U ”ÔÀheã@s<dZddlZddlZddlZddlmZddlmZddl m Zdd„Zdd „Z d d„Zdd „Zdd„Zdd„Zdd„Zdd„Zdd„Zdd„Zdd„Zdd„Zdd„Zd d!„Zd"d#„Zd$d%„Zd&d'„Zd(d)„Zd*d+„Zd,d-„Zd.d/„Z d0d1„Z!d2d3„Z"d4d5„Z#d6d7„Z$d8d9„Z%d:d;„Z&dd„Zd?d„ZdS)@z? Custom validators for enhanced input validation and security. éN)ÚValidationError)ÚURLValidator)Úgettext_lazycCsÚtƒ}z||ƒWn tk r2ttdƒƒ‚YnXtj |¡}|jdkrVttdƒƒ‚|jr„|j ¡dkrln|j d¡s„|j d¡r„| d¡s¤| d¡s¤ttd ƒƒ‚d ddd g}|D] }t ||tj ¡r´ttdƒƒ‚q´dS)z¶ Validate HLS stream URL format and security. Args: value (str): URL to validate Raises: ValidationError: If URL is invalid or insecure zInvalid URL format.)ÚhttpÚhttpsz*Only HTTP and HTTPS protocols are allowed.)Ú localhostz 127.0.0.1z0.0.0.0z192.168.z10.z.m3u8z.m3uz7URL must point to an HLS playlist file (.m3u8 or .m3u).z[<>"\']újavascript:údata:zfile:z+URL contains potentially malicious content.N)rrÚ_ÚurllibÚparseÚurlparseÚschemeÚhostnameÚlowerÚ startswithÚendswithÚreÚsearchÚ IGNORECASE)ÚvalueÚ url_validatorÚparsedÚsuspicious_patternsÚpattern©rú8/var/www/html/JingleDetector/src/apps/core/validators.pyÚvalidate_hls_url s, ürc s²ˆsttdƒƒ‚dˆkr$ttdƒƒ‚ˆ d¡r^ddddd g}t‡fd d„|Dƒƒs^ttdƒƒ‚d ddddddddg }t‡fdd„|Dƒƒr–ttdƒƒ‚tˆƒdkr®ttdƒƒ‚dS)z¼ Validate file path for security and format. Args: value (str): File path to validate Raises: ValidationError: If path is invalid or insecure zFile path cannot be empty.z..z(Path traversal attempts are not allowed.ú/z/tmp/z /var/tmp/z /opt/streams/z/data/streams/z/app/media/c3s|]}ˆ |¡VqdS©N)r)Ú.0Úprefix©rrrÚ Zsz%validate_file_path..z.Absolute paths must be in allowed directories.ú<ú>ú"ú'ú&ú|ú;ú`ú$c3s|]}|ˆkVqdSrr)r Úcharr"rrr#_sz&File path contains invalid characters.iôz+File path is too long (max 500 characters).N)rr rÚanyÚlen)rZallowed_prefixesZsuspicious_charsrr"rÚvalidate_file_path?s$ ûr0cCs<t|ƒ| d¡r| d¡}dtj |¡kr8ttdƒƒ‚dS)zÆ Validate directory path for security and format. Args: value (str): Directory path to validate Raises: ValidationError: If path is invalid or insecure rÚ.z+Path appears to be a file, not a directory.N)r0rÚrstripÚosÚpathÚbasenamerr r"rrrÚvalidate_directory_pathgs r6cs0t|tƒsttdƒƒ‚d‡fdd„ ‰ˆ|ƒdS)zÔ Validate JSON configuration for notification channels. Args: value (dict): Configuration dictionary to validate Raises: ValidationError: If configuration is invalid z*Configuration must be a valid JSON object.Úcsžt|tƒrP| ¡D]:\}}t d|¡s8ttd|›ƒƒ‚ˆ||›d|›ƒqnJt|tƒršt d|tj ¡r|ttd|›ƒƒ‚t d|¡ršttd|›ƒƒ‚dS)Nú^[a-zA-Z_][a-zA-Z0-9_]*$zInvalid configuration key: r1ú.check_suspicious_contentN)r7)r;r<rr r"rrCrÚvalidate_json_configuration}s rEcCsddg}|D]:}||kr*ttd|›ƒƒ‚||sttd|›dƒƒ‚q|d}t d|¡shttdƒƒ‚t|dƒ}t d|¡sŒttd ƒƒ‚d S)z¾ Validate Telegram notification configuration. Args: config (dict): Telegram configuration Raises: ValidationError: If configuration is invalid Ú bot_tokenÚchat_idúMissing required field: úField ú cannot be emptyz^\d+:[A-Za-z0-9_-]+$z"Invalid Telegram bot token format.z^-?\d+$z Invalid Telegram chat ID format.N)rr rr>r?)ÚconfigÚrequired_fieldsÚfieldrFrGrrrÚvalidate_telegram_config s rNc Csddddg}|D]:}||kr.ttd|›ƒƒ‚||sttd|›dƒƒ‚q|d}t d|¡slttd ƒƒ‚z2t|dƒ}d |krŽdksœnttdƒƒ‚Wn$ttfk rÂttd ƒƒ‚YnXddlm}|ƒ}z||dƒWn"tk rttdƒƒ‚YnXdS)z¸ Validate email notification configuration. Args: config (dict): Email configuration Raises: ValidationError: If configuration is invalid Ú smtp_hostZ smtp_portÚusernameÚpasswordrHrIrJz^[a-zA-Z0-9.-]+$zInvalid SMTP host format.éiÿÿz&SMTP port must be between 1 and 65535.z"SMTP port must be a valid integer.r)ÚEmailValidatorzInvalid email address format.N) rr rr>ÚintÚ ValueErrorÚ TypeErrorÚdjango.core.validatorsrS)rKrLrMrOÚportrSZemail_validatorrrrÚvalidate_email_config¾s* rYcCs6ddg}|D]:}||kr*ttd|›ƒƒ‚||sttd|›dƒƒ‚qtƒ}z||dƒWn tk r~ttdƒƒ‚YnXddd d g}|d ¡|kr´ttdd |¡›ƒƒ‚d |kr2|d }t|tƒsÜttdƒƒ‚| ¡D]L\}}t|tƒrt|tƒsttdƒƒ‚| ¡dkrättd|›dƒƒ‚qädS)z¼ Validate webhook notification configuration. Args: config (dict): Webhook configuration Raises: ValidationError: If configuration is invalid ÚurlÚmethodrHrIrJzInvalid webhook URL format.ÚGETÚPOSTÚPUTÚPATCHzHTTP method must be one of: ú, Úheadersz$Headers must be a valid JSON object.z(Header names and values must be strings.)Úhostzcontent-lengthzHeader z is not allowed.N) rr rÚupperÚjoinr;r<r=r?r)rKrLrMrZallowed_methodsraÚheader_nameÚheader_valuerrrÚvalidate_webhook_configçs. rgcCs¤|r| ¡sttdƒƒ‚t d|tj¡r4ttdƒƒ‚t d|¡rLttdƒƒ‚t d|¡}|D]*}| ¡}t d|¡s\ttd|›ƒƒ‚q\t|ƒd kr ttd ƒƒ‚dS)zÑ Validate notification template content for security. Args: value (str): Template content to validate Raises: ValidationError: If template contains unsafe content ú!Template content cannot be empty.r9z0Template contains potentially malicious content.r:z3Template contains potentially dangerous characters.z\{\{([^}]+)\}\}r8zInvalid template variable: iˆz3Template content is too long (max 5000 characters).N) Ústriprr rrrÚfindallr>r/)rZ template_varsÚvarrrrÚvalidate_template_contents rlcCs@t|ttfƒsttdƒƒ‚d|kr.dksi"ViD¬i€»iwiîzSample rate must be one of: r`z Hz.N)rvrr rdÚmapr?)rZvalid_ratesrrrÚvalidate_sample_rateßs rŒcCs.t|ƒd|krdks*nttdƒƒ‚dS)z® Validate audio channel count. Args: value (int): Number of audio channels Raises: ValidationError: If channel count is invalid rRéz'Audio channels must be between 1 and 8.Nrxr"rrrÚvalidate_audio_channelsòs rŽcCs@t|ttfƒsttdƒƒ‚d|kr.dksSlug can only contain lowercase letters, numbers, and hyphens.ú-ú'Slug cannot start or end with a hyphen.ú--ú(Slug cannot contain consecutive hyphens.éé2z.Slug must be between 3 and 50 characters long.N)rr rr>rrr/r"rrrÚvalidate_slug_formats r™cCsz|r| ¡sttdƒƒ‚| ¡}t d|¡r8ttdƒƒ‚t d|¡rPttdƒƒ‚dt|ƒkrhdksvnttdƒƒ‚d S) z± Validate name format for display purposes. Args: value (str): Name to validate Raises: ValidationError: If name format is invalid úName cannot be empty.z[<>]zName cannot contain HTML tags.ú[\x00-\x1f\x7f]z'Name cannot contain control characters.érzz/Name must be between 2 and 100 characters long.N)rirr rrr/r"rrrÚvalidate_name_format1s rcCs<t|tƒsttdƒƒ‚d|kr*dks8nttdƒƒ‚dS)zš Validate priority value. Args: value (int): Priority value Raises: ValidationError: If priority is invalid zPriority must be an integer.rRr|z"Priority must be between 1 and 10.Nrur"rrrÚvalidate_priorityMs ržcCsR|sttdƒƒ‚t d|¡s(ttdƒƒ‚dt|ƒkr@dksNnttdƒƒ‚dS)z§ Validate event type format. Args: value (str): Event type to validate Raises: ValidationError: If event type is invalid zEvent type cannot be empty.z^[a-z][a-z0-9_]*$zREvent type must be in snake_case format (lowercase letters, numbers, underscores).r—r˜z4Event type must be between 3 and 50 characters long.N)rr rr>r/r"rrrÚvalidate_event_type^s rŸcCsPt|ƒddddddg}tj |¡d ¡}||krLttdd |¡›ƒƒ‚d S)z¹ Validate image file path and format. Args: value (str): Image file path to validate Raises: ValidationError: If path or format is invalid z.jpgz.jpegz.pngz.bmpz.tiffz.webprRz.Image file must have one of these extensions: r`N)r0r3r4Úsplitextrrr rd)rZvalid_extensionsÚfile_extrrrÚvalidate_image_file_pathts r¢cCsDt|tƒs|St dd|¡}t dd|¡ ¡}ddl}| |¡}|S)z¤ Sanitize user input for safe storage and display. Args: value (str): Input to sanitize Returns: str: Sanitized input r›r7z\s+ú rN)r;r?rÚsubriÚhtmlÚescape)rr¥rrrÚsanitize_user_inputˆs r§c s˜t|tƒsttdƒƒ‚d ‡fdd„ ‰| ¡D]\}}ˆ||ƒq,ddl}z&| |¡}t|ƒdkrlttdƒƒ‚Wn$tt fk r’ttd ƒƒ‚YnXdS)zÉ Validate context data for templates and notifications. Args: context (dict): Context data to validate Raises: ValidationError: If context data is invalid zContext must be a dictionary.r7cs|r|›d|›n|}t d|¡s4ttd|›ƒƒ‚t|tƒr€t|ƒdkr\ttd|›ƒƒ‚t d|tj¡r~ttd|›ƒƒ‚n’t|t ƒrª| ¡D]\}}ˆ|||ƒq’nht|tƒrèt|ƒD](\}}t|tt fƒr¼ˆd|›||ƒq¼n*t|t tttdƒfƒsttd |›ƒƒ‚dS) Nr1r8zInvalid context key: éèzContext value too long: zrr r;r?r/rrr<r=ÚlistÚ enumeraterTrrÚboolÚtype)rArr4Úcurrent_pathZ nested_keyÚnested_valueÚiÚitem©Úvalidate_context_valuerrr²¯s" z5validate_context_data..validate_context_valuerNi'z%Context data is too large (max 10KB).z'Context data must be JSON serializable.)r7) r;r<rr r=ÚjsonÚdumpsr/rVrU)ÚcontextrArr³Zcontext_jsonrr±rÚvalidate_context_data¢s r¶cCsx|sttdƒƒ‚t d|¡s(ttdƒƒ‚t|ƒdkr@ttdƒƒ‚| d¡sT| d¡r`ttdƒƒ‚d|krtttd ƒƒ‚d S)z¹ Validate slug format for URL-friendly identifiers. Args: value (str): Slug to validate Raises: ValidationError: If slug format is invalid rr‘r’rzz&Slug is too long (max 100 characters).r“r”r•r–N)rr rr>r/rrr"rrrr™Ûs cCsˆ|sttdƒƒ‚t|ƒdkr(ttdƒƒ‚t d|¡s@ttdƒƒ‚| ¡sTttdƒƒ‚ddd g}|D] }t ||tj¡rbttd ƒƒ‚qbdS)zµ Validate name format for human-readable names. Args: value (str): Name to validate Raises: ValidationError: If name format is invalid ršrzz&Name is too long (max 100 characters).z^[a-zA-Z0-9\s\-_\.]+$z!Name contains invalid characters.zName cannot be only whitespace.z<[^>]*>rr:z,Name contains potentially malicious content.N)rr r/rr>rirr©rrrrrrrùs ýc Csf|dkrttdƒƒ‚zt|ƒ}Wn$ttfk rDttdƒƒ‚YnX|dksV|dkrbttdƒƒ‚dS)zÁ Validate confidence score range (0.0 to 1.0). Args: value (float): Confidence score to validate Raises: ValidationError: If score is out of range Nz Confidence score cannot be None.rmrnrorp)rr rrrVrU)rÚscorerrrrss cCsr|sttdƒƒ‚t|ƒdkr(ttdƒƒ‚ddddg}|D] }t ||tj¡r8ttdƒƒ‚q8| ¡snttd ƒƒ‚d S)zÇ Validate template content for jingle detection. Args: value (str): Template content to validate Raises: ValidationError: If template content is invalid rhr¨z3Template content is too long (max 1000 characters).z ]*>rr r:z8Template content contains potentially malicious content.z+Template content cannot be only whitespace.N)rr r/rrrrir·rrrrl4s ü)'Ú__doc__rr3Úurllib.parserÚdjango.core.exceptionsrrWrÚdjango.utils.translationrr rr0r6rErNrYrgrlrsrtrvryr{r}r„r‰rŠrŒrŽrr™rržrŸr¢r§r¶rrrrÚsJ2(#).!9%