From ac199ba2fa18a70ebb302aea2b78cd5066d94998 Mon Sep 17 00:00:00 2001
From: Roman Volosovskyi <rasom@ukr.net>
Date: Fri, 14 Oct 2016 09:44:38 +0300
Subject: [PATCH] validate command's name (#235)

---
 src/status_im/commands/handlers/loading.cljs | 31 +++++++++++++-------
 src/status_im/new_group/validations.cljs     | 11 ++++---
 src/status_im/profile/validations.cljs       |  9 +++---
 src/status_im/utils/homoglyph.cljs           |  7 +++++
 4 files changed, 37 insertions(+), 21 deletions(-)
 create mode 100644 src/status_im/utils/homoglyph.cljs

diff --git a/src/status_im/commands/handlers/loading.cljs b/src/status_im/commands/handlers/loading.cljs
index d35a066ea9..58362fb0ac 100644
--- a/src/status_im/commands/handlers/loading.cljs
+++ b/src/status_im/commands/handlers/loading.cljs
@@ -9,7 +9,8 @@
             [status-im.utils.types :refer [json->clj]]
             [status-im.commands.utils :refer [reg-handler]]
             [status-im.constants :refer [console-chat-id wallet-chat-id]]
-            [taoensso.timbre :as log]))
+            [taoensso.timbre :as log]
+            [status-im.utils.homoglyph :as h]))
 
 (def commands-js "commands.js")
 
@@ -36,8 +37,8 @@
       (dispatch [::validate-hash identity (slurp "resources/commands.js")])
       #_(http-get (s/join "/" [url commands-js])
 
-                #(dispatch [::validate-hash identity %])
-                #(dispatch [::loading-failed! identity ::file-was-not-found])))))
+                  #(dispatch [::validate-hash identity %])
+                  #(dispatch [::loading-failed! identity ::file-was-not-found])))))
 
 (defn dispatch-loaded!
   [db [identity file]]
@@ -75,17 +76,27 @@
        (map (fn [[k v]] [k (assoc v :type as)]))
        (into {})))
 
+(defn filter-forbidden-names [id commands]
+  (->> commands
+       (remove (fn [[n]]
+                 (and
+                   (not (= console-chat-id id))
+                   (h/matches (name n) "password"))))
+       (into {})))
+
 (defn add-commands
-  [db [id _ {:keys [commands responses autorun] :as data}]]
-  (-> db
-      (update-in [id :commands] merge (mark-as :command commands))
-      (update-in [id :responses] merge (mark-as :response responses))
-      (assoc-in [id :commands-loaded] true)
-      (assoc-in [id :autorun] autorun)))
+  [db [id _ {:keys [commands responses autorun]}]]
+  (let [commands'  (filter-forbidden-names id commands)
+        responses' (filter-forbidden-names id responses)]
+    (-> db
+        (update-in [id :commands] merge (mark-as :command commands'))
+        (update-in [id :responses] merge (mark-as :response responses'))
+        (assoc-in [id :commands-loaded] true)
+        (assoc-in [id :autorun] autorun))))
 
 (defn save-commands-js!
   [_ [id file]]
-    (commands/save {:chat-id id :file file}))
+  (commands/save {:chat-id id :file file}))
 
 (defn loading-failed!
   [db [id reason details]]
diff --git a/src/status_im/new_group/validations.cljs b/src/status_im/new_group/validations.cljs
index 53b8182de6..304dfbb7f8 100644
--- a/src/status_im/new_group/validations.cljs
+++ b/src/status_im/new_group/validations.cljs
@@ -2,17 +2,16 @@
   (:require [cljs.spec :as s]
             [status-im.utils.phone-number :refer [valid-mobile-number?]]
             [status-im.constants :refer [console-chat-id wallet-chat-id]]
-            [clojure.string :as str]))
-
-(def homoglyph-finder (js/require "homoglyph-finder"))
+            [clojure.string :as str]
+            [status-im.utils.homoglyph :as h]))
 
 (defn not-illegal-name? [username]
   (let [username (some-> username (str/trim))]
-    (and (not (.isMatches homoglyph-finder username console-chat-id))
-         (not (.isMatches homoglyph-finder username wallet-chat-id)))))
+    (and (not (h/matches username console-chat-id))
+         (not (h/matches username wallet-chat-id)))))
 
 (s/def ::not-empty-string (s/and string? not-empty))
 (s/def ::not-illegal-name not-illegal-name?)
 
 (s/def ::name (s/and ::not-empty-string
-                     ::not-illegal-name))
\ No newline at end of file
+                     ::not-illegal-name))
diff --git a/src/status_im/profile/validations.cljs b/src/status_im/profile/validations.cljs
index 78882ebc71..e19755b749 100644
--- a/src/status_im/profile/validations.cljs
+++ b/src/status_im/profile/validations.cljs
@@ -1,14 +1,13 @@
 (ns status-im.profile.validations
   (:require [cljs.spec :as s]
             [status-im.constants :refer [console-chat-id wallet-chat-id]]
-            [clojure.string :as str]))
-
-(def homoglyph-finder (js/require "homoglyph-finder"))
+            [clojure.string :as str]
+            [status-im.utils.homoglyph :as h]))
 
 (defn correct-name? [username]
   (let [username (some-> username (str/trim))]
-    (and (not (.isMatches homoglyph-finder username console-chat-id))
-         (not (.isMatches homoglyph-finder username wallet-chat-id)))))
+    (and (not (h/matches username console-chat-id))
+         (not (h/matches username wallet-chat-id)))))
 
 (defn correct-email? [email]
   (let [pattern #"[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?"]
diff --git a/src/status_im/utils/homoglyph.cljs b/src/status_im/utils/homoglyph.cljs
new file mode 100644
index 0000000000..4ebb2d5414
--- /dev/null
+++ b/src/status_im/utils/homoglyph.cljs
@@ -0,0 +1,7 @@
+(ns status-im.utils.homoglyph
+  (:require [status-im.utils.utils :as u]))
+
+(def homoglyph-finder (u/require "homoglyph-finder"))
+
+(defn matches [s1 s2]
+  (.isMatches homoglyph-finder s1 s2))