2009-07-29 15:21:49 +04:00
|
|
|
# -*- Mode: perl; indent-tabs-mode: nil -*-
|
|
|
|
#
|
|
|
|
# The contents of this file are subject to the Mozilla Public
|
|
|
|
# License Version 1.1 (the "License"); you may not use this file
|
|
|
|
# except in compliance with the License. You may obtain a copy of
|
|
|
|
# the License at http://www.mozilla.org/MPL/
|
|
|
|
#
|
|
|
|
# Software distributed under the License is distributed on an "AS
|
|
|
|
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
|
|
|
|
# implied. See the License for the specific language governing
|
|
|
|
# rights and limitations under the License.
|
|
|
|
#
|
|
|
|
# The Original Code is the Bugzilla Bug Tracking System.
|
|
|
|
#
|
|
|
|
# The Initial Developer of the Original Code is Everything Solved, Inc.
|
|
|
|
# Portions created by the Initial Developer are Copyright (C) 2008
|
|
|
|
# the Initial Developer. All Rights Reserved.
|
|
|
|
#
|
|
|
|
# Contributor(s):
|
|
|
|
# Max Kanat-Alexander <mkanat@bugzilla.org>
|
|
|
|
|
|
|
|
package Bugzilla::WebService::Util;
|
|
|
|
use strict;
|
|
|
|
use base qw(Exporter);
|
|
|
|
|
2010-05-15 00:02:34 +04:00
|
|
|
# We have to "require", not "use" this, because otherwise it tries to
|
|
|
|
# use features of Test::More during import().
|
|
|
|
require Test::Taint;
|
|
|
|
|
|
|
|
our @EXPORT_OK = qw(
|
|
|
|
filter
|
|
|
|
taint_data
|
|
|
|
validate
|
|
|
|
);
|
2009-07-29 15:21:49 +04:00
|
|
|
|
|
|
|
sub filter ($$) {
|
|
|
|
my ($params, $hash) = @_;
|
|
|
|
my %newhash = %$hash;
|
|
|
|
my %include = map { $_ => 1 } @{ $params->{'include_fields'} || [] };
|
|
|
|
my %exclude = map { $_ => 1 } @{ $params->{'exclude_fields'} || [] };
|
|
|
|
|
|
|
|
foreach my $key (keys %$hash) {
|
|
|
|
if (defined $params->{include_fields}) {
|
|
|
|
delete $newhash{$key} if !$include{$key};
|
|
|
|
}
|
|
|
|
if (defined $params->{exclude_fields}) {
|
|
|
|
delete $newhash{$key} if $exclude{$key};
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return \%newhash;
|
|
|
|
}
|
|
|
|
|
2010-05-15 00:02:34 +04:00
|
|
|
sub taint_data {
|
2010-08-10 15:15:39 +04:00
|
|
|
my @params = @_;
|
|
|
|
return if !@params;
|
2010-05-15 00:02:34 +04:00
|
|
|
# Though this is a private function, it hasn't changed since 2004 and
|
|
|
|
# should be safe to use, and prevents us from having to write it ourselves
|
|
|
|
# or require another module to do it.
|
2010-08-10 15:15:39 +04:00
|
|
|
Test::Taint::_deeply_traverse(\&_delete_bad_keys, \@params);
|
|
|
|
Test::Taint::taint_deeply(\@params);
|
2010-05-15 00:02:34 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
sub _delete_bad_keys {
|
|
|
|
foreach my $item (@_) {
|
|
|
|
next if ref $item ne 'HASH';
|
|
|
|
foreach my $key (keys %$item) {
|
|
|
|
# Making something a hash key always untaints it, in Perl.
|
|
|
|
# However, we need to validate our argument names in some way.
|
|
|
|
# We know that all hash keys passed in to the WebService will
|
|
|
|
# match \w+, so we delete any key that doesn't match that.
|
|
|
|
if ($key !~ /^\w+$/) {
|
|
|
|
delete $item->{$key};
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return @_;
|
|
|
|
}
|
|
|
|
|
2009-07-29 15:21:49 +04:00
|
|
|
sub validate {
|
|
|
|
my ($self, $params, @keys) = @_;
|
2010-08-10 15:15:39 +04:00
|
|
|
|
|
|
|
# If $params is defined but not a reference, then we weren't
|
|
|
|
# sent any parameters at all, and we're getting @keys where
|
|
|
|
# $params should be.
|
|
|
|
return ($self, undef) if (defined $params and !ref $params);
|
2009-07-29 15:21:49 +04:00
|
|
|
|
|
|
|
# If @keys is not empty then we convert any named
|
|
|
|
# parameters that have scalar values to arrayrefs
|
|
|
|
# that match.
|
|
|
|
foreach my $key (@keys) {
|
|
|
|
if (exists $params->{$key}) {
|
|
|
|
$params->{$key} = ref $params->{$key}
|
|
|
|
? $params->{$key}
|
|
|
|
: [ $params->{$key} ];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return ($self, $params);
|
|
|
|
}
|
|
|
|
|
|
|
|
__END__
|
|
|
|
|
|
|
|
=head1 NAME
|
|
|
|
|
|
|
|
Bugzilla::WebService::Util - Utility functions used inside of the WebService
|
|
|
|
code. These are B<not> functions that can be called via the WebService.
|
|
|
|
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
|
|
|
|
This is somewhat like L<Bugzilla::Util>, but these functions are only used
|
|
|
|
internally in the WebService code.
|
|
|
|
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
|
|
|
|
filter({ include_fields => ['id', 'name'],
|
|
|
|
exclude_fields => ['name'] }, $hash);
|
|
|
|
|
|
|
|
validate(@_, 'ids');
|
|
|
|
|
|
|
|
=head1 METHODS
|
|
|
|
|
|
|
|
=over
|
|
|
|
|
|
|
|
=item C<filter_fields>
|
|
|
|
|
|
|
|
This helps implement the C<include_fields> and C<exclude_fields> arguments
|
|
|
|
of WebService methods. Given a hash (the second argument to this subroutine),
|
|
|
|
this will remove any keys that are I<not> in C<include_fields> and then remove
|
|
|
|
any keys that I<are> in C<exclude_fields>.
|
|
|
|
|
|
|
|
=item C<validate>
|
|
|
|
|
|
|
|
This helps in the validation of parameters passed into the WebSerice
|
|
|
|
methods. Currently it converts listed parameters into an array reference
|
|
|
|
if the client only passed a single scalar value. It modifies the parameters
|
|
|
|
hash in place so other parameters should be unaltered.
|
|
|
|
|
|
|
|
=back
|