laforge submitted this change.

View Change

Constrain user input to hex-string in argparse

We do have an is_hexstr function which we should use anywhere
where we expect the user to input a string of hex digits.  This way
we validate the input before running in some random exception.

Change-Id: I6426ea864bec82be60554dd125961a48d7751904
---
M pySim/filesystem.py
M pySim/ts_102_222.py
M pySim/ts_31_102.py
M pySim/ts_51_011.py
4 files changed, 31 insertions(+), 22 deletions(-)

diff --git a/pySim/filesystem.py b/pySim/filesystem.py
index c71150a..5d1970a 100644
--- a/pySim/filesystem.py
+++ b/pySim/filesystem.py
@@ -38,7 +38,7 @@
 
 from smartcard.util import toBytes
 
-from pySim.utils import sw_match, h2b, b2h, i2h, is_hex, auto_int, Hexstr
+from pySim.utils import sw_match, h2b, b2h, i2h, is_hex, auto_int, Hexstr, is_hexstr
 from pySim.construct import filter_dict, parse_construct, build_construct
 from pySim.exceptions import *
 from pySim.jsonpath import js_path_find, js_path_modify
@@ -579,7 +579,7 @@
         dec_hex_parser = argparse.ArgumentParser()
         dec_hex_parser.add_argument('--oneline', action='store_true',
                                     help='No JSON pretty-printing, dump as a single line')
-        dec_hex_parser.add_argument('HEXSTR', help='Hex-string of encoded data to decode')
+        dec_hex_parser.add_argument('HEXSTR', type=is_hexstr, help='Hex-string of encoded data to decode')
 
         @cmd2.with_argparser(dec_hex_parser)
         def do_decode_hex(self, opts):
@@ -612,8 +612,7 @@
         upd_bin_parser = argparse.ArgumentParser()
         upd_bin_parser.add_argument(
             '--offset', type=int, default=0, help='Byte offset for start of read')
-        upd_bin_parser.add_argument(
-            'data', help='Data bytes (hex format) to write')
+        upd_bin_parser.add_argument('data', type=is_hexstr, help='Data bytes (hex format) to write')
 
         @cmd2.with_argparser(upd_bin_parser)
         def do_update_binary(self, opts):
@@ -623,8 +622,7 @@
                 self._cmd.poutput(data)
 
         upd_bin_dec_parser = argparse.ArgumentParser()
-        upd_bin_dec_parser.add_argument(
-            'data', help='Abstract data (JSON format) to write')
+        upd_bin_dec_parser.add_argument('data', type=is_hexstr, help='Abstract data (JSON format) to write')
         upd_bin_dec_parser.add_argument('--json-path', type=str,
                                         help='JSON path to modify specific element of file only')
 
@@ -802,7 +800,7 @@
         dec_hex_parser = argparse.ArgumentParser()
         dec_hex_parser.add_argument('--oneline', action='store_true',
                                     help='No JSON pretty-printing, dump as a single line')
-        dec_hex_parser.add_argument('HEXSTR', help='Hex-string of encoded data to decode')
+        dec_hex_parser.add_argument('HEXSTR', type=is_hexstr, help='Hex-string of encoded data to decode')
 
         @cmd2.with_argparser(dec_hex_parser)
         def do_decode_hex(self, opts):
@@ -872,8 +870,7 @@
         upd_rec_parser = argparse.ArgumentParser()
         upd_rec_parser.add_argument(
             'record_nr', type=int, help='Number of record to be read')
-        upd_rec_parser.add_argument(
-            'data', help='Data bytes (hex format) to write')
+        upd_rec_parser.add_argument('data', type=is_hexstr, help='Data bytes (hex format) to write')
 
         @cmd2.with_argparser(upd_rec_parser)
         def do_update_record(self, opts):
@@ -885,8 +882,7 @@
         upd_rec_dec_parser = argparse.ArgumentParser()
         upd_rec_dec_parser.add_argument(
             'record_nr', type=int, help='Number of record to be read')
-        upd_rec_dec_parser.add_argument(
-            'data', help='Abstract data (JSON format) to write')
+        upd_rec_dec_parser.add_argument('data', type=is_hexstr, help='Abstract data (JSON format) to write')
         upd_rec_dec_parser.add_argument('--json-path', type=str,
                                         help='JSON path to modify specific element of record only')
 
@@ -1248,8 +1244,7 @@
         set_data_parser = argparse.ArgumentParser()
         set_data_parser.add_argument(
             'tag', type=auto_int, help='BER-TLV Tag of value to set')
-        set_data_parser.add_argument(
-            'data', help='Data bytes (hex format) to write')
+        set_data_parser.add_argument('data', type=is_hexstr, help='Data bytes (hex format) to write')
 
         @cmd2.with_argparser(set_data_parser)
         def do_set_data(self, opts):
diff --git a/pySim/ts_102_222.py b/pySim/ts_102_222.py
index 372d67f..bf5e29f 100644
--- a/pySim/ts_102_222.py
+++ b/pySim/ts_102_222.py
@@ -107,7 +107,7 @@
         (data, sw) = self._cmd.lchan.scc.terminate_card_usage()
 
     create_parser = argparse.ArgumentParser()
-    create_parser.add_argument('FILE_ID', type=str, help='File Identifier as 4-character hex string')
+    create_parser.add_argument('FILE_ID', type=is_hexstr, help='File Identifier as 4-character hex string')
     create_parser._action_groups.pop()
     create_required = create_parser.add_argument_group('required arguments')
     create_optional = create_parser.add_argument_group('optional arguments')
@@ -154,7 +154,7 @@
         self._cmd.lchan.select_file(self._cmd.lchan.selected_file)
 
     createdf_parser = argparse.ArgumentParser()
-    createdf_parser.add_argument('FILE_ID', type=str, help='File Identifier as 4-character hex string')
+    createdf_parser.add_argument('FILE_ID', type=is_hexstr, help='File Identifier as 4-character hex string')
     createdf_parser._action_groups.pop()
     createdf_required = createdf_parser.add_argument_group('required arguments')
     createdf_optional = createdf_parser.add_argument_group('optional arguments')
@@ -162,7 +162,7 @@
     createdf_required.add_argument('--ef-arr-file-id', required=True, type=str, help='Referenced Security: File Identifier of EF.ARR')
     createdf_required.add_argument('--ef-arr-record-nr', required=True, type=int, help='Referenced Security: Record Number within EF.ARR')
     createdf_optional.add_argument('--shareable', action='store_true', help='Should the file be shareable?')
-    createdf_optional.add_argument('--aid', type=str, help='Application ID (creates an ADF, instead of a DF)')
+    createdf_optional.add_argument('--aid', type=is_hexstr, help='Application ID (creates an ADF, instead of a DF)')
     # mandatory by spec, but ignored by several OS, so don't force the user
     createdf_optional.add_argument('--total-file-size', type=int, help='Physical memory allocated for DF/ADi in octets')
     createdf_sja_optional.add_argument('--permit-rfm-create', action='store_true')
diff --git a/pySim/ts_31_102.py b/pySim/ts_31_102.py
index 4134650..0614a0c 100644
--- a/pySim/ts_31_102.py
+++ b/pySim/ts_31_102.py
@@ -39,6 +39,7 @@
 from pySim.filesystem import *
 from pySim.ts_31_102_telecom import DF_PHONEBOOK, EF_UServiceTable
 from pySim.construct import *
+from pySim.utils import is_hexstr
 from pySim.cat import SMS_TPDU, DeviceIdentities, SMSPPDownload
 from construct import Optional as COptional
 from construct import *
@@ -1588,8 +1589,8 @@
             super().__init__()
 
         authenticate_parser = argparse.ArgumentParser()
-        authenticate_parser.add_argument('rand', help='Random challenge')
-        authenticate_parser.add_argument('autn', help='Authentication Nonce')
+        authenticate_parser.add_argument('rand', type=is_hexstr, help='Random challenge')
+        authenticate_parser.add_argument('autn', type=is_hexstr, help='Authentication Nonce')
         #authenticate_parser.add_argument('--context', help='Authentication context', default='3G')
 
         @cmd2.with_argparser(authenticate_parser)
@@ -1599,7 +1600,7 @@
             self._cmd.poutput_json(data)
 
         term_prof_parser = argparse.ArgumentParser()
-        term_prof_parser.add_argument('PROFILE', help='Hexstring of encoded terminal profile')
+        term_prof_parser.add_argument('PROFILE', type=is_hexstr, help='Hexstring of encoded terminal profile')
 
         @cmd2.with_argparser(term_prof_parser)
         def do_terminal_profile(self, opts):
@@ -1613,7 +1614,7 @@
             self._cmd.poutput('SW: %s, data: %s' % (sw, data))
 
         envelope_parser = argparse.ArgumentParser()
-        envelope_parser.add_argument('PAYLOAD', help='Hexstring of encoded payload to ENVELOPE')
+        envelope_parser.add_argument('PAYLOAD', type=is_hexstr, help='Hexstring of encoded payload to ENVELOPE')
 
         @cmd2.with_argparser(envelope_parser)
         def do_envelope(self, opts):
@@ -1625,7 +1626,7 @@
             self._cmd.poutput('SW: %s, data: %s' % (sw, data))
 
         envelope_sms_parser = argparse.ArgumentParser()
-        envelope_sms_parser.add_argument('TPDU', help='Hexstring of encoded SMS TPDU')
+        envelope_sms_parser.add_argument('TPDU', type=is_hexstr, help='Hexstring of encoded SMS TPDU')
 
         @cmd2.with_argparser(envelope_sms_parser)
         def do_envelope_sms(self, opts):
diff --git a/pySim/ts_51_011.py b/pySim/ts_51_011.py
index 0a6f774..9b56b0e 100644
--- a/pySim/ts_51_011.py
+++ b/pySim/ts_51_011.py
@@ -1034,7 +1034,7 @@
             super().__init__()
 
         authenticate_parser = argparse.ArgumentParser()
-        authenticate_parser.add_argument('rand', help='Random challenge')
+        authenticate_parser.add_argument('rand', type=is_hexstr, help='Random challenge')
 
         @cmd2.with_argparser(authenticate_parser)
         def do_authenticate(self, opts):

To view, visit change 35551. To unsubscribe, or for help writing mail filters, visit settings.