changeset 325:34a110d1f06c

added security check for the query transformation
author cin
date Mon, 27 May 2013 02:49:58 +0400
parents b1e7b55b4a38
children 793cc7f0a7e7
files Lib/IMPL/DOM/Transform/QueryToDOM.pm
diffstat 1 files changed, 14 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/Lib/IMPL/DOM/Transform/QueryToDOM.pm	Sat May 25 01:57:49 2013 +0400
+++ b/Lib/IMPL/DOM/Transform/QueryToDOM.pm	Mon May 27 02:49:58 2013 +0400
@@ -3,6 +3,9 @@
 
 use IMPL::Const qw(:prop);
 use IMPL::declare {
+    require => {
+        OutOfRangeException => '-IMPL::OutOfRangeException'
+    },
 	base => [
 	   'IMPL::DOM::Transform::ObjectToDOM' => '@_'
 	],
@@ -12,6 +15,8 @@
 	]
 };
 
+our $MAX_INDEX = 1024;
+
 sub CTOR {
 	my ($this) = @_;
 	
@@ -59,12 +64,14 @@
             if (my ($name,$index) = ($part =~ m/^(\w+)(?:\[(\d+)\])?$/) ) {
                 if (@parts) {
                     if(defined $index) {
+                        $this->ValidateIndex($index);
                         $node = ($node->{$name}[$index] ||= {});
                     } else {
                         $node = ($node->{$name} ||= {});
                     }
                 } else {
                     if(defined $index) {
+                        $this->ValidateIndex($index);
                         $node->{$name}[$index] = (@value == 1 ? $value[0] : \@value);
                     } else {
                         $node->{$name} = (@value == 1 ? $value[0] : \@value);
@@ -77,6 +84,13 @@
     return $this->Transform($data);
 }
 
+sub ValidateIndex {
+    my ($this,$index) = @_;
+    
+    die OutOfRangeException->new()
+        unless $index >= 0 and $index <= $MAX_INDEX;
+}
+
 sub TransformAction {
 	my ($this,$action) = @_;