feat: Sanitize user input with single quotes

St4NNi · St4NNi · commit 32f44ac334a4 · 2024-12-19T15:26:55.000+01:00
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "bakta-web-backend"
-version = "0.6.3"
+version = "0.6.4"
 edition = "2021"
 
 [dependencies]
diff --git a/src/api_structs.rs b/src/api_structs.rs
@@ -200,8 +200,8 @@ pub struct JobConfig {
     pub compliant: bool,
 }
 
-pub fn strip_whitespace(s: String) -> String {
-    s.replace(" ", "")
+pub fn sanitize_input(s: String) -> String {
+    format!("'{}'", s.replace("'", ""))
 }
 
 impl JobConfig {
@@ -226,13 +226,13 @@ impl JobConfig {
 
         if let Some(locus) = self.locus {
             if !locus.is_empty() {
-                parameters.push(format!("--locus {}", strip_whitespace(locus)));
+                parameters.push(format!("--locus {}", sanitize_input(locus)));
             }
         }
 
         if let Some(locus_tag) = self.locus_tag {
             if !locus_tag.is_empty() {
-                parameters.push(format!("--locus-tag {}", strip_whitespace(locus_tag)));
+                parameters.push(format!("--locus-tag {}", sanitize_input(locus_tag)));
             }
         }
 
@@ -242,25 +242,25 @@ impl JobConfig {
 
         if let Some(genus) = self.genus {
             if !genus.is_empty() {
-                parameters.push(format!("--genus {}", strip_whitespace(genus)));
+                parameters.push(format!("--genus {}", sanitize_input(genus)));
             }
         }
 
         if let Some(species) = self.species {
             if !species.is_empty() {
-                parameters.push(format!("--species {}", strip_whitespace(species)));
+                parameters.push(format!("--species {}", sanitize_input(species)));
             }
         }
 
         if let Some(strain) = self.strain {
             if !strain.is_empty() {
-                parameters.push(format!("--strain {}", strip_whitespace(strain)));
+                parameters.push(format!("--strain {}", sanitize_input(strain)));
             }
         }
 
         if let Some(plasmid) = self.plasmid {
             if !plasmid.is_empty() {
-                parameters.push(format!("--plasmid {}", strip_whitespace(plasmid)));
+                parameters.push(format!("--plasmid {}", sanitize_input(plasmid)));
             }
         }
 

Original file line number	Diff line number	Diff line change
`@@ -200,8 +200,8 @@ pub struct JobConfig {`
`200`	`200`	`pub compliant: bool,`
`201`	`201`	`}`
`202`	`202`
`203`		`-pub fn strip_whitespace(s: String) -> String {`
`204`		`- s.replace(" ", "")`
	`203`	`+pub fn sanitize_input(s: String) -> String {`
	`204`	`+ format!("'{}'", s.replace("'", ""))`
`205`	`205`	`}`
`206`	`206`
`207`	`207`	`impl JobConfig {`
`@@ -226,13 +226,13 @@ impl JobConfig {`
`226`	`226`
`227`	`227`	`if let Some(locus) = self.locus {`
`228`	`228`	`if !locus.is_empty() {`
`229`		`- parameters.push(format!("--locus {}", strip_whitespace(locus)));`
	`229`	`+ parameters.push(format!("--locus {}", sanitize_input(locus)));`
`230`	`230`	`}`
`231`	`231`	`}`
`232`	`232`
`233`	`233`	`if let Some(locus_tag) = self.locus_tag {`
`234`	`234`	`if !locus_tag.is_empty() {`
`235`		`- parameters.push(format!("--locus-tag {}", strip_whitespace(locus_tag)));`
	`235`	`+ parameters.push(format!("--locus-tag {}", sanitize_input(locus_tag)));`
`236`	`236`	`}`
`237`	`237`	`}`
`238`	`238`
`@@ -242,25 +242,25 @@ impl JobConfig {`
`242`	`242`
`243`	`243`	`if let Some(genus) = self.genus {`
`244`	`244`	`if !genus.is_empty() {`
`245`		`- parameters.push(format!("--genus {}", strip_whitespace(genus)));`
	`245`	`+ parameters.push(format!("--genus {}", sanitize_input(genus)));`
`246`	`246`	`}`
`247`	`247`	`}`
`248`	`248`
`249`	`249`	`if let Some(species) = self.species {`
`250`	`250`	`if !species.is_empty() {`
`251`		`- parameters.push(format!("--species {}", strip_whitespace(species)));`
	`251`	`+ parameters.push(format!("--species {}", sanitize_input(species)));`
`252`	`252`	`}`
`253`	`253`	`}`
`254`	`254`
`255`	`255`	`if let Some(strain) = self.strain {`
`256`	`256`	`if !strain.is_empty() {`
`257`		`- parameters.push(format!("--strain {}", strip_whitespace(strain)));`
	`257`	`+ parameters.push(format!("--strain {}", sanitize_input(strain)));`
`258`	`258`	`}`
`259`	`259`	`}`
`260`	`260`
`261`	`261`	`if let Some(plasmid) = self.plasmid {`
`262`	`262`	`if !plasmid.is_empty() {`
`263`		`- parameters.push(format!("--plasmid {}", strip_whitespace(plasmid)));`
	`263`	`+ parameters.push(format!("--plasmid {}", sanitize_input(plasmid)));`
`264`	`264`	`}`
`265`	`265`	`}`
`266`	`266`