Skip to content

Commit

Permalink
improve input validation on PUT /flags
Browse files Browse the repository at this point in the history
  • Loading branch information
@avkhozov
avkhozov committed Aug 24, 2023
1 parent d9347c2 commit 678419c
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 1 deletion.
5 changes: 4 additions & 1 deletion lib/CS/Controller/Flags.pm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,10 @@ sub put {
return $c->render(json => {status => \0, msg => "Invalid token '$token'"}, status => 400)
unless my $team = $c->pg->db->select('teams', ['id'], {token => $token})->hash;

my $flags = $c->req->json // [];
my $flags = $c->req->json;
return $c->render(json => {status => \0, msg => 'Invalid format'}, status => 400)
unless ref $flags eq 'ARRAY';

my $results = [];

my $do;
Expand Down
2 changes: 2 additions & 0 deletions t/basic.t
View file
Original file line number Diff line number Diff line change
Expand Up @@ -315,4 +315,6 @@ $t->get_ok('/ctftime/scoreboard.json')

$t->get_ok('/ctftime/fb.json');

$t->get_ok('/admin/info');

done_testing;

0 comments on commit 678419c

Please sign in to comment.