Merge pull request #965 from neicnordic/feat/disallow-reserved-charac…

…ters Disallow reserved characters
neicnordic · Jul 31, 2024 · b203446 · b203446
2 parents 7a23296 + 268d923
commit b203446
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 6 deletions.
diff --git a/sda/cmd/s3inbox/proxy.go b/sda/cmd/s3inbox/proxy.go
@@ -510,11 +510,11 @@ func formatUploadFilePath(filePath string) (string, error) {
 	outPath := strings.ReplaceAll(filePath, "\\", "/")
 
 	// [\x00-\x1F\x7F] is the control character set
-	re := regexp.MustCompile(`[\\:\*\?"<>\|\x00-\x1F\x7F]`)
+	re := regexp.MustCompile(`[\\<>"\|\x00-\x1F\x7F\!\*\'\(\)\;\:\@\&\=\+\$\,\?\%\#\[\]]`)
 
-	dissallowedChars := re.FindAllString(outPath, -1)
-	if dissallowedChars != nil {
-		return outPath, fmt.Errorf("filepath contains disallowed characters: %+v", strings.Join(dissallowedChars, ", "))
+	disallowedChars := re.FindAllString(outPath, -1)
+	if disallowedChars != nil {
+		return outPath, fmt.Errorf("filepath contains disallowed characters: %+v", strings.Join(disallowedChars, ", "))
 	}
 
 	return outPath, nil

diff --git a/sda/cmd/s3inbox/proxy_test.go b/sda/cmd/s3inbox/proxy_test.go
@@ -499,7 +499,7 @@ func (suite *ProxyTests) TestFormatUploadFilePath() {
 	assert.EqualError(suite.T(), err, "filepath contains mixed '\\' and '/' characters")
 
 	// no mixed "\" and "/" but not allowed
-	weirdPath = `dq\sw:*?"<>|\t\sdf.c4gh`
+	weirdPath = `dq\sw:*?"<>|\t\sdf!s'(a);w@4&f=+e$,g#[]d%.c4gh`
 	_, err = formatUploadFilePath(weirdPath)
-	assert.EqualError(suite.T(), err, "filepath contains disallowed characters: :, *, ?, \", <, >, |")
+	assert.EqualError(suite.T(), err, "filepath contains disallowed characters: :, *, ?, \", <, >, |, !, ', (, ), ;, @, &, =, +, $, ,, #, [, ], %")
 }