From 600af5f1ee6f3a589d5c1a7be31579ca705eef71 Mon Sep 17 00:00:00 2001
From: AppaRao Puli <apparao.puli@linux.intel.com>
Date: Wed, 6 Oct 2021 21:51:16 +0000
Subject: Input parameter validation for Event Subscription

User input must be validated to avoid the out-of-memory issue. This
commit adds the size check on input parameters such as Context,
Destination and Header field  while create or update the
EventDestination.

Added a generic error message "PropertySizeExceeded" in message registry
which is used as response when size limit is exceeded.

Tested
  - Validated using POST on Event Subscription.
  - When Context, Destination and Headers were too long,
    received a error message denoting the same.

Change-Id: Ibab847ce0c99f445a76e6d3aee8074428bb7d30f
Signed-off-by: AppaRao Puli <apparao.puli@intel.com>
Signed-off-by: Ayushi Smriti <smriti.ayushi@intel.com>
Signed-off-by: P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com>
Signed-off-by: Ed Tanous <edtanous@google.com>
---
 redfish-core/include/error_messages.hpp | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 'redfish-core/include')

diff --git a/redfish-core/include/error_messages.hpp b/redfish-core/include/error_messages.hpp
index e45ea45701..f55a6bbc5b 100644
--- a/redfish-core/include/error_messages.hpp
+++ b/redfish-core/include/error_messages.hpp
@@ -1070,6 +1070,25 @@ nlohmann::json operationNotAllowed();
 
 void operationNotAllowed(crow::Response& res);
 
+/**
+ * @brief Formats ArraySizeTooLong message into JSON
+ * Message body: "Indicates that a string value passed to the given resource
+ * exceeded its length limit."
+ * @returns Message ArraySizeTooLong formatted to JSON */
+nlohmann::json arraySizeTooLong(std::string_view property, uint64_t length);
+
+void arraySizeTooLong(crow::Response& res, std::string_view property,
+                      uint64_t length);
+/**
+ * @brief Formats StringValueTooLong message into JSON
+ * Message body: "Indicates that a string value passed to the given resource
+ * exceeded its length limit."
+ * @returns Message StringValueTooLong formatted to JSON */
+nlohmann::json stringValueTooLong(std::string_view property, uint64_t length);
+
+void stringValueTooLong(crow::Response& res, std::string_view property,
+                        uint64_t length);
+
 } // namespace messages
 
 } // namespace redfish
-- 
cgit v1.2.3