From bdde8e44d580b6713d363fac68315ffec5938fcf Mon Sep 17 00:00:00 2001 From: Tankred Hase Date: Tue, 7 Jun 2016 16:22:17 +0200 Subject: [PATCH] Allow lookup only by key ids with at least 16 chars --- src/route/hkp.js | 6 +++--- src/service/util.js | 4 ++-- test/integration/app-test.js | 32 +++++++++++++++++++++++--------- test/unit/util-test.js | 11 ++++------- 4 files changed, 32 insertions(+), 21 deletions(-) diff --git a/src/route/hkp.js b/src/route/hkp.js index a1ea661..afb9350 100644 --- a/src/route/hkp.js +++ b/src/route/hkp.js @@ -80,7 +80,7 @@ class HKP { if (['get','index','vindex'].indexOf(params.op) === -1) { ctx.throw(501, 'Not implemented!'); } else if (!params.keyid && !params.email) { - ctx.throw(400, 'Invalid request!'); + ctx.throw(501, 'Not implemented!'); } return params; @@ -88,7 +88,7 @@ class HKP { /** * Checks for a valid key id in the query string. A key must be prepended - * with '0x' and can be between 8 and 40 hex characters long. + * with '0x' and can be between 16 and 40 hex characters long. * @param {String} keyid The key id * @return {Boolean} If the key id is valid */ @@ -96,7 +96,7 @@ class HKP { if (!util.isString(keyid)) { return false; } - return /^0x[a-fA-F0-9]{8,40}$/.test(keyid); + return /^0x[a-fA-F0-9]{16,40}$/.test(keyid); } /** diff --git a/src/service/util.js b/src/service/util.js index e56b022..e7178cb 100644 --- a/src/service/util.js +++ b/src/service/util.js @@ -42,7 +42,7 @@ exports.isTrue = function(data) { }; /** - * Checks for a valid key id which is between 8 and 40 hex chars. + * Checks for a valid key id which is between 16 and 40 hex chars. * @param {string} data The key id * @return {boolean} If the key id if valid */ @@ -50,7 +50,7 @@ exports.validateKeyId = function(data) { if (!this.isString(data)) { return false; } - return /^[a-fA-F0-9]{8,40}$/.test(data); + return /^[a-fA-F0-9]{16,40}$/.test(data); }; /** diff --git a/test/integration/app-test.js b/test/integration/app-test.js index f26b0d1..177b209 100644 --- a/test/integration/app-test.js +++ b/test/integration/app-test.js @@ -174,9 +174,16 @@ describe('Koa App (HTTP Server) Integration Tests', function() { .end(done); }); + it('should return 400 for short key id', done => { + request(app.listen()) + .get('/api/v1/key?keyid=0123456789ABCDE') + .expect(400) + .end(done); + }); + it('should return 404 for wrong key id', done => { request(app.listen()) - .get('/api/v1/key?keyid=0123456789ABCDF') + .get('/api/v1/key?keyid=0123456789ABCDEF') .expect(404) .end(done); }); @@ -305,9 +312,9 @@ describe('Koa App (HTTP Server) Integration Tests', function() { .end(done); }); - it('should return 404 for unknown email address', done => { + it('should return 404 for unknown key id', done => { request(app.listen()) - .get('/api/v1/verifyRemove?keyid=0123456789ABCDF&nonce=' + emailParams.nonce) + .get('/api/v1/verifyRemove?keyid=0123456789ABCDEF&nonce=' + emailParams.nonce) .expect(404) .end(done); }); @@ -407,10 +414,10 @@ describe('Koa App (HTTP Server) Integration Tests', function() { .end(done); }); - it('should return 400 for invalid email', done => { + it('should return 501 for invalid email', done => { request(app.listen()) .get('/pks/lookup?op=get&search=a@bco') - .expect(400) + .expect(501) .end(done); }); @@ -421,17 +428,17 @@ describe('Koa App (HTTP Server) Integration Tests', function() { .end(done); }); - it('should return 400 for missing params', done => { + it('should return 501 for missing params', done => { request(app.listen()) .get('/pks/lookup?op=get') - .expect(400) + .expect(501) .end(done); }); - it('should return 400 for a invalid key id format', done => { + it('should return 501 for a invalid key id format', done => { request(app.listen()) .get('/pks/lookup?op=get&search=' + emailParams.keyid) - .expect(400) + .expect(501) .end(done); }); @@ -442,6 +449,13 @@ describe('Koa App (HTTP Server) Integration Tests', function() { .end(done); }); + it('should return 501 (Not implemented) for short key id', done => { + request(app.listen()) + .get('/pks/lookup?op=get&search=0x2A1B86E9') + .expect(501) + .end(done); + }); + it('should return 501 (Not implemented) for "x-email" op', done => { request(app.listen()) .get('/pks/lookup?op=x-email&search=0x' + emailParams.keyid) diff --git a/test/unit/util-test.js b/test/unit/util-test.js index 39b3065..dcfc80c 100644 --- a/test/unit/util-test.js +++ b/test/unit/util-test.js @@ -53,14 +53,11 @@ describe('Util Unit Tests', () => { it('should be true for 16 byte hex', () => { expect(util.validateKeyId('0123456789ABCDEF')).to.be.true; }); - it('should be true for 8 byte hex', () => { - expect(util.validateKeyId('01234567')).to.be.true; + it('should be false for 15 byte hex', () => { + expect(util.validateKeyId('0123456789ABCDE')).to.be.false; }); - it('should be false for 8 byte non-hex', () => { - expect(util.validateKeyId('0123456Z')).to.be.false; - }); - it('should be false for 7 byte hex', () => { - expect(util.validateKeyId('0123456')).to.be.false; + it('should be false for 16 byte non-hex', () => { + expect(util.validateKeyId('0123456789ABCDEZ')).to.be.false; }); it('should be false for 41 byte hex', () => { expect(util.validateKeyId('0123456789ABCDEF0123456789ABCDEF012345678')).to.be.false;