From 79ec24530d91d4e2738c8f34201340d25b7f5918 Mon Sep 17 00:00:00 2001
From: orbifx <fox@orbitalfox.eu>
Date: Thu, 17 Nov 2022 20:53:00 +0000
Subject: [PATCH] Check index ID characters before making a dir with them

---
 cli/pull.ml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/cli/pull.ml b/cli/pull.ml
index ba7826f..a0cb5e1 100644
--- a/cli/pull.ml
+++ b/cli/pull.ml
@@ -86,6 +86,13 @@ let per_text url dir filter print i id time title authors topics = match id with
 			|| Person.Set.exists (fun t -> List.mem (Person.to_string t) authors) filter.authors)
 		then pull_text url dir id
 
+let validate_id_length s = String.length s <= 32
+
+let validate_id_chars s = try
+	String.iter (function 'a'..'z'|'A'..'Z'|'0'..'9'-> () | _ -> raise (Invalid_argument "")) s;
+	true
+	with Invalid_argument _ -> false
+
 let pull_index url authors_opt topics_opt =
 	let index_url = url ^ "/index.pck" in
 	match curl_pull index_url with
@@ -95,6 +102,10 @@ let pull_index url authors_opt topics_opt =
 		| Error s -> Printf.printf "Error with %s: %s\n" url s; false
 		| Ok pk when pk.info.id = "" ->
 			Printf.printf "Empty ID index.pck, skipping %s\n" url; false
+		| Ok pk when not (validate_id_length pk.info.id) ->
+			Printf.printf "Index pack ID longer than 32 characters, skipping %s\n" url; false
+		| Ok pk when not (validate_id_chars pk.info.id) ->
+			Printf.printf "Index pack contains invalid ID characters, skipping %s\n" url; false
 		| Ok pk ->
 			let dir = Filename.concat Logarion.Peers.text_dir pk.info.id in
 			Logarion.File_store.with_dir dir;