1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "check_common.h"
16
17 #include <algorithm>
18 #include <climits>
19
20 #include "doc_errno.h"
21 #include "grd_base/grd_db_api.h"
22 #include "rd_log_print.h"
23 #include "securec.h"
24
25 using namespace DocumentDB;
26 namespace DocumentDB {
27 namespace {
28 constexpr const char *KEY_ID = "_id";
29 constexpr const char *COLLECTION_PREFIX_GRD = "GRD_";
30 constexpr const char *COLLECTION_PREFIX_GM_SYS = "GM_SYS";
31 const int MAX_COLLECTION_NAME = 512;
32 const int MAX_ID_LENS = 900;
33 const int JSON_DEEP_MAX = 4;
34
CheckCollectionNamePrefix(const std::string & name,const std::string & prefix)35 bool CheckCollectionNamePrefix(const std::string &name, const std::string &prefix)
36 {
37 if (name.length() < prefix.length()) {
38 return false;
39 }
40
41 return (strncasecmp(name.c_str(), prefix.c_str(), prefix.length()) == 0);
42 }
43
ReplaceAll(std::string & inout,const std::string & what,const std::string & with)44 void ReplaceAll(std::string &inout, const std::string &what, const std::string &with)
45 {
46 std::string::size_type pos{};
47 while ((pos = inout.find(what.data(), pos, what.length())) != std::string::npos) {
48 inout.replace(pos, what.length(), with.data(), with.length());
49 pos += with.length();
50 }
51 }
52 } // namespace
53
CheckCollectionName(const std::string & collectionName,std::string & formattedName,int & errCode)54 bool CheckCommon::CheckCollectionName(const std::string &collectionName, std::string &formattedName, int &errCode)
55 {
56 if (collectionName.empty()) {
57 errCode = -E_INVALID_ARGS;
58 return false;
59 }
60 if (collectionName.length() + 1 > MAX_COLLECTION_NAME) { // with '\0'
61 errCode = -E_OVER_LIMIT;
62 return false;
63 }
64 if (CheckCollectionNamePrefix(collectionName, COLLECTION_PREFIX_GRD) ||
65 CheckCollectionNamePrefix(collectionName, COLLECTION_PREFIX_GM_SYS)) {
66 GLOGE("Collection name is illegal");
67 errCode = -E_INVALID_COLL_NAME_FORMAT;
68 return false;
69 }
70
71 formattedName = collectionName;
72 std::transform(formattedName.begin(), formattedName.end(), formattedName.begin(), [](unsigned char c) {
73 return std::tolower(c);
74 });
75
76 ReplaceAll(formattedName, "'", R"('')");
77 return true;
78 }
79
CheckSingleFilterPath(std::vector<std::string> & singleFilterPath)80 static int CheckSingleFilterPath(std::vector<std::string> &singleFilterPath)
81 {
82 if (singleFilterPath.empty()) {
83 return -E_INVALID_JSON_FORMAT;
84 }
85 for (size_t j = 0; j < singleFilterPath.size(); j++) {
86 if (singleFilterPath[j].empty()) {
87 return -E_INVALID_ARGS;
88 }
89 for (auto oneChar : singleFilterPath[j]) {
90 if (!((isalpha(oneChar)) || (isdigit(oneChar)) || (oneChar == '_'))) {
91 return -E_INVALID_ARGS;
92 }
93 }
94 }
95 if (!singleFilterPath.empty() && !singleFilterPath[0].empty() && isdigit(singleFilterPath[0][0])) {
96 return -E_INVALID_ARGS;
97 }
98 return E_OK;
99 }
100
CheckFilter(JsonObject & filterObj,std::vector<std::vector<std::string>> & filterPath,bool & isIdExist)101 int CheckCommon::CheckFilter(JsonObject &filterObj, std::vector<std::vector<std::string>> &filterPath, bool &isIdExist)
102 {
103 for (size_t i = 0; i < filterPath.size(); i++) {
104 if (filterPath[i].size() > JSON_DEEP_MAX) {
105 GLOGE("filter's json deep is deeper than JSON_DEEP_MAX");
106 return -E_INVALID_ARGS;
107 }
108 }
109 int ret = E_OK;
110 for (size_t i = 0; i < filterPath.size(); i++) {
111 ret = CheckSingleFilterPath(filterPath[i]);
112 if (ret != E_OK) {
113 return ret;
114 }
115 }
116 ret = CheckIdFormat(filterObj, isIdExist);
117 if (ret != E_OK) {
118 GLOGE("Filter Id format is illegal");
119 return ret;
120 }
121 return ret;
122 }
123
CheckIdFormat(JsonObject & idObj,bool & isIdExisit)124 int CheckCommon::CheckIdFormat(JsonObject &idObj, bool &isIdExisit)
125 {
126 JsonObject idObjChild = idObj.GetChild();
127 ValueObject idValue = JsonCommon::GetValueInSameLevel(idObjChild, KEY_ID, isIdExisit);
128 if ((idValue.GetValueType() == ValueObject::ValueType::VALUE_NULL) && isIdExisit == false) {
129 return E_OK;
130 }
131 if (idValue.GetValueType() != ValueObject::ValueType::VALUE_STRING) {
132 return -E_INVALID_ARGS;
133 }
134 if (idValue.GetStringValue().length() + 1 > MAX_ID_LENS) { // with '\0'
135 return -E_OVER_LIMIT;
136 }
137 return E_OK;
138 }
139
CheckDocument(JsonObject & documentObj,bool & isIdExist)140 int CheckCommon::CheckDocument(JsonObject &documentObj, bool &isIdExist)
141 {
142 if (documentObj.GetDeep() > JSON_DEEP_MAX) {
143 GLOGE("documentObj's json deep is deeper than JSON_DEEP_MAX");
144 return -E_INVALID_ARGS;
145 }
146 int ret = CheckIdFormat(documentObj, isIdExist);
147 if (ret != E_OK) {
148 return ret;
149 }
150 JsonObject documentObjChild = documentObj.GetChild();
151 if (!JsonCommon::CheckJsonField(documentObjChild)) {
152 GLOGE("Document json field format is illegal");
153 return -E_INVALID_ARGS;
154 }
155 return E_OK;
156 }
157
SplitFieldName(const std::string & fieldName,std::vector<std::string> & allFieldsName)158 int SplitFieldName(const std::string &fieldName, std::vector<std::string> &allFieldsName)
159 {
160 std::string tempParseName;
161 std::string priFieldName = fieldName;
162 for (size_t j = 0; j < priFieldName.size(); j++) {
163 if (priFieldName[j] != '.') {
164 tempParseName += priFieldName[j];
165 }
166 if (priFieldName[j] == '.' || j == priFieldName.size() - 1) {
167 if ((j > 0 && priFieldName[j] == '.' && priFieldName[j - 1] == '.') ||
168 (priFieldName[j] == '.' && j == priFieldName.size() - 1)) {
169 return -E_INVALID_ARGS;
170 }
171 allFieldsName.emplace_back(tempParseName);
172 tempParseName.clear();
173 }
174 }
175 return E_OK;
176 }
177
CheckSingleUpdataDocPath(std::vector<std::string> & singleUpdataPath)178 static int CheckSingleUpdataDocPath(std::vector<std::string> &singleUpdataPath)
179 {
180 for (const auto &fieldName : singleUpdataPath) {
181 for (auto oneChar : fieldName) {
182 if (!((isalpha(oneChar)) || (isdigit(oneChar)) || (oneChar == '_'))) {
183 GLOGE("updata fieldName is illegal");
184 return -E_INVALID_ARGS;
185 }
186 }
187 }
188 return E_OK;
189 }
190
CheckUpdata(JsonObject & updataObj)191 int CheckCommon::CheckUpdata(JsonObject &updataObj)
192 {
193 JsonObject jsonTemp = updataObj.GetChild();
194 size_t maxDeep = 0;
195 while (!jsonTemp.IsNull()) {
196 std::vector<std::string> allFieldsName;
197 int errCode = SplitFieldName(jsonTemp.GetItemField(), allFieldsName);
198 if (errCode != E_OK) {
199 return errCode;
200 }
201 errCode = CheckSingleUpdataDocPath(allFieldsName);
202 if (errCode != E_OK) {
203 return errCode;
204 }
205 maxDeep = std::max(allFieldsName.size() + jsonTemp.GetDeep(), maxDeep);
206 if (maxDeep > JSON_DEEP_MAX) {
207 GLOGE("document's json deep is deeper than JSON_DEEP_MAX");
208 return -E_INVALID_ARGS;
209 }
210 jsonTemp = jsonTemp.GetNext();
211 }
212 bool isIdExist = true;
213 CheckIdFormat(updataObj, isIdExist);
214 if (isIdExist) {
215 return -E_INVALID_ARGS;
216 }
217 return E_OK;
218 }
219
CheckSingleProjectionDocPath(std::vector<std::string> & singleProjectionPath)220 static int CheckSingleProjectionDocPath(std::vector<std::string> &singleProjectionPath)
221 {
222 for (const auto &fieldName : singleProjectionPath) {
223 if (fieldName.empty()) {
224 return -E_INVALID_ARGS;
225 }
226 for (size_t j = 0; j < fieldName.size(); j++) {
227 if (!((isalpha(fieldName[j])) || (isdigit(fieldName[j])) || (fieldName[j] == '_'))) {
228 return -E_INVALID_ARGS;
229 }
230 if (j == 0 && (isdigit(fieldName[j]))) {
231 return -E_INVALID_ARGS;
232 }
233 }
234 }
235 return E_OK;
236 }
237
CheckProjection(JsonObject & projectionObj,std::vector<std::vector<std::string>> & path)238 int CheckCommon::CheckProjection(JsonObject &projectionObj, std::vector<std::vector<std::string>> &path)
239 {
240 if (projectionObj.GetDeep() > JSON_DEEP_MAX) {
241 GLOGE("projectionObj's json deep is deeper than JSON_DEEP_MAX");
242 return -E_INVALID_ARGS;
243 }
244 int errCode = E_OK;
245 if (!projectionObj.GetChild().IsNull()) {
246 JsonObject projectionObjChild = projectionObj.GetChild();
247 if (!JsonCommon::CheckProjectionField(projectionObjChild, errCode)) {
248 GLOGE("projection json field format is illegal");
249 return errCode;
250 }
251 }
252 for (size_t i = 0; i < path.size(); i++) {
253 if (path[i].empty()) {
254 return -E_INVALID_JSON_FORMAT;
255 }
256 errCode = CheckSingleProjectionDocPath(path[i]);
257 if (errCode != E_OK) {
258 return errCode;
259 }
260 }
261 return E_OK;
262 }
263 } // namespace DocumentDB