From 4c4f803c1f914e125c6d89d8ac9cad387abb0de2 Mon Sep 17 00:00:00 2001 From: Kyle Spearrin Date: Wed, 30 Dec 2015 21:40:19 -0500 Subject: [PATCH] added string length checks on all request objects that store the given data. --- src/Api/Models/Request/Accounts/EmailRequestModel.cs | 3 +++ src/Api/Models/Request/Accounts/EmailTokenRequestModel.cs | 2 ++ .../Models/Request/Accounts/PasswordHintRequestModel.cs | 1 + src/Api/Models/Request/Accounts/PasswordRequestModel.cs | 2 ++ src/Api/Models/Request/Accounts/RegisterRequestModel.cs | 4 ++++ .../Models/Request/Accounts/RegisterTokenRequestModel.cs | 1 + .../Models/Request/Accounts/UpdateProfileRequestModel.cs | 2 ++ .../Models/Request/Accounts/UpdateTwoFactorRequestModel.cs | 1 + src/Api/Models/Request/Auth/AuthTokenRequestModel.cs | 1 + src/Api/Models/Request/Ciphers/CipherRequestModel.cs | 7 +++++++ src/Api/Models/Request/Folders/FolderRequestModel.cs | 1 + src/Api/Models/Request/Sites/SiteRequestModel.cs | 6 ++++++ 12 files changed, 31 insertions(+) diff --git a/src/Api/Models/Request/Accounts/EmailRequestModel.cs b/src/Api/Models/Request/Accounts/EmailRequestModel.cs index c9de5aeed..86c689d92 100644 --- a/src/Api/Models/Request/Accounts/EmailRequestModel.cs +++ b/src/Api/Models/Request/Accounts/EmailRequestModel.cs @@ -6,10 +6,13 @@ namespace Bit.Api.Models { [Required] [EmailAddress] + [StringLength(50)] public string NewEmail { get; set; } [Required] + [StringLength(300)] public string MasterPasswordHash { get; set; } [Required] + [StringLength(300)] public string NewMasterPasswordHash { get; set; } [Required] public string Token { get; set; } diff --git a/src/Api/Models/Request/Accounts/EmailTokenRequestModel.cs b/src/Api/Models/Request/Accounts/EmailTokenRequestModel.cs index 12a222864..3c8ff2754 100644 --- a/src/Api/Models/Request/Accounts/EmailTokenRequestModel.cs +++ b/src/Api/Models/Request/Accounts/EmailTokenRequestModel.cs @@ -6,8 +6,10 @@ namespace Bit.Api.Models { [Required] [EmailAddress] + [StringLength(50)] public string NewEmail { get; set; } [Required] + [StringLength(300)] public string MasterPasswordHash { get; set; } } } diff --git a/src/Api/Models/Request/Accounts/PasswordHintRequestModel.cs b/src/Api/Models/Request/Accounts/PasswordHintRequestModel.cs index d21051aa5..64261423d 100644 --- a/src/Api/Models/Request/Accounts/PasswordHintRequestModel.cs +++ b/src/Api/Models/Request/Accounts/PasswordHintRequestModel.cs @@ -6,6 +6,7 @@ namespace Bit.Api.Models { [Required] [EmailAddress] + [StringLength(50)] public string Email { get; set; } } } diff --git a/src/Api/Models/Request/Accounts/PasswordRequestModel.cs b/src/Api/Models/Request/Accounts/PasswordRequestModel.cs index c634e5663..886bf2ff6 100644 --- a/src/Api/Models/Request/Accounts/PasswordRequestModel.cs +++ b/src/Api/Models/Request/Accounts/PasswordRequestModel.cs @@ -5,8 +5,10 @@ namespace Bit.Api.Models public class PasswordRequestModel { [Required] + [StringLength(300)] public string MasterPasswordHash { get; set; } [Required] + [StringLength(300)] public string NewMasterPasswordHash { get; set; } [Required] public CipherRequestModel[] Ciphers { get; set; } diff --git a/src/Api/Models/Request/Accounts/RegisterRequestModel.cs b/src/Api/Models/Request/Accounts/RegisterRequestModel.cs index e1ebf02f9..be1efa2bd 100644 --- a/src/Api/Models/Request/Accounts/RegisterRequestModel.cs +++ b/src/Api/Models/Request/Accounts/RegisterRequestModel.cs @@ -8,12 +8,16 @@ namespace Bit.Api.Models [Required] public string Token { get; set; } [Required] + [StringLength(50)] public string Name { get; set; } [Required] [EmailAddress] + [StringLength(50)] public string Email { get; set; } [Required] + [StringLength(300)] public string MasterPasswordHash { get; set; } + [StringLength(50)] public string MasterPasswordHint { get; set; } public User ToUser() diff --git a/src/Api/Models/Request/Accounts/RegisterTokenRequestModel.cs b/src/Api/Models/Request/Accounts/RegisterTokenRequestModel.cs index 9c79372cf..15b43d095 100644 --- a/src/Api/Models/Request/Accounts/RegisterTokenRequestModel.cs +++ b/src/Api/Models/Request/Accounts/RegisterTokenRequestModel.cs @@ -6,6 +6,7 @@ namespace Bit.Api.Models { [Required] [EmailAddress] + [StringLength(50)] public string Email { get; set; } } } diff --git a/src/Api/Models/Request/Accounts/UpdateProfileRequestModel.cs b/src/Api/Models/Request/Accounts/UpdateProfileRequestModel.cs index 504692a9f..f7cfee0e2 100644 --- a/src/Api/Models/Request/Accounts/UpdateProfileRequestModel.cs +++ b/src/Api/Models/Request/Accounts/UpdateProfileRequestModel.cs @@ -6,7 +6,9 @@ namespace Bit.Api.Models public class UpdateProfileRequestModel { [Required] + [StringLength(50)] public string Name { get; set; } + [StringLength(50)] public string MasterPasswordHint { get; set; } [Required] [RegularExpression("^[a-z]{2}-[A-Z]{2}$")] diff --git a/src/Api/Models/Request/Accounts/UpdateTwoFactorRequestModel.cs b/src/Api/Models/Request/Accounts/UpdateTwoFactorRequestModel.cs index 85593158f..b18b39814 100644 --- a/src/Api/Models/Request/Accounts/UpdateTwoFactorRequestModel.cs +++ b/src/Api/Models/Request/Accounts/UpdateTwoFactorRequestModel.cs @@ -9,6 +9,7 @@ namespace Bit.Api.Models public string MasterPasswordHash { get; set; } [Required] public bool? Enabled { get; set; } + [StringLength(50)] public string Token { get; set; } public IEnumerable Validate(ValidationContext validationContext) diff --git a/src/Api/Models/Request/Auth/AuthTokenRequestModel.cs b/src/Api/Models/Request/Auth/AuthTokenRequestModel.cs index c80d35898..1ccd66c31 100644 --- a/src/Api/Models/Request/Auth/AuthTokenRequestModel.cs +++ b/src/Api/Models/Request/Auth/AuthTokenRequestModel.cs @@ -6,6 +6,7 @@ namespace Bit.Api.Models { [Required] [EmailAddress] + [StringLength(50)] public string Email { get; set; } [Required] public string MasterPasswordHash { get; set; } diff --git a/src/Api/Models/Request/Ciphers/CipherRequestModel.cs b/src/Api/Models/Request/Ciphers/CipherRequestModel.cs index 0f0d0d295..15fee5e09 100644 --- a/src/Api/Models/Request/Ciphers/CipherRequestModel.cs +++ b/src/Api/Models/Request/Ciphers/CipherRequestModel.cs @@ -13,18 +13,25 @@ namespace Bit.Api.Models public CipherType Type { get; set; } [Required] + [StringLength(36)] public string Id { get; set; } + [StringLength(36)] public string FolderId { get; set; } [Required] [EncryptedString] + [StringLength(300)] public string Name { get; set; } [EncryptedString] + [StringLength(5000)] public string Uri { get; set; } [EncryptedString] + [StringLength(200)] public string Username { get; set; } [EncryptedString] + [StringLength(300)] public string Password { get; set; } [EncryptedString] + [StringLength(5000)] public string Notes { get; set; } public virtual Site ToSite(string userId = null) diff --git a/src/Api/Models/Request/Folders/FolderRequestModel.cs b/src/Api/Models/Request/Folders/FolderRequestModel.cs index 6dbb6b692..b1e3967ee 100644 --- a/src/Api/Models/Request/Folders/FolderRequestModel.cs +++ b/src/Api/Models/Request/Folders/FolderRequestModel.cs @@ -9,6 +9,7 @@ namespace Bit.Api.Models { [Required] [EncryptedString] + [StringLength(300)] public string Name { get; set; } public Folder ToFolder(string userId = null) diff --git a/src/Api/Models/Request/Sites/SiteRequestModel.cs b/src/Api/Models/Request/Sites/SiteRequestModel.cs index 7bfc2a93e..7579d0d97 100644 --- a/src/Api/Models/Request/Sites/SiteRequestModel.cs +++ b/src/Api/Models/Request/Sites/SiteRequestModel.cs @@ -7,19 +7,25 @@ namespace Bit.Api.Models { public class SiteRequestModel { + [StringLength(36)] public string FolderId { get; set; } [Required] [EncryptedString] + [StringLength(300)] public string Name { get; set; } [Required] [EncryptedString] + [StringLength(5000)] public string Uri { get; set; } [EncryptedString] + [StringLength(200)] public string Username { get; set; } [Required] [EncryptedString] + [StringLength(300)] public string Password { get; set; } [EncryptedString] + [StringLength(5000)] public string Notes { get; set; } public Site ToSite(string userId = null)