From 2b56f039eeade6476afadacf005ec47e9f2763d0 Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Tue, 26 Jul 2022 18:10:45 +0530 Subject: [PATCH] Common: Add reserved filename validation for Windows in CustomPBAConfigurationSchema --- .../agent_sub_configuration_schemas.py | 31 ++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/monkey/common/agent_configuration/agent_sub_configuration_schemas.py b/monkey/common/agent_configuration/agent_sub_configuration_schemas.py index aaece7067..e3f2fe16a 100644 --- a/monkey/common/agent_configuration/agent_sub_configuration_schemas.py +++ b/monkey/common/agent_configuration/agent_sub_configuration_schemas.py @@ -1,6 +1,6 @@ import re -from marshmallow import Schema, fields, post_load, validate +from marshmallow import Schema, ValidationError, fields, post_load, validate, validates from .agent_sub_configurations import ( CustomPBAConfiguration, @@ -29,6 +29,35 @@ class CustomPBAConfigurationSchema(Schema): validate=validate.Regexp(regex=valid_windows_custom_pba_filename_regex) ) + @validates("windows_filename") + def validate_windows_filename_not_reserved(self, windows_filename): + # filename shouldn't start with any of these and be followed by a period + if windows_filename.split(".")[0].upper() in [ + "CON", + "PRN", + "AUX", + "NUL", + "COM1", + "COM2", + "COM3", + "COM4", + "COM5", + "COM6", + "COM7", + "COM8", + "COM9", + "LPT1", + "LPT2", + "LPT3", + "LPT4", + "LPT5", + "LPT6", + "LPT7", + "LPT8", + "LPT9", + ]: + raise ValidationError("Invalid Windows filename: reserved name used") + @post_load def _make_custom_pba_configuration(self, data, **kwargs): return CustomPBAConfiguration(**data)