From 178717746d5ed2def050b6a7caf4b2da30fecc1b Mon Sep 17 00:00:00 2001 From: SoSeDiK Date: Fri, 12 Apr 2024 03:01:33 +0300 Subject: [PATCH] lib: Add validation for cursor file names and propagate the error from parsing HL cursor (#32) * Validate cursor file names * Propagate errors from parsing HL cursor * Validate cursor directory names --- hyprcursor-util/src/main.cpp | 4 ++++ libhyprcursor/meta.cpp | 10 +++++++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/hyprcursor-util/src/main.cpp b/hyprcursor-util/src/main.cpp index 8602d6b..13669c9 100644 --- a/hyprcursor-util/src/main.cpp +++ b/hyprcursor-util/src/main.cpp @@ -5,6 +5,7 @@ #include #include #include +#include #include #include "internalSharedTypes.hpp" #include "manifest.hpp" @@ -98,6 +99,9 @@ static std::optional createCursorThemeFromPath(const std::string& p // iterate over the directory and record all cursors for (auto& dir : std::filesystem::directory_iterator(CURSORDIR)) { + if (!std::regex_match(dir.path().stem().string(), std::regex("^[A-Za-z0-9_\\-\\.]+$"))) + return "Invalid cursor directory name at " + dir.path().string() + " : characters must be within [A-Za-z0-9_\\-\\.]"; + const auto METAPATH = dir.path().string() + "/meta"; auto& SHAPE = currentTheme.shapes.emplace_back(std::make_unique()); diff --git a/libhyprcursor/meta.cpp b/libhyprcursor/meta.cpp index 77e554e..c7963d4 100644 --- a/libhyprcursor/meta.cpp +++ b/libhyprcursor/meta.cpp @@ -3,6 +3,7 @@ #include #include #include +#include #include "VarList.hpp" @@ -95,6 +96,11 @@ static Hyprlang::CParseResult parseDefineSize(const char* C, const char* V) { RHS = LL; } + if (!std::regex_match(RHS, std::regex("^[A-Za-z0-9_\\-\\.]+$"))) { + result.setError("Invalid cursor file name, characters must be within [A-Za-z0-9_\\-\\.] (if this seems like a mistake, check for invisible characters)"); + return result; + } + size.file = RHS; if (!size.file.ends_with(".svg")) { @@ -132,7 +138,9 @@ std::optional CMeta::parseHL() { meta->registerHandler(::parseDefineSize, "define_size", {.allowFlags = false}); meta->registerHandler(::parseOverride, "define_override", {.allowFlags = false}); meta->commence(); - meta->parse(); + const auto RESULT = meta->parse(); + if (RESULT.error) + return RESULT.getError(); } catch (const char* err) { return "failed parsing meta: " + std::string{err}; } parsedData.hotspotX = std::any_cast(meta->getConfigValue("hotspot_x"));