提交 8345421b 编写于 作者: L liangyongxiong

enhance robust validation for --url-path-prefix parameter

上级 edb7f7a0
......@@ -86,3 +86,5 @@ build/*
output/
!output/README.md
mindinsight/ui/public/static/js/graphvizlib.wasm
......@@ -122,7 +122,8 @@ class PortAction(argparse.Action):
class UrlPathPrefixAction(argparse.Action):
"""Url Path prefix action class definition."""
REGEX = r'^(\/[a-zA-Z0-9-\-\.]+)+$'
INVALID_SEGMENTS = ('.', '..')
REGEX = r'^[a-zA-Z0-9_\-\.]+$'
def __call__(self, parser, namespace, values, option_string=None):
"""
......@@ -135,7 +136,11 @@ class UrlPathPrefixAction(argparse.Action):
option_string (str): Optional string for specific argument name. Default: None.
"""
prefix = values
if not re.match(self.REGEX, prefix):
segments = prefix.split('/')
for index, segment in enumerate(segments):
if not segment and index in (0, len(segments) - 1):
continue
if segment in self.INVALID_SEGMENTS or not re.match(self.REGEX, segment):
parser.error(f'{option_string} value is invalid url path prefix')
setattr(namespace, self.dest, prefix)
......@@ -186,7 +191,10 @@ class Command(BaseCommand):
type=str,
action=UrlPathPrefixAction,
help="""
Custom path prefix for web page address. Default value is ''.
Custom URL path prefix for web page address. URL path prefix
consists of segments separated by slashes. Each segment supports
alphabets / digits / underscores / dashes / dots, but cannot just
be emtpy string / single dot / double dots. Default value is ''.
""")
for hook in HookUtils.instance().hooks():
......
......@@ -21,7 +21,7 @@ limitations under the License.
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport" content="width=device-width,initial-scale=1.0" />
<link rel="icon" href="<%= BASE_URL %>/static/img/favicon.png" />
<link rel="icon" href="static/img/favicon.png" />
<title>MindInsight</title>
<style>
.errorInfo {
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册