From 58c873809b3d41a099b4b80f1d87c04c3319a62e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= Date: Sun, 26 Oct 2025 07:10:30 +0100 Subject: [PATCH] relay/api: return an error 400 when URL parameter "colors" has an invalid value --- CHANGELOG.md | 1 + src/plugins/relay/api/relay-api-protocol.c | 23 ++++++-- src/plugins/relay/api/relay-api.c | 9 ++-- src/plugins/relay/api/relay-api.h | 2 +- src/plugins/relay/api/weechat-relay-api.yaml | 54 +++++++++++++++++++ .../unit/plugins/relay/api/test-relay-api.cpp | 12 +++-- 6 files changed, 87 insertions(+), 14 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 18fa7f34d..b502ad420 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -32,6 +32,7 @@ SPDX-License-Identifier: GPL-3.0-or-later - api: fix parsing of date/times with timezone offset in function util_parse_time - irc: fix warning on creation of irc.msgbuffer option when the server name contains upper case letters ([#2281](https://github.com/weechat/weechat/issues/2281)) - relay/api: fix crash when an invalid HTTP request is received from a client +- relay/api: return an error 400 when URL parameter "colors" has an invalid value ## Version 4.7.1 (2025-08-16) diff --git a/src/plugins/relay/api/relay-api-protocol.c b/src/plugins/relay/api/relay-api-protocol.c index 106357882..9184cc588 100644 --- a/src/plugins/relay/api/relay-api-protocol.c +++ b/src/plugins/relay/api/relay-api-protocol.c @@ -559,9 +559,9 @@ RELAY_API_PROTOCOL_CALLBACK(buffers) struct t_gui_line *ptr_line; struct t_gui_line_data *ptr_line_data; long lines, lines_free, line_id; - int nicks; + int colors, nicks; + const char *ptr_colors; char *error; - enum t_relay_api_colors colors; json = NULL; @@ -580,8 +580,19 @@ RELAY_API_PROTOCOL_CALLBACK(buffers) } nicks = relay_http_get_param_boolean (client->http_req, "nicks", 0); - colors = relay_api_search_colors ( - weechat_hashtable_get (client->http_req->params, "colors")); + colors = RELAY_API_COLORS_ANSI; + ptr_colors = weechat_hashtable_get (client->http_req->params, "colors"); + if (ptr_colors) + { + colors = relay_api_search_colors (ptr_colors); + if (colors < 0) + { + relay_api_msg_send_error_json (client, RELAY_HTTP_400_BAD_REQUEST, NULL, + "Invalid parameter \"%s\"", + "colors"); + return RELAY_API_PROTOCOL_RC_OK; + } + } if (client->http_req->num_path_items > 3) { @@ -1057,8 +1068,12 @@ RELAY_API_PROTOCOL_CALLBACK(sync) RELAY_API_DATA(client, sync_input) = (cJSON_IsTrue (json_input)) ? 1 : 0; json_colors = cJSON_GetObjectItem (json_body, "colors"); if (json_colors && cJSON_IsString (json_colors)) + { RELAY_API_DATA(client, sync_colors) = relay_api_search_colors ( cJSON_GetStringValue (json_colors)); + if (RELAY_API_DATA(client, sync_colors) < 0) + RELAY_API_DATA(client, sync_colors) = RELAY_API_COLORS_ANSI; + } } if (RELAY_API_DATA(client, sync_enabled)) diff --git a/src/plugins/relay/api/relay-api.c b/src/plugins/relay/api/relay-api.c index af99381cb..31f59a3c0 100644 --- a/src/plugins/relay/api/relay-api.c +++ b/src/plugins/relay/api/relay-api.c @@ -76,19 +76,20 @@ relay_api_get_buffer_id (struct t_gui_buffer *buffer) * - RELAY_API_COLORS_STRIP */ -enum t_relay_api_colors +int relay_api_search_colors (const char *colors) { if (!colors) - return RELAY_API_COLORS_ANSI; + return -1; + if (strcmp (colors, "ansi") == 0) + return RELAY_API_COLORS_ANSI; if (strcmp (colors, "weechat") == 0) return RELAY_API_COLORS_WEECHAT; - if (strcmp (colors, "strip") == 0) return RELAY_API_COLORS_STRIP; - return RELAY_API_COLORS_ANSI; + return -1; } /* diff --git a/src/plugins/relay/api/relay-api.h b/src/plugins/relay/api/relay-api.h index 09b9c6457..4c65cd176 100644 --- a/src/plugins/relay/api/relay-api.h +++ b/src/plugins/relay/api/relay-api.h @@ -70,7 +70,7 @@ struct t_relay_api_data }; extern long long relay_api_get_buffer_id (struct t_gui_buffer *buffer); -extern enum t_relay_api_colors relay_api_search_colors (const char *colors); +extern int relay_api_search_colors (const char *colors); extern void relay_api_hook_signals (struct t_relay_client *client); extern void relay_api_unhook_signals (struct t_relay_client *client); extern void relay_api_recv_http (struct t_relay_client *client); diff --git a/src/plugins/relay/api/weechat-relay-api.yaml b/src/plugins/relay/api/weechat-relay-api.yaml index 0528514ad..06e61cacf 100644 --- a/src/plugins/relay/api/weechat-relay-api.yaml +++ b/src/plugins/relay/api/weechat-relay-api.yaml @@ -143,6 +143,12 @@ paths: type: array items: $ref: '#/components/schemas/Buffer' + '400': + description: Bad Request + content: + application/json: + schema: + $ref: '#/components/schemas/Error' '401': description: Unauthorized content: @@ -177,6 +183,12 @@ paths: application/json: schema: $ref: '#/components/schemas/Buffer' + '400': + description: Bad Request + content: + application/json: + schema: + $ref: '#/components/schemas/Error' '401': description: Unauthorized content: @@ -217,6 +229,12 @@ paths: application/json: schema: $ref: '#/components/schemas/Buffer' + '400': + description: Bad Request + content: + application/json: + schema: + $ref: '#/components/schemas/Error' '401': description: Unauthorized content: @@ -258,6 +276,12 @@ paths: type: array items: $ref: '#/components/schemas/Line' + '400': + description: Bad Request + content: + application/json: + schema: + $ref: '#/components/schemas/Error' '401': description: Unauthorized content: @@ -298,6 +322,12 @@ paths: application/json: schema: $ref: '#/components/schemas/Line' + '400': + description: Bad Request + content: + application/json: + schema: + $ref: '#/components/schemas/Error' '401': description: Unauthorized content: @@ -339,6 +369,12 @@ paths: type: array items: $ref: '#/components/schemas/Line' + '400': + description: Bad Request + content: + application/json: + schema: + $ref: '#/components/schemas/Error' '401': description: Unauthorized content: @@ -379,6 +415,12 @@ paths: application/json: schema: $ref: '#/components/schemas/Line' + '400': + description: Bad Request + content: + application/json: + schema: + $ref: '#/components/schemas/Error' '401': description: Unauthorized content: @@ -416,6 +458,12 @@ paths: application/json: schema: $ref: '#/components/schemas/NickGroup' + '400': + description: Bad Request + content: + application/json: + schema: + $ref: '#/components/schemas/Error' '401': description: Unauthorized content: @@ -453,6 +501,12 @@ paths: application/json: schema: $ref: '#/components/schemas/NickGroup' + '400': + description: Bad Request + content: + application/json: + schema: + $ref: '#/components/schemas/Error' '401': description: Unauthorized content: diff --git a/tests/unit/plugins/relay/api/test-relay-api.cpp b/tests/unit/plugins/relay/api/test-relay-api.cpp index 50f9b78c0..1b2fc14e9 100644 --- a/tests/unit/plugins/relay/api/test-relay-api.cpp +++ b/tests/unit/plugins/relay/api/test-relay-api.cpp @@ -41,12 +41,14 @@ TEST_GROUP(RelayApi) TEST(RelayApi, SearchColors) { - LONGS_EQUAL(RELAY_API_COLORS_ANSI, relay_api_search_colors (NULL)); - LONGS_EQUAL(RELAY_API_COLORS_ANSI, relay_api_search_colors ("")); - LONGS_EQUAL(RELAY_API_COLORS_ANSI, relay_api_search_colors ("xxx")); - LONGS_EQUAL(RELAY_API_COLORS_ANSI, relay_api_search_colors ("WEECHAT")); - LONGS_EQUAL(RELAY_API_COLORS_ANSI, relay_api_search_colors ("STRIP")); + LONGS_EQUAL(-1, relay_api_search_colors (NULL)); + LONGS_EQUAL(-1, relay_api_search_colors ("")); + LONGS_EQUAL(-1, relay_api_search_colors ("xxx")); + LONGS_EQUAL(-1, relay_api_search_colors ("ANSI")); + LONGS_EQUAL(-1, relay_api_search_colors ("WEECHAT")); + LONGS_EQUAL(-1, relay_api_search_colors ("STRIP")); + LONGS_EQUAL(RELAY_API_COLORS_ANSI, relay_api_search_colors ("ansi")); LONGS_EQUAL(RELAY_API_COLORS_WEECHAT, relay_api_search_colors ("weechat")); LONGS_EQUAL(RELAY_API_COLORS_STRIP, relay_api_search_colors ("strip")); }