From 00957a23177f792d4e4962854697779831d51ca1 Mon Sep 17 00:00:00 2001
From: Jesse Plamondon-Willard <github@jplamondonw.com>
Date: Sun, 24 Sep 2017 01:30:28 -0400
Subject: validate semantic versions in API (#336, #361)

---
 src/StardewModdingAPI.Web/Controllers/ModsController.cs | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'src/StardewModdingAPI.Web/Controllers')

diff --git a/src/StardewModdingAPI.Web/Controllers/ModsController.cs b/src/StardewModdingAPI.Web/Controllers/ModsController.cs
index c5c79600..4eaa66d2 100644
--- a/src/StardewModdingAPI.Web/Controllers/ModsController.cs
+++ b/src/StardewModdingAPI.Web/Controllers/ModsController.cs
@@ -1,6 +1,7 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
+using System.Text.RegularExpressions;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Caching.Memory;
@@ -27,6 +28,9 @@ namespace StardewModdingAPI.Web.Controllers
         /// <summary>The number of minutes update checks should be cached before refetching them.</summary>
         private readonly int CacheMinutes;
 
+        /// <summary>A regex which matches SMAPI-style semantic version.</summary>
+        private readonly string VersionRegex;
+
 
         /*********
         ** Public methods
@@ -40,6 +44,7 @@ namespace StardewModdingAPI.Web.Controllers
 
             this.Cache = cache;
             this.CacheMinutes = config.CacheMinutes;
+            this.VersionRegex = config.SemanticVersionRegex;
 
             string version = this.GetType().Assembly.GetName().Version.ToString(3);
             this.Repositories =
@@ -103,7 +108,10 @@ namespace StardewModdingAPI.Web.Controllers
                 result[modKey] = await this.Cache.GetOrCreateAsync($"{repository.VendorKey}:{modID}".ToLower(), async entry =>
                 {
                     entry.AbsoluteExpiration = DateTimeOffset.UtcNow.AddMinutes(this.CacheMinutes);
-                    return await repository.GetModInfoAsync(modID);
+                    ModInfoModel info = await repository.GetModInfoAsync(modID);
+                    if (info.Error == null && !Regex.IsMatch(info.Version, this.VersionRegex, RegexOptions.CultureInvariant | RegexOptions.IgnoreCase))
+                        info = new ModInfoModel(info.Name, info.Version, info.Url, $"Mod has invalid semantic version '{info.Version}'.");
+                    return info;
                 });
             }
 
-- 
cgit