Merge pull request #4588 from Discookie/frontend_endpoints

bruntib · web-flow · commit 3f08522e978f · 2025-06-03T13:13:01.000+02:00
Only respond to valid endpoints on the frontend
diff --git a/web/server/codechecker_server/routing.py b/web/server/codechecker_server/routing.py
@@ -52,6 +52,7 @@ def is_valid_product_endpoint(uripart):
     if uripart in NON_PRODUCT_ENDPOINTS:
         return False
 
+    # Should be kept in sync with the regex in router/index.js on the frontend.
     pattern = r'^[A-Za-z0-9_\-]+$'
     if not re.match(pattern, uripart):
         return False
diff --git a/web/server/vue-cli/src/router/index.js b/web/server/vue-cli/src/router/index.js
@@ -42,7 +42,9 @@ export default new Router({
       component: () => import("@/views/NotFound")
     },
     {
-      path: "/:endpoint",
+      // Should be kept in sync with the regex from is_valid_product_endpoint
+      // on the backend.
+      path: "/:endpoint([A-Za-z0-9_-]+)",
       meta: {
         requiresAuth: true
       },
@@ -132,6 +134,10 @@ CheckerCoverageStatistics"),
           component: () => import("@/views/SourceComponent")
         },
       ]
+    },
+    {
+      path: "/:unknown(.*)*",
+      redirect: "/404"
     }
   ]
 });

Original file line number	Diff line number	Diff line change
`@@ -42,7 +42,9 @@ export default new Router({`
`42`	`42`	`component: () => import("@/views/NotFound")`
`43`	`43`	`},`
`44`	`44`	`{`
`45`		`- path: "/:endpoint",`
	`45`	`+ // Should be kept in sync with the regex from is_valid_product_endpoint`
	`46`	`+ // on the backend.`
	`47`	`+ path: "/:endpoint([A-Za-z0-9_-]+)",`
`46`	`48`	`meta: {`
`47`	`49`	`requiresAuth: true`
`48`	`50`	`},`
`@@ -132,6 +134,10 @@ CheckerCoverageStatistics"),`
`132`	`134`	`component: () => import("@/views/SourceComponent")`
`133`	`135`	`},`
`134`	`136`	`]`
	`137`	`+ },`
	`138`	`+ {`
	`139`	`+ path: "/:unknown(.)",`
	`140`	`+ redirect: "/404"`
`135`	`141`	`}`
`136`	`142`	`]`
`137`	`143`	`});`