Browse Source

feat: sanitize participants' names (identifiers)

This should be safe for CSV and others.
We probably want to do a similar thing with messages (commands).
Remember: we should not log the raw data. (security issue)
master
Dominique Merle 2 years ago
parent
commit
aeaf702d0c
  1. 5
      addons/majority_judgment/MajorityJudgmentParticipant.gd
  2. 24
      tests/regex.test.gd

5
addons/majority_judgment/MajorityJudgmentParticipant.gd

@ -18,8 +18,9 @@ static func make(__name):
func set_name(__name:String) -> void:
var invalid = RegEx.new()
# invalid.compile("[^a-zA-Z0-9+._-]+")
# __name = invalid.sub(__name, '', true)
# Allow unicode letters and numbers only, with . and _ and -
invalid.compile("[^\\p{L}\\p{N}._-]+")
__name = invalid.sub(__name, '', true)
__name = __name.substr(0, min(__name.length(), 20))
if "" == __name:
printerr("Participant name is empty!")

24
tests/regex.test.gd

@ -0,0 +1,24 @@
extends WAT.Test
func test_regex():
var regex = RegEx.new()
# nope, no unicode
# regex.compile("[^a-zA-Z0-9+._-]+")
# compile: 12: unknown property name after \P or \p
# regex.compile("[^\\p{Letter}]") # T_T
# This works \o/
regex.compile("[^\\p{L}\\p{N}]")
var ea = [
["zozo04", "zozo04"],
["a b c d é", "abcdé"],
["仕方がない!", "仕方がない"],
]
for in_out in ea:
var actual = regex.sub(in_out[0], '', true)
asserts.is_equal(
in_out[1], actual
)
Loading…
Cancel
Save