From aeaf702d0cbaf794557af5e9cdc6adbdea0eb880 Mon Sep 17 00:00:00 2001 From: domi41 Date: Wed, 9 Sep 2020 08:12:09 +0200 Subject: [PATCH] feat: sanitize participants' names (identifiers) This should be safe for CSV and others. We probably want to do a similar thing with messages (commands). Remember: we should not log the raw data. (security issue) --- .../MajorityJudgmentParticipant.gd | 5 ++-- tests/regex.test.gd | 24 +++++++++++++++++++ 2 files changed, 27 insertions(+), 2 deletions(-) create mode 100644 tests/regex.test.gd diff --git a/addons/majority_judgment/MajorityJudgmentParticipant.gd b/addons/majority_judgment/MajorityJudgmentParticipant.gd index 93c20b5..4ac01b5 100644 --- a/addons/majority_judgment/MajorityJudgmentParticipant.gd +++ b/addons/majority_judgment/MajorityJudgmentParticipant.gd @@ -18,8 +18,9 @@ static func make(__name): func set_name(__name:String) -> void: var invalid = RegEx.new() -# invalid.compile("[^a-zA-Z0-9+._-]+") -# __name = invalid.sub(__name, '', true) + # Allow unicode letters and numbers only, with . and _ and - + invalid.compile("[^\\p{L}\\p{N}._-]+") + __name = invalid.sub(__name, '', true) __name = __name.substr(0, min(__name.length(), 20)) if "" == __name: printerr("Participant name is empty!") diff --git a/tests/regex.test.gd b/tests/regex.test.gd new file mode 100644 index 0000000..81f03b1 --- /dev/null +++ b/tests/regex.test.gd @@ -0,0 +1,24 @@ +extends WAT.Test + + +func test_regex(): + var regex = RegEx.new() + # nope, no unicode +# regex.compile("[^a-zA-Z0-9+._-]+") + # compile: 12: unknown property name after \P or \p +# regex.compile("[^\\p{Letter}]") # T_T + # This works \o/ + regex.compile("[^\\p{L}\\p{N}]") + + var ea = [ + ["zozo04", "zozo04"], + ["a b c d é", "abcdé"], + ["仕方がない!", "仕方がない"], + ] + + for in_out in ea: + var actual = regex.sub(in_out[0], '', true) + asserts.is_equal( + in_out[1], actual + ) +