ZYM/BH-Bookstore-2023
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

在服务端添加了原始请求种类校验,并修改了后端对浮点数的校验规则

Browse Source
This commit is contained in:
ZhuangYumin
2023-12-20 07:26:21 +00:00
parent df54f1bca6
commit 369a29b824
2 changed files with 13 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
backend/src/lexer.cpp
View File

@ -336,7 +336,7 @@ bool CommandModifyLexer(const std::string &command, std::string &ISBN,
std::string &name, std::string &author, std::string &name, std::string &author,
std::string &keyword, double &price) { std::string &keyword, double &price) {
static std::basic_regex main_pattern( static std::basic_regex main_pattern(
R"(^ *modify(?: +-ISBN=(?:[!-~]{1,20})| +-name=\"(?:[!#-~]{1,60})\"| +-author=\"(?:[!#-~]{1,60})\"| +-keyword=\"((?:[!#-{}~]{1,60}\|)*(?:[!#-{}~]{1,60}))\"| +-price=[0-9]{1,10}(?:\.[0-9]+)?)+ *$)", R"(^ *modify(?: +-ISBN=(?:[!-~]{1,20})| +-name=\"(?:[!#-~]{1,60})\"| +-author=\"(?:[!#-~]{1,60})\"| +-keyword=\"((?:[!#-{}~]{1,60}\|)*(?:[!#-{}~]{1,60}))\"| +-price=[0-9]{1,13}(?:\.[0-9]+)?)+ *$)",
std::regex_constants::optimize); std::regex_constants::optimize);
if (std::regex_match(command, main_pattern)) { if (std::regex_match(command, main_pattern)) {
std::stringstream ss(command); std::stringstream ss(command);
@ -373,6 +373,7 @@ bool CommandModifyLexer(const std::string &command, std::string &ISBN,
if (keyword.length() > 60) return false; if (keyword.length() > 60) return false;
} else if (token[1] == 'p') { } else if (token[1] == 'p') {
if (has_price) return false; if (has_price) return false;
if (token.substr(7).length() > 13) return false;
has_price = true; has_price = true;
price = std::stod(token.substr(7)); price = std::stod(token.substr(7));
} else } else
@ -400,7 +401,7 @@ bool CommandModifyLexer(const std::string &command, std::string &ISBN,
bool CommandImportLexer(const std::string &command, int &quantity, bool CommandImportLexer(const std::string &command, int &quantity,
double &total_cost) { double &total_cost) {
static std::basic_regex main_pattern( static std::basic_regex main_pattern(
R"(^ *import +[0-9]{1,10} +[0-9]{1,10}(?:\.[0-9]+)? *$)", R"(^ *import +[0-9]{1,10} +[0-9]{1,13}(?:\.[0-9]+)? *$)",
std::regex_constants::optimize); std::regex_constants::optimize);
if (std::regex_match(command, main_pattern)) { if (std::regex_match(command, main_pattern)) {
std::stringstream ss(command); std::stringstream ss(command);
@ -412,7 +413,10 @@ bool CommandImportLexer(const std::string &command, int &quantity,
ss >> quantity_tmp; ss >> quantity_tmp;
if (quantity_tmp > 2147483647) return false; if (quantity_tmp > 2147483647) return false;
quantity = quantity_tmp; quantity = quantity_tmp;
ss >> total_cost; std::string total_cost_tmp;
ss >> total_cost_tmp;
if(total_cost_tmp.length() > 13) return false;
total_cost = std::stod(total_cost_tmp);
return true; return true;
} else } else
return false; return false;

6
frontend/Web/index.js
View File

@ -165,6 +165,12 @@ io.on('connection', async (socket) => {
socket.emit('response', ret); socket.emit('response', ret);
} }
else{ else{
if(head[1]!='S'&&head[1]!='C'&&head[1]!='W'&&head[1]!='R')
{
console.log("input has invalid head");
socket.emit('response', "Invalid Input");
return;
}
if(substrings.length!=4) if(substrings.length!=4)
{ {
console.log("input has "+substrings.length+" words"); console.log("input has "+substrings.length+" words");