From d6480d104dddcf29be4644f69b4207e4b7cf6790 Mon Sep 17 00:00:00 2001 From: z30053452 Date: Wed, 9 Jul 2025 10:41:27 +0800 Subject: [PATCH 1/5] bug fix Signed-off-by: z30053452 --- .../service/kvdb/kvdb_service_stub.cpp | 23 ++++++++++++++++++- .../service/kvdb/kvdb_service_stub.h | 2 ++ 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/services/distributeddataservice/service/kvdb/kvdb_service_stub.cpp b/services/distributeddataservice/service/kvdb/kvdb_service_stub.cpp index 37de89063..58fbbf21f 100644 --- a/services/distributeddataservice/service/kvdb/kvdb_service_stub.cpp +++ b/services/distributeddataservice/service/kvdb/kvdb_service_stub.cpp @@ -72,7 +72,7 @@ int KVDBServiceStub::OnRemoteRequest(uint32_t code, MessageParcel &data, Message if (status != ERR_NONE) { return status; } - if (CheckPermission(code, storeInfo)) { + if (isValidParam(storeInfo.bundleName, storeInfo.storeId) && CheckPermission(code, storeInfo)) { return (this->*HANDLERS[code])({ storeInfo.bundleName }, { storeInfo.storeId }, data, reply); } ZLOGE("PERMISSION_DENIED uid:%{public}d appId:%{public}s storeId:%{public}s", storeInfo.uid, @@ -579,4 +579,25 @@ int32_t KVDBServiceStub::OnRemoveDeviceData(const AppId &appId, const StoreId &s } return ERR_NONE; } + +bool KVDBServiceStub::IsValidParam(const std::string &bundleName, const std::string &storeName) +{ + if (IsValidName(bundleName)) { + ZLOGE("bundleName is Invalid, bundleName is %{public}s", bundleName.c_str()); + return false; + } + if (IsValidName(storeName)) { + ZLOGE("storeName is Invalid, storeName is %{public}s", storeName.c_str()); + return false; + } + return true; +} + +bool KVDBServiceStub::IsValidName(const std::string &path) +{ + if ((path.find("/") != std::string::npos) || (path.find("\\") != std::string::npos) || (path == "..")) { + return false; + } + return true; +} } // namespace OHOS::DistributedKv diff --git a/services/distributeddataservice/service/kvdb/kvdb_service_stub.h b/services/distributeddataservice/service/kvdb/kvdb_service_stub.h index f26cb7c83..2bf905627 100644 --- a/services/distributeddataservice/service/kvdb/kvdb_service_stub.h +++ b/services/distributeddataservice/service/kvdb/kvdb_service_stub.h @@ -62,6 +62,8 @@ private: bool CheckPermission(uint32_t code, const StoreInfo &storeInfo); std::pair GetStoreInfo(uint32_t code, MessageParcel &data); + bool IsValidParam(const std::string &bundleName, const std::string &storeName); + bool IsValidName(const std::string &path); }; } // namespace OHOS::DistributedKv #endif // OHOS_DISTRIBUTED_DATA_SERVICE_KVDB_SERVICE_STUB_H -- Gitee From 3a44934e3753b312efc8f8cb079d981d3bb79d15 Mon Sep 17 00:00:00 2001 From: z30053452 Date: Fri, 11 Jul 2025 09:56:48 +0800 Subject: [PATCH 2/5] code fix Signed-off-by: z30053452 --- .../distributeddataservice/service/kvdb/kvdb_service_stub.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/distributeddataservice/service/kvdb/kvdb_service_stub.cpp b/services/distributeddataservice/service/kvdb/kvdb_service_stub.cpp index 58fbbf21f..66e30cc6f 100644 --- a/services/distributeddataservice/service/kvdb/kvdb_service_stub.cpp +++ b/services/distributeddataservice/service/kvdb/kvdb_service_stub.cpp @@ -72,7 +72,7 @@ int KVDBServiceStub::OnRemoteRequest(uint32_t code, MessageParcel &data, Message if (status != ERR_NONE) { return status; } - if (isValidParam(storeInfo.bundleName, storeInfo.storeId) && CheckPermission(code, storeInfo)) { + if (IsValidParam(storeInfo.bundleName, storeInfo.storeId) && CheckPermission(code, storeInfo)) { return (this->*HANDLERS[code])({ storeInfo.bundleName }, { storeInfo.storeId }, data, reply); } ZLOGE("PERMISSION_DENIED uid:%{public}d appId:%{public}s storeId:%{public}s", storeInfo.uid, -- Gitee From 457c6325a21cd022c3ea928037e7282732ec1db2 Mon Sep 17 00:00:00 2001 From: z30053452 Date: Fri, 11 Jul 2025 14:58:46 +0800 Subject: [PATCH 3/5] code fix Signed-off-by: z30053452 --- .../test/kvdb_service_stub_unittest.cpp | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/services/distributeddataservice/service/test/kvdb_service_stub_unittest.cpp b/services/distributeddataservice/service/test/kvdb_service_stub_unittest.cpp index c9bf0cef9..c39a6b855 100644 --- a/services/distributeddataservice/service/test/kvdb_service_stub_unittest.cpp +++ b/services/distributeddataservice/service/test/kvdb_service_stub_unittest.cpp @@ -350,5 +350,33 @@ HWTEST_F(KVDBServiceStubTest, OnRemoveDeviceData, TestSize.Level1) auto status = kvdbServiceStub->OnRemoveDeviceData(appId, storeId, data, reply); EXPECT_EQ(status, IPC_STUB_INVALID_DATA_ERR); } + +/** + * @tc.name: IsValidParam001 + * @tc.desc: Test IsValidParam + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(KVDBServiceStubTest, IsValidParam, TestSize.Level1) +{ + std::string bundleName = "com.test.test"; + std::string storeName = "test_store"; + auto status = IsValidParam(bundleName, storeName); + EXPECT_EQ(status, true); +} + +/** + * @tc.name: IsValidParam002 + * @tc.desc: Test IsValidParam + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(KVDBServiceStubTest, IsValidParam, TestSize.Level1) +{ + std::string bundleName = "\\com.test.test"; + std::string storeName = "/test_store"; + auto status = IsValidParam(bundleName, storeName); + EXPECT_EQ(status, false); +} } // namespace DistributedDataTest } // namespace OHOS::Test \ No newline at end of file -- Gitee From 545eadfc9407d14cf11008282834fed26084eb6b Mon Sep 17 00:00:00 2001 From: z30053452 Date: Fri, 11 Jul 2025 15:29:52 +0800 Subject: [PATCH 4/5] code fix Signed-off-by: z30053452 --- .../service/test/kvdb_service_stub_unittest.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/services/distributeddataservice/service/test/kvdb_service_stub_unittest.cpp b/services/distributeddataservice/service/test/kvdb_service_stub_unittest.cpp index c39a6b855..f55178b7a 100644 --- a/services/distributeddataservice/service/test/kvdb_service_stub_unittest.cpp +++ b/services/distributeddataservice/service/test/kvdb_service_stub_unittest.cpp @@ -357,7 +357,7 @@ HWTEST_F(KVDBServiceStubTest, OnRemoveDeviceData, TestSize.Level1) * @tc.type: FUNC * @tc.require: */ -HWTEST_F(KVDBServiceStubTest, IsValidParam, TestSize.Level1) +HWTEST_F(KVDBServiceStubTest, IsValidParam001, TestSize.Level1) { std::string bundleName = "com.test.test"; std::string storeName = "test_store"; @@ -371,7 +371,7 @@ HWTEST_F(KVDBServiceStubTest, IsValidParam, TestSize.Level1) * @tc.type: FUNC * @tc.require: */ -HWTEST_F(KVDBServiceStubTest, IsValidParam, TestSize.Level1) +HWTEST_F(KVDBServiceStubTest, IsValidParam002, TestSize.Level1) { std::string bundleName = "\\com.test.test"; std::string storeName = "/test_store"; -- Gitee From c59b0830e6374b1ce21097e0a62d0f0537fee9ad Mon Sep 17 00:00:00 2001 From: z30053452 Date: Fri, 11 Jul 2025 16:02:02 +0800 Subject: [PATCH 5/5] code fix Signed-off-by: z30053452 --- .../service/test/kvdb_service_stub_unittest.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/services/distributeddataservice/service/test/kvdb_service_stub_unittest.cpp b/services/distributeddataservice/service/test/kvdb_service_stub_unittest.cpp index f55178b7a..a14d51db2 100644 --- a/services/distributeddataservice/service/test/kvdb_service_stub_unittest.cpp +++ b/services/distributeddataservice/service/test/kvdb_service_stub_unittest.cpp @@ -361,7 +361,7 @@ HWTEST_F(KVDBServiceStubTest, IsValidParam001, TestSize.Level1) { std::string bundleName = "com.test.test"; std::string storeName = "test_store"; - auto status = IsValidParam(bundleName, storeName); + auto status = kvdbServiceStub->IsValidParam(bundleName, storeName); EXPECT_EQ(status, true); } @@ -375,7 +375,7 @@ HWTEST_F(KVDBServiceStubTest, IsValidParam002, TestSize.Level1) { std::string bundleName = "\\com.test.test"; std::string storeName = "/test_store"; - auto status = IsValidParam(bundleName, storeName); + auto status = kvdbServiceStub->IsValidParam(bundleName, storeName); EXPECT_EQ(status, false); } } // namespace DistributedDataTest -- Gitee