idk/muwire
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

disallow certain characters in nicknames

Browse Source
This commit is contained in:
Zlatin Balevsky
2020-05-06 11:39:08 +01:00
parent ed02b718d9
commit d18cdb15cd
5 changed files with 44 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
core/src/main/java/com/muwire/core/Constants.java
View File

@@ -4,6 +4,7 @@ import net.i2p.crypto.SigType;
public class Constants {
public static final byte PERSONA_VERSION = (byte)1;
public static final String INVALID_NICKNAME_CHARS = "'\"();<>=@$%";
public static final byte FILE_CERT_VERSION = (byte)2;
public static final int CHAT_VERSION = 1;

25
core/src/main/java/com/muwire/core/InvalidNicknameException.java Normal file
View File

@@ -0,0 +1,25 @@
package com.muwire.core;
public class InvalidNicknameException extends Exception {
public InvalidNicknameException() {
}
public InvalidNicknameException(String message) {
super(message);
}
public InvalidNicknameException(Throwable cause) {
super(cause);
}
public InvalidNicknameException(String message, Throwable cause) {
super(message, cause);
}
public InvalidNicknameException(String message, Throwable cause, boolean enableSuppression,
boolean writableStackTrace) {
super(message, cause, enableSuppression, writableStackTrace);
}
}

9
core/src/main/java/com/muwire/core/Persona.java
View File

@@ -7,6 +7,8 @@ import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import com.muwire.core.util.DataUtil;
import net.i2p.crypto.DSAEngine;
import net.i2p.data.Base64;
import net.i2p.data.DataFormatException;
@@ -25,12 +27,15 @@ public class Persona {
private volatile String base64;
private volatile byte[] payload;
public Persona(InputStream personaStream) throws IOException, DataFormatException, InvalidSignatureException {
public Persona(InputStream personaStream) throws IOException, DataFormatException, InvalidSignatureException, InvalidNicknameException {
version = (byte) (personaStream.read() & 0xFF);
if (version != Constants.PERSONA_VERSION)
throw new IOException("Unknown version "+version);
name = new Name(personaStream);
if (!DataUtil.isValidName(name.name))
throw new InvalidNicknameException(name.name + " is not a valid nickname");
destination = Destination.create(personaStream);
sig = new byte[SIG_LEN];
DataInputStream dis = new DataInputStream(personaStream);
@@ -38,7 +43,7 @@ public class Persona {
if (!verify(version, name, destination, sig))
throw new InvalidSignatureException(getHumanReadableName() + " didn't verify");
}
private static boolean verify(byte version, Name name, Destination destination, byte [] sig)
throws IOException, DataFormatException {
ByteArrayOutputStream baos = new ByteArrayOutputStream();

7
core/src/main/java/com/muwire/core/util/DataUtil.java
View File

@@ -216,4 +216,11 @@ public class DataUtil {
Signature sig = DSAEngine.getInstance().sign(payload, spk);
return sig.getData();
}
public static boolean isValidName(String name) {
for (int i = 0; i < Constants.INVALID_NICKNAME_CHARS.length(); i++)
if (name.indexOf(Constants.INVALID_NICKNAME_CHARS.charAt(i)) >= 0)
return false;
return true;
}
}

6
gui/griffon-app/lifecycle/Ready.groovy
View File

@@ -6,10 +6,12 @@ import net.i2p.util.SystemVersion
import org.codehaus.griffon.runtime.core.AbstractLifecycleHandler
import com.muwire.core.Constants
import com.muwire.core.Core
import com.muwire.core.MuWireSettings
import com.muwire.core.UILoadedEvent
import com.muwire.core.files.FileSharedEvent
import com.muwire.core.util.DataUtil
import javax.annotation.Nonnull
import javax.inject.Inject
@@ -116,8 +118,8 @@ class Ready extends AbstractLifecycleHandler {
JOptionPane.WARNING_MESSAGE)
continue
}
if (nickname.contains("@")) {
JOptionPane.showMessageDialog(null, "Nickname cannot contain @, choose another",
if (!DataUtil.isValidName(nickname)) {
JOptionPane.showMessageDialog(null, "Nickname cannot contain any of ${Constants.INVALID_NICKNAME_CHARS} choose another",
"Select another nickname", JOptionPane.WARNING_MESSAGE)
continue
}