kosmos/mastodon
kosmos/mastodon
8
0
Fork 0
Code Pull Requests Activity

Fix invalid date searches returning 503 (#31526)

Browse Source
This commit is contained in:
Taylor Chaparro 2024-09-12 06:40:20 -07:00 committed by GitHub
parent f3c4874522
commit 1b6a82b799
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 69 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
app/lib/search_query_transformer.rb
View File

@ -168,15 +168,15 @@ class SearchQueryTransformer < Parslet::Transform
when 'before' when 'before'
@filter = :created_at @filter = :created_at
@type = :range @type = :range
@term = { lt: term, time_zone: @options[:current_account]&.user_time_zone.presence || 'UTC' } @term = { lt: TermValidator.validate_date!(term), time_zone: @options[:current_account]&.user_time_zone.presence || 'UTC' }
when 'after' when 'after'
@filter = :created_at @filter = :created_at
@type = :range @type = :range
@term = { gt: term, time_zone: @options[:current_account]&.user_time_zone.presence || 'UTC' } @term = { gt: TermValidator.validate_date!(term), time_zone: @options[:current_account]&.user_time_zone.presence || 'UTC' }
when 'during' when 'during'
@filter = :created_at @filter = :created_at
@type = :range @type = :range
@term = { gte: term, lte: term, time_zone: @options[:current_account]&.user_time_zone.presence || 'UTC' } @term = { gte: TermValidator.validate_date!(term), lte: TermValidator.validate_date!(term), time_zone: @options[:current_account]&.user_time_zone.presence || 'UTC' }
when 'in' when 'in'
@operator = :flag @operator = :flag
@term = term @term = term
@ -224,6 +224,17 @@ class SearchQueryTransformer < Parslet::Transform
end end
end end
class TermValidator
STRICT_DATE_REGEX = /\A\d{4}-\d{2}-\d{2}\z/ # yyyy-MM-dd
EPOCH_MILLIS_REGEX = /\A\d{1,19}\z/
def self.validate_date!(value)
return value if value.match?(STRICT_DATE_REGEX) || value.match?(EPOCH_MILLIS_REGEX)
raise Mastodon::FilterValidationError, "Invalid date #{value}"
end
end
rule(clause: subtree(:clause)) do rule(clause: subtree(:clause)) do
prefix = clause[:prefix][:term].to_s.downcase if clause[:prefix] prefix = clause[:prefix][:term].to_s.downcase if clause[:prefix]
operator = clause[:operator]&.to_s operator = clause[:operator]&.to_s

1
lib/exceptions.rb
View File

@ -8,6 +8,7 @@ module Mastodon
class LengthValidationError < ValidationError; end class LengthValidationError < ValidationError; end
class DimensionsValidationError < ValidationError; end class DimensionsValidationError < ValidationError; end
class StreamValidationError < ValidationError; end class StreamValidationError < ValidationError; end
class FilterValidationError < ValidationError; end
class RaceConditionError < Error; end class RaceConditionError < Error; end
class RateLimitExceededError < Error; end class RateLimitExceededError < Error; end
class SyntaxError < Error; end class SyntaxError < Error; end

57
spec/lib/search_query_transformer_spec.rb
View File

@ -8,6 +8,37 @@ RSpec.describe SearchQueryTransformer do
let(:account) { Fabricate(:account) } let(:account) { Fabricate(:account) }
let(:parser) { SearchQueryParser.new.parse(query) } let(:parser) { SearchQueryParser.new.parse(query) }
shared_examples 'date operator' do |operator|
let(:statement_operations) { [] }
[
['2022-01-01', '2022-01-01'],
['"2022-01-01"', '2022-01-01'],
['12345678', '12345678'],
['"12345678"', '12345678'],
].each do |value, parsed|
context "with #{operator}:#{value}" do
let(:query) { "#{operator}:#{value}" }
it 'transforms clauses' do
ops = statement_operations.index_with { |_op| parsed }
expect(subject.send(:must_clauses)).to be_empty
expect(subject.send(:must_not_clauses)).to be_empty
expect(subject.send(:filter_clauses).map(&:term)).to contain_exactly(**ops, time_zone: 'UTC')
end
end
end
context "with #{operator}:\"abc\"" do
let(:query) { "#{operator}:\"abc\"" }
it 'raises an exception' do
expect { subject }.to raise_error(Mastodon::FilterValidationError, 'Invalid date abc')
end
end
end
context 'with "hello world"' do context 'with "hello world"' do
let(:query) { 'hello world' } let(:query) { 'hello world' }
@ -68,13 +99,33 @@ RSpec.describe SearchQueryTransformer do
end end
end end
context 'with \'before:"2022-01-01 23:00"\'' do context 'with \'is:"foo bar"\'' do
let(:query) { 'before:"2022-01-01 23:00"' } let(:query) { 'is:"foo bar"' }
it 'transforms clauses' do it 'transforms clauses' do
expect(subject.send(:must_clauses)).to be_empty expect(subject.send(:must_clauses)).to be_empty
expect(subject.send(:must_not_clauses)).to be_empty expect(subject.send(:must_not_clauses)).to be_empty
expect(subject.send(:filter_clauses).map(&:term)).to contain_exactly(lt: '2022-01-01 23:00', time_zone: 'UTC') expect(subject.send(:filter_clauses).map(&:term)).to contain_exactly('foo bar')
end
end
context 'with date operators' do
context 'with "before"' do
it_behaves_like 'date operator', 'before' do
let(:statement_operations) { [:lt] }
end
end
context 'with "after"' do
it_behaves_like 'date operator', 'after' do
let(:statement_operations) { [:gt] }
end
end
context 'with "during"' do
it_behaves_like 'date operator', 'during' do
let(:statement_operations) { [:gte, :lte] }
end
end end
end end
end end