Merge pull request #383 from utopia-php/int_out_of_range

Integer validator
utopia-php · Jan 31, 2024 · 47a79d6 · 47a79d6
2 parents 34e65cc + cb2b32f
commit 47a79d6
Show file tree

Hide file tree

Showing 5 changed files with 296 additions and 104 deletions.
diff --git a/composer.lock b/composer.lock
diff --git a/src/Database/Database.php b/src/Database/Database.php
@@ -32,6 +32,10 @@ class Database
     public const VAR_BOOLEAN = 'boolean';
     public const VAR_DATETIME = 'datetime';
 
+    public const INT_MAX = 2147483647;
+    public const BIG_INT_MAX = PHP_INT_MAX;
+    public const DOUBLE_MAX = PHP_FLOAT_MAX;
+
     // Relationship Types
     public const VAR_RELATIONSHIP = 'relationship';
 

diff --git a/src/Database/Validator/Structure.php b/src/Database/Validator/Structure.php
@@ -12,6 +12,7 @@
 use Utopia\Validator\Boolean;
 use Utopia\Validator\FloatValidator;
 use Utopia\Validator\Integer;
+use Utopia\Validator\Range;
 use Utopia\Validator\Text;
 
 class Structure extends Validator
@@ -249,6 +250,8 @@ public function isValid($document): bool
             $array = $attribute['array'] ?? false;
             $format = $attribute['format'] ?? '';
             $required = $attribute['required'] ?? false;
+            $size = $attribute['size'] ?? 0;
+            $signed = $attribute['signed'] ?? true;
 
             if ($required === false && is_null($value)) { // Allow null value to optional params
                 continue;
@@ -258,26 +261,34 @@ public function isValid($document): bool
                 continue;
             }
 
+            $validators = [];
+
             switch ($type) {
                 case Database::VAR_STRING:
-                    $size = $attribute['size'] ?? 0;
-                    $validator = new Text($size, min: 0);
+                    $validators[] = new Text($size, min: 0);
                     break;
 
                 case Database::VAR_INTEGER:
-                    $validator = new Integer();
+                    // We need both Integer and Range because Range implicitly casts non-numeric values
+                    $validators[] = new Integer();
+                    $max = $size >= 8 ? Database::BIG_INT_MAX : Database::INT_MAX;
+                    $min = $signed ? -$max : 0;
+                    $validators[] = new Range($min, $max, Database::VAR_INTEGER);
                     break;
 
                 case Database::VAR_FLOAT:
-                    $validator = new FloatValidator();
+                    // We need both Float and Range because Range implicitly casts non-numeric values
+                    $validators[] = new FloatValidator();
+                    $min = $signed ? -Database::DOUBLE_MAX : 0;
+                    $validators[] =  new Range($min, Database::DOUBLE_MAX, Database::VAR_FLOAT);
                     break;
 
                 case Database::VAR_BOOLEAN:
-                    $validator = new Boolean();
+                    $validators[] = new Boolean();
                     break;
 
                 case Database::VAR_DATETIME:
-                    $validator = new DatetimeValidator();
+                    $validators[] = new DatetimeValidator();
                     break;
 
                 default:
@@ -291,7 +302,7 @@ public function isValid($document): bool
             if ($format) {
                 // Format encoded as json string containing format name and relevant format options
                 $format = self::getFormat($format, $type);
-                $validator = $format['callback']($attribute);
+                $validators[] = $format['callback']($attribute);
             }
 
             if ($array) { // Validate attribute type for arrays - format for arrays handled separately
@@ -308,15 +319,19 @@ public function isValid($document): bool
                         continue;
                     }
 
-                    if (!$validator->isValid($child)) {
-                        $this->message = 'Attribute "'.$key.'[\''.$x.'\']" has invalid '.$label.'. '.$validator->getDescription();
-                        return false;
+                    foreach ($validators as $validator) {
+                        if (!$validator->isValid($child)) {
+                            $this->message = 'Attribute "'.$key.'[\''.$x.'\']" has invalid '.$label.'. '.$validator->getDescription();
+                            return false;
+                        }
                     }
                 }
             } else {
-                if (!$validator->isValid($value)) {
-                    $this->message = 'Attribute "'.$key.'" has invalid '.$label.'. '.$validator->getDescription();
-                    return false;
+                foreach ($validators as $validator) {
+                    if (!$validator->isValid($value)) {
+                        $this->message = 'Attribute "'.$key.'" has invalid '.$label.'. '.$validator->getDescription();
+                        return false;
+                    }
                 }
             }
         }