ui/public/index.html
@@ -21,7 +21,7 @@ limitations under the License.
  <meta charset="utf-8" />
  <meta http-equiv="X-UA-Compatible" content="IE=edge" />
  <meta name="viewport" content="width=device-width,initial-scale=1.0" />
-  <link rel="icon" href="<%= BASE_URL %>/static/img/favicon.png" />
+  <link rel="icon" href="static/img/favicon.png" />
  <title>MindInsight</title>
  <style>
    .errorInfo {