Audacity 3.2.0
Static Public Member Functions | List of all members
XMLValueChecker Class Reference

XMLValueChecker implements static bool methods for checking input values from XML files. More...

#include <XMLTagHandler.h>

Static Public Member Functions

static bool IsGoodFileName (const FilePath &strFileName, const FilePath &strDirName={})
 
static bool IsGoodFileString (const FilePath &str)
 
static bool IsGoodSubdirName (const FilePath &strSubdirName, const FilePath &strDirName={})
 
static bool IsGoodPathName (const FilePath &strPathName)
 
static bool IsGoodPathString (const FilePath &str)
 

Detailed Description

XMLValueChecker implements static bool methods for checking input values from XML files.

Definition at line 29 of file XMLTagHandler.h.

Member Function Documentation

◆ IsGoodFileName()

bool XMLValueChecker::IsGoodFileName ( const FilePath strFileName,
const FilePath strDirName = {} 
)
static

Definition at line 39 of file XMLTagHandler.cpp.

40{
41 // Test strFileName.
42 if (!IsGoodFileString(strFileName) ||
43 (strDirName.length() + 1 + strFileName.length() > PLATFORM_MAX_PATH))
44 return false;
45
46 // Test the corresponding wxFileName.
47 wxFileName fileName(strDirName, strFileName);
48 return (fileName.IsOk() && fileName.FileExists());
49}
#define PLATFORM_MAX_PATH
Definition: FileNames.h:42
static bool IsGoodFileString(const FilePath &str)

References IsGoodFileString(), and PLATFORM_MAX_PATH.

Referenced by AUPImportFileHandle::HandleImport(), AUPImportFileHandle::HandlePCMAliasBlockFile(), and IsGoodPathName().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ IsGoodFileString()

bool XMLValueChecker::IsGoodFileString ( const FilePath str)
static

Definition at line 51 of file XMLTagHandler.cpp.

52{
53 return (!str.empty() &&
54
55 // FILENAME_MAX is 260 in MSVC, but inconsistent across platforms,
56 // sometimes huge, but we use 260 for all platforms.
57 (str.length() <= 260) &&
58
59 (str.Find(wxFileName::GetPathSeparator()) == -1)); // No path separator characters.
60}
#define str(a)

References str.

Referenced by AUPImportFileHandle::HandleSimpleBlockFile(), IsGoodFileName(), and IsGoodSubdirName().

Here is the caller graph for this function:

◆ IsGoodPathName()

bool XMLValueChecker::IsGoodPathName ( const FilePath strPathName)
static

Definition at line 78 of file XMLTagHandler.cpp.

79{
80 // Test the corresponding wxFileName.
81 wxFileName fileName(strPathName);
82 return XMLValueChecker::IsGoodFileName(fileName.GetFullName(), fileName.GetPath(wxPATH_GET_VOLUME));
83}
static bool IsGoodFileName(const FilePath &strFileName, const FilePath &strDirName={})

References IsGoodFileName().

Referenced by AUPImportFileHandle::HandleImport(), and AUPImportFileHandle::HandlePCMAliasBlockFile().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ IsGoodPathString()

bool XMLValueChecker::IsGoodPathString ( const FilePath str)
static

Definition at line 85 of file XMLTagHandler.cpp.

86{
87 return (!str.empty() &&
88 (str.length() <= PLATFORM_MAX_PATH));
89}

References PLATFORM_MAX_PATH, and str.

Referenced by AUPImportFileHandle::HandlePCMAliasBlockFile().

Here is the caller graph for this function:

◆ IsGoodSubdirName()

bool XMLValueChecker::IsGoodSubdirName ( const FilePath strSubdirName,
const FilePath strDirName = {} 
)
static

Definition at line 62 of file XMLTagHandler.cpp.

63{
64 // Test strSubdirName.
65 // Note this prevents path separators, and relative path to parents (strDirName),
66 // so fixes vulnerability #3 in the NGS report for UmixIt,
67 // where an attacker could craft an AUP file with relative pathnames to get to system files, for example.
68 if (!IsGoodFileString(strSubdirName) ||
69 (strSubdirName == wxT(".")) || (strSubdirName == wxT("..")) ||
70 (strDirName.length() + 1 + strSubdirName.length() > PLATFORM_MAX_PATH))
71 return false;
72
73 // Test the corresponding wxFileName.
74 wxFileName fileName(strDirName, strSubdirName);
75 return (fileName.IsOk() && fileName.DirExists());
76}
wxT("CloseDown"))

References IsGoodFileString(), PLATFORM_MAX_PATH, and wxT().

Here is the call graph for this function:

The documentation for this class was generated from the following files: