From 5389226e6aa252497bd33e79578b1162a2ff8a01 Mon Sep 17 00:00:00 2001 From: pengtao Date: Wed, 22 Dec 2021 10:08:42 +0800 Subject: [PATCH] 1 --- main.py | 39 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 38 insertions(+), 1 deletion(-) diff --git a/main.py b/main.py index eab4f59..5ac7607 100644 --- a/main.py +++ b/main.py @@ -41,6 +41,10 @@ orderby_list = { 6: "price", # 当前价格 7: "mcScore" # 评分 } +dirty_stuff = [ + "\"", "\\", "/", "*", "'", "=", "-", "#", ";", "<", ">", "+", "&", "$", + "(", ")", "%", "@" +] def create_app(): @@ -88,6 +92,13 @@ async def getPlatform(request: Request, platformAlias: str): ) +def check_dirty(strings: str) -> bool: + for key in dirty_stuff: + if key in str(strings): + return True + return False + + @app.get("/getgamelist") async def getgamelist(request: Request, category: str = '', @@ -100,6 +111,12 @@ async def getgamelist(request: Request, limit: int = 10, orderbyid: int = 1): db = request.app.state.mongo + if check_dirty(category) or check_dirty(gameids) or check_dirty( + name) or check_dirty(platform): + return JSONResponse( + status_code=starlette.status.HTTP_500_INTERNAL_SERVER_ERROR, + content="args check failed!", + ) try: find_args = {} @@ -169,6 +186,11 @@ async def getgamelist(request: Request, @app.get("/getgameinfo") async def getgameinfo(request: Request, oldGameId: int = 0, name: str = ""): + if check_dirty(name) or check_dirty(oldGameId): + return JSONResponse( + status_code=starlette.status.HTTP_500_INTERNAL_SERVER_ERROR, + content="args check failed!", + ) db = request.app.state.mongo if oldGameId: gameinfo = db["gameinfo"].find({"oldGameId": oldGameId}, {"_id": 0}) @@ -189,6 +211,11 @@ async def getgameinfo(request: Request, oldGameId: int = 0, name: str = ""): @app.get("/getgameprice") async def getgameprice(request: Request, oldGameId: int, nums: int = 0): + if check_dirty(oldGameId): + return JSONResponse( + status_code=starlette.status.HTTP_500_INTERNAL_SERVER_ERROR, + content="args check failed!", + ) db = request.app.state.mongo if nums == 0: gameprice = db["gameprice"].find_one({"oldGameId": oldGameId}, @@ -201,7 +228,7 @@ async def getgameprice(request: Request, oldGameId: int, nums: int = 0): gameprice['prices'] = price[:nums] else: logger.error(f"get price with {oldGameId} failed\n {gameprice}") - gameprice = {} + gameprice = {"prices": []} logger.info(f"get gameprice with {oldGameId} !") return JSONResponse( @@ -212,6 +239,11 @@ async def getgameprice(request: Request, oldGameId: int, nums: int = 0): @app.get("/getgameinfoext") async def getgameinfoext(request: Request, oldGameId: int): + if check_dirty(oldGameId): + return JSONResponse( + status_code=starlette.status.HTTP_500_INTERNAL_SERVER_ERROR, + content="args check failed!", + ) db = request.app.state.mongo gameinfoext = db["gameinfoext"].find_one({"oldGameId": oldGameId}, {"_id": 0}) @@ -239,6 +271,11 @@ async def getgameinfoext(request: Request, oldGameId: int): @app.get("/gethistoryprice") async def gethistoryprice(request: Request, oldGameId: int): + if check_dirty(oldGameId): + return JSONResponse( + status_code=starlette.status.HTTP_500_INTERNAL_SERVER_ERROR, + content="args check failed!", + ) db = request.app.state.mongo history_price = db["history_price"].find_one({"oldGameId": oldGameId}, {"_id": 0})