From c2b8e298d8c0a15a0e6489b658efe58030a18164 Mon Sep 17 00:00:00 2001 From: Wim Date: Sat, 11 Mar 2023 23:10:41 +0100 Subject: [PATCH] Add extra error checking for fileinfo (api) (#2015) --- bridge/api/api.go | 28 +++++++++++++++++++++++++--- go.mod | 2 +- 2 files changed, 26 insertions(+), 4 deletions(-) diff --git a/bridge/api/api.go b/bridge/api/api.go index c0bef0e2..cb348f16 100644 --- a/bridge/api/api.go +++ b/bridge/api/api.go @@ -4,6 +4,7 @@ import ( "encoding/base64" "encoding/json" "net/http" + "strings" "sync" "time" @@ -139,12 +140,33 @@ func (b *API) handlePostMessage(c echo.Context) error { message.Account = b.Account message.ID = "" message.Timestamp = time.Now() + + var ( + fm map[string]interface{} + ds string + ok bool + ) + for i, f := range message.Extra["file"] { fi := config.FileInfo{} - mapstructure.Decode(f.(map[string]interface{}), &fi) - var data []byte + if fm, ok = f.(map[string]interface{}); !ok { + return echo.NewHTTPError(http.StatusInternalServerError, "invalid format for extra") + } + err := mapstructure.Decode(fm, &fi) + if err != nil { + if !strings.Contains(err.Error(), "got string") { + return err + } + } // mapstructure doesn't decode base64 into []byte, so it must be done manually for fi.Data - data, _ = base64.StdEncoding.DecodeString(f.(map[string]interface{})["Data"].(string)) + if ds, ok = fm["Data"].(string); !ok { + return echo.NewHTTPError(http.StatusInternalServerError, "invalid format for data") + } + + data, err := base64.StdEncoding.DecodeString(ds) + if err != nil { + return err + } fi.Data = &data message.Extra["file"][i] = fi } diff --git a/go.mod b/go.mod index e2379e41..91adf773 100644 --- a/go.mod +++ b/go.mod @@ -33,6 +33,7 @@ require ( github.com/mattermost/mattermost-server/v6 v6.7.2 github.com/mattn/godown v0.0.1 github.com/mdp/qrterminal v1.0.1 + github.com/mitchellh/mapstructure v1.5.0 github.com/nelsonken/gomf v0.0.0-20190423072027-c65cc0469e94 github.com/olahol/melody v1.1.2 github.com/paulrosania/go-charset v0.0.0-20190326053356-55c9d7a5834c @@ -96,7 +97,6 @@ require ( github.com/minio/minio-go/v7 v7.0.24 // indirect github.com/minio/sha256-simd v1.0.0 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect - github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/monaco-io/request v1.0.5 // indirect