Merge pull request #872 from pradnya-orchestral/Webscan_errordisclosure

Fixed integer overflow issue
StackStorm · Apr 29, 2021 · 3d91f51 · 3d91f51
2 parents d88b562 + 0dbb72a
commit 3d91f51
Show file tree

Hide file tree

Showing 3 changed files with 61 additions and 8 deletions.
diff --git a/apps/st2-actions/actions-details.component.js b/apps/st2-actions/actions-details.component.js
@@ -48,6 +48,7 @@ import {
 } from '@stackstorm/module-panel';
 import Time from '@stackstorm/module-time';
 
+
 @connect((state) => {
   const { action, executions, entrypoint } = state;
   return { action, executions, entrypoint };
@@ -126,9 +127,10 @@ export default class ActionsDetails extends React.Component {
     }
   }
 
+
+
   componentDidUpdate(prevProps) {
     const { id } = this.props;
-
     if (id && id !== prevProps.id) {
       this.fetchAction(id);
     }
@@ -192,6 +194,23 @@ export default class ActionsDetails extends React.Component {
     ;
   }
 
+  minMax (value) {
+    if (value < 0 || value > 2492000) {
+      return true;
+    }
+    return false;
+  }
+
+  isValidInt (value) {
+    for ( let n = 0; n < value.length; n += 1) {
+      const digit = (value.charCodeAt(n) >= 48 && value.charCodeAt(n) <= 57)  || value.charCodeAt(n) === 45 || value.charCodeAt(n) === 8;
+      if (!digit) {
+        return true;
+      }
+    }
+    return false;
+  }
+
   handleSection(section) {
     const { id } = this.props;
     return this.props.handleNavigate({ id, section });
@@ -220,13 +239,11 @@ export default class ActionsDetails extends React.Component {
 
   handleRun(e, ...args) {
     e.preventDefault();
-
     return this.props.handleRun(...args);
   }
 
   render() {
     const { section, action, executions, entrypoint } = this.props;
-
     if (!action) {
       return null;
     }
@@ -253,7 +270,15 @@ export default class ActionsDetails extends React.Component {
         { section === 'general' ? (
           <DetailsBody>
             <DetailsToolbar key="toolbar">
-              <Button value="Run" data-test="run_submit" onClick={(e) => this.handleRun(e, action.ref, this.state.runValue, this.state.runTrace || undefined)} />
+              <Button  
+                disabled={ 
+                  (this.state.runValue && this.state.runValue.timeout &&  this.minMax(this.state.runValue.timeout)) || 
+                  (this.state.runValue && this.state.runValue.limit &&  this.minMax(this.state.runValue.limit))  || 
+                  (this.state.runValue && this.state.runValue.timeout &&  this.isValidInt(this.state.runValue.timeout))  ||
+                  (this.state.runValue && this.state.runValue.limit &&  this.isValidInt(this.state.runValue.limit))  
+                }
+                value="Run" data-test="run_submit" onClick={(e) => this.handleRun(e, action.ref, this.state.runValue, this.state.runTrace || undefined)} 
+              />
               <Button flat value="Preview" onClick={() => this.handleToggleRunPreview()} />
               <DetailsToolbarSeparator />
               { action.runner_type === 'mistral-v2' || action.runner_type === 'orquesta' ? (

diff --git a/modules/st2-auto-form/fields/base.js b/modules/st2-auto-form/fields/base.js
@@ -85,10 +85,15 @@ export class BaseTextField extends React.Component {
 
   handleChange(e, value) {
     e.stopPropagation();
-
+    
     const invalid = this.validate(value, this.props.spec);
-
-    this.setState({ value, invalid }, this.props.onChange && !invalid ? this.emitChange : undefined);
+
+    if (this.props.name === 'timeout' || this.props.name === 'limit') {
+      this.setState({ value, invalid }, this.props.onChange ? this.emitChange : undefined);
+    } 
+    else {
+      this.setState({ value, invalid }, this.props.onChange && !invalid ? this.emitChange : undefined);
+    }
   }
 
   emitChange() {

diff --git a/modules/st2-auto-form/fields/integer.js b/modules/st2-auto-form/fields/integer.js
@@ -24,7 +24,12 @@ export default class IntegerField extends BaseTextField {
       return v;
     }
 
-    return v !== '' ? validator.toInt(v, 10) : void 0;
+    if (this.props.name === 'timeout' || this.props.name === 'limit') {
+      return v ;
+    }
+    else {
+      return v  !== '' ? validator.toInt(v, 10) : void 0;
+    }
   }
 
   toStateValue(v) {
@@ -41,6 +46,24 @@ export default class IntegerField extends BaseTextField {
       return invalid;
     }
 
+    if (spec._name === 'timeout' || spec._name === 'limit') {
+      for (let n = 0; n < v.length; n += 1) {
+        const digit = (v.charCodeAt(n) >= 48 && v.charCodeAt(n) <= 57) || v.charCodeAt(n) === 45  || v.charCodeAt(n) === 8;
+        if (!digit) {
+          return `'${v}' must be a positive integer`;
+        }
+        else {
+          if (v < 0) {
+            return 'Value must be > 0';
+          }
+          else if (v > 2592000) {
+            return 'Value must be <= 2592000';
+          } 
+
+        }
+      } 
+    }
+
     return v && !validator.isInt(v) && `'${v}' is not an integer`;
   }
 }