From a27d005ffcadb7fa4c7a926e87a63a01fbd448ff Mon Sep 17 00:00:00 2001 From: Ivan Folgueira Bande <128452529+Ivansete-status@users.noreply.github.com> Date: Tue, 26 Sep 2023 13:59:54 +0200 Subject: [PATCH] fix(archive): dburl check (#2071) * dburl.nim: simpler regex that can support db_urls with . and - in hostname * dbrul.nim: accepting any non-empty sequence for user and password * dburl.nim: skipping validation for 'sqlite' db paths --- apps/wakunode2/external_config.nim | 12 ------------ waku/common/databases/dburl.nim | 4 ++-- 2 files changed, 2 insertions(+), 14 deletions(-) diff --git a/apps/wakunode2/external_config.nim b/apps/wakunode2/external_config.nim index a21bc86df..3c604dafe 100644 --- a/apps/wakunode2/external_config.nim +++ b/apps/wakunode2/external_config.nim @@ -509,18 +509,6 @@ proc parseCmdArg*(T: type Option[uint], p: string): T = except CatchableError: raise newException(ValueError, "Invalid unsigned integer") -## Configuration validation - -let DbUrlRegex = re"^[\w\+]+:\/\/[\w\/\\\.\:\@]+$" - -proc validateDbUrl*(val: string): ConfResult[string] = - let val = val.strip() - - if val == "" or val == "none" or val.match(DbUrlRegex): - ok(val) - else: - err("invalid 'db url' option format: " & val) - ## Load proc readValue*(r: var TomlReader, value: var crypto.PrivateKey) {.raises: [SerializationError].} = diff --git a/waku/common/databases/dburl.nim b/waku/common/databases/dburl.nim index affdc04b6..772235bb6 100644 --- a/waku/common/databases/dburl.nim +++ b/waku/common/databases/dburl.nim @@ -7,9 +7,9 @@ import proc validateDbUrl*(dbUrl: string): Result[string, string] = ## dbUrl mimics SQLAlchemy Database URL schema ## See: https://docs.sqlalchemy.org/en/14/core/engines.html#database-urls - let regex = re"^[\w\+]+:\/\/[\w\/\\\.\:\@]+$" + let regex = re"^\w+:\/\/.+:.+@[\w*-.]+:[0-9]+\/[\w*-.]+$" let dbUrl = dbUrl.strip() - if dbUrl == "" or dbUrl == "none" or dbUrl.match(regex): + if "sqlite" in dbUrl or dbUrl == "" or dbUrl == "none" or dbUrl.match(regex): return ok(dbUrl) else: return err("invalid 'db url' option format: " & dbUrl)