validate wifi scan data

2017-12-21 03:32:03 +01:00 · 2017-12-21 03:32:03 +01:00 · f141a9deb7
commit f141a9deb7
parent ccd00ce6c7
2 changed files with 37 additions and 2 deletions
--- a/src/c3nav/editor/forms.py
+++ b/src/c3nav/editor/forms.py
@ -1,5 +1,6 @@
 import json
 import operator
+import re
 from functools import reduce
 from itertools import chain

@ -136,7 +137,7 @@ class EditorFormBase(I18nModelFormMixin, ModelForm):
        if 'to_node' in self.fields:
            self.fields['to_node'].widget = HiddenInput()

-        if 'data' in self.fields:
+        if 'data' in self.fields and 'data' in self.initial:
            self.initial['data'] = json.dumps(self.initial['data'])

    def clean_redirect_slugs(self):
@ -164,6 +165,38 @@ class EditorFormBase(I18nModelFormMixin, ModelForm):
                _('Can not add redirecting slug “%s”: it is already used elsewhere.') % slug
            )

+    def clean_data(self):
+        try:
+            data = json.loads(self.cleaned_data['data'])
+        except json.JSONDecodeError:
+            raise ValidationError(_('Invalid JSON.'))
+        invalid_scan = ValidationError(_('Invalid Scan.'))
+
+        if not isinstance(data, list):
+            raise invalid_scan
+        if not data:
+            raise ValidationError(_('Needs to be one scan at minimum.'))
+        needed_keys = set(('bssid', 'ssid', 'level', 'frequency'))
+        allowed_keys = needed_keys | set(('last', ))
+        for scan in data:
+            if not isinstance(data, list):
+                raise invalid_scan
+            for ap in scan:
+                if not isinstance(ap, dict):
+                    raise invalid_scan
+                keys = set(ap.keys())
+                if (keys - allowed_keys) or (needed_keys - keys):
+                    raise invalid_scan
+                if not re.match(r'^([0-9A-F]{2}:){5}[0-9A-F]{2}$', ap['bssid']):
+                    raise invalid_scan
+                if not isinstance(ap['level'], int) or not (-1 >= ap['level'] >= -100):
+                    raise invalid_scan
+                if not isinstance(ap['frequency'], int) or not (6000 > ap['frequency'] > 1000):
+                    raise invalid_scan
+                if 'last' in keys and (not isinstance(ap['last'], int) or ap['last'] <= 0):
+                    raise invalid_scan
+        return data
+
    def clean(self):
        if 'geometry' in self.fields:
            if not self.cleaned_data.get('geometry'):
--- a/src/c3nav/mapdata/fields.py
+++ b/src/c3nav/mapdata/fields.py
@ -121,7 +121,9 @@ class JSONField(models.TextField):
        return json.loads(value)

    def to_python(self, value):
-        return json.loads(value)
+        if isinstance(value, str):
+            return json.loads(value)
+        return value

    def get_prep_value(self, value):
        return json.dumps(value)