Nosial/socialbox-php
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Refactor AddressBookTrustSignature and ContactManager to improve UUID and peer address validation

Browse source 
https://github.com/nosial/Socialbox-PHP/issues/35
This commit is contained in:
netkas 2025-03-11 22:46:36 -04:00
parent 8cd3b381cf
commit 81b3dcf3ea
Signed by: netkas
GPG key ID: 4D8629441B76E4CC
3 changed files with 33 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
src/Socialbox/Classes/StandardMethods/AddressBook/AddressBookTrustSignature.php
View file

@ -2,12 +2,10 @@
namespace Socialbox\Classes\StandardMethods\AddressBook; namespace Socialbox\Classes\StandardMethods\AddressBook;
use InvalidArgumentException;
use Socialbox\Abstracts\Method; use Socialbox\Abstracts\Method;
use Socialbox\Classes\Configuration; use Socialbox\Classes\Configuration;
use Socialbox\Enums\StandardError; use Socialbox\Enums\StandardError;
use Socialbox\Exceptions\DatabaseOperationException; use Socialbox\Exceptions\DatabaseOperationException;
use Socialbox\Exceptions\Standard\InvalidRpcArgumentException;
use Socialbox\Exceptions\Standard\MissingRpcArgumentException; use Socialbox\Exceptions\Standard\MissingRpcArgumentException;
use Socialbox\Exceptions\Standard\StandardRpcException; use Socialbox\Exceptions\Standard\StandardRpcException;
use Socialbox\Interfaces\SerializableInterface; use Socialbox\Interfaces\SerializableInterface;
@ -16,7 +14,6 @@
use Socialbox\Objects\PeerAddress; use Socialbox\Objects\PeerAddress;
use Socialbox\Objects\RpcRequest; use Socialbox\Objects\RpcRequest;
use Socialbox\Socialbox; use Socialbox\Socialbox;
use Symfony\Component\Uid\Uuid;
class AddressBookTrustSignature extends Method class AddressBookTrustSignature extends Method
{ {
@ -30,29 +27,14 @@
throw new MissingRpcArgumentException('peer'); throw new MissingRpcArgumentException('peer');
} }
try
{
$address = PeerAddress::fromAddress($rpcRequest->getParameter('peer')); $address = PeerAddress::fromAddress($rpcRequest->getParameter('peer'));
}
catch(InvalidArgumentException $e)
{
throw new InvalidRpcArgumentException('peer', $e);
}
if(!$rpcRequest->containsParameter('signature_uuid')) if(!$rpcRequest->containsParameter('signature_uuid'))
{ {
throw new MissingRpcArgumentException('signature_uuid'); throw new MissingRpcArgumentException('signature_uuid');
} }
try $signatureUuid = (string)$rpcRequest->getParameter('signature_uuid');
{
$signatureUuid = Uuid::fromString($rpcRequest->getParameter('signature_uuid'));
}
catch(InvalidArgumentException $e)
{
throw new InvalidRpcArgumentException('signature_uuid', $e);
}
$signingKey = Socialbox::resolvePeerSignature($address, $signatureUuid); $signingKey = Socialbox::resolvePeerSignature($address, $signatureUuid);
try try

30
src/Socialbox/Managers/ContactManager.php
View file

@ -77,6 +77,15 @@
{ {
$contactAddress = $contactAddress->getAddress(); $contactAddress = $contactAddress->getAddress();
} }
elseif(!Validator::validatePeerAddress($contactAddress))
{
throw new InvalidArgumentException('The given contact address is not a valid peer address');
}
if(!Validator::validateUuid($peerUuid))
{
throw new InvalidArgumentException('The given internal peer UUID is not a valid UUID V4');
}
$uuid = UuidV4::v4()->toRfc4122(); $uuid = UuidV4::v4()->toRfc4122();
@ -136,6 +145,15 @@
{ {
$contactAddress = $contactAddress->getAddress(); $contactAddress = $contactAddress->getAddress();
} }
elseif(!Validator::validatePeerAddress($contactAddress))
{
throw new InvalidArgumentException('The given contact address is not a valid peer address');
}
if(!Validator::validateUuid($peerUuid))
{
throw new InvalidArgumentException('The given internal peer UUID is not a valid UUID V4');
}
try try
{ {
@ -376,6 +394,10 @@
{ {
$contactUuid = $contactUuid->getUuid(); $contactUuid = $contactUuid->getUuid();
} }
elseif(!Validator::validateUuid($contactUuid))
{
throw new InvalidArgumentException('The given contact UUID is not a valid UUID V4');
}
try try
{ {
@ -473,6 +495,10 @@
{ {
$contactUuid = $contactUuid->getUuid(); $contactUuid = $contactUuid->getUuid();
} }
elseif(!Validator::validateUuid($contactUuid))
{
throw new InvalidArgumentException('The given contact UUID is not a valid UUID V4');
}
try try
{ {
@ -573,6 +599,10 @@
{ {
$contactUuid = $contactUuid->getUuid(); $contactUuid = $contactUuid->getUuid();
} }
elseif(!Validator::validateUuid($contactUuid))
{
throw new InvalidArgumentException('The given contact UUID is not a valid UUID V4');
}
try try
{ {

7
src/Socialbox/Socialbox.php
View file

@ -880,16 +880,9 @@
{ {
// Convert string peer address to object PeerAddress // Convert string peer address to object PeerAddress
if(is_string($peerAddress)) if(is_string($peerAddress))
{
try
{ {
$peerAddress = PeerAddress::fromAddress($peerAddress); $peerAddress = PeerAddress::fromAddress($peerAddress);
} }
catch(InvalidArgumentException $e)
{
throw new StandardRpcException($e->getMessage(), StandardError::RPC_INVALID_ARGUMENTS, $e);
}
}
// Prevent resolutions against any host // Prevent resolutions against any host
if($peerAddress->getUsername() == ReservedUsernames::HOST) if($peerAddress->getUsername() == ReservedUsernames::HOST)