diff --git a/Disco.Services/Devices/DeviceExtensions.cs b/Disco.Services/Devices/DeviceExtensions.cs index 40b25a86..817313c0 100644 --- a/Disco.Services/Devices/DeviceExtensions.cs +++ b/Disco.Services/Devices/DeviceExtensions.cs @@ -69,6 +69,9 @@ namespace Disco.Services // - Assigned User Id // - Batch + if (d.SerialNumber.Contains("/") || d.SerialNumber.Contains(@"\")) + throw new ArgumentException(@"The device serial number cannot contain '/' or '\' characters.", nameof(d)); + // Enforce Authorization var auth = UserService.CurrentAuthorization; if (!auth.Has(Claims.Device.Properties.AssetNumber)) diff --git a/Disco.Services/Devices/Enrolment/DeviceEnrolment.cs b/Disco.Services/Devices/Enrolment/DeviceEnrolment.cs index e617013f..3d5d459d 100644 --- a/Disco.Services/Devices/Enrolment/DeviceEnrolment.cs +++ b/Disco.Services/Devices/Enrolment/DeviceEnrolment.cs @@ -189,9 +189,13 @@ namespace Disco.Services.Devices.Enrolment sessionId = OpenSessionId; } EnrolmentLog.LogSessionDeviceInfo(sessionId, Request); + MacEnrolResponse response = new MacEnrolResponse(); try { + if (Request.DeviceSerialNumber.Contains("/") || Request.DeviceSerialNumber.Contains(@"\")) + throw new EnrolmentSafeException(@"The serial number cannot contain '/' or '\' characters."); + EnrolmentLog.LogSessionProgress(sessionId, 10, "Querying Database"); Device RepoDevice = Database.Devices.Include("AssignedUser").Include("DeviceProfile").Include("DeviceProfile").Where(d => d.SerialNumber == Request.DeviceSerialNumber).FirstOrDefault(); if (!Trusted) @@ -307,6 +311,9 @@ namespace Disco.Services.Devices.Enrolment try { + if (Request.SerialNumber.Contains("/") || Request.SerialNumber.Contains(@"\")) + throw new EnrolmentSafeException(@"The serial number cannot contain '/' or '\' characters."); + EnrolmentLog.LogSessionProgress(sessionId, 10, "Loading User Data"); if (!string.IsNullOrWhiteSpace(Username)) { diff --git a/Disco.Services/Devices/Importing/Fields/DeviceSerialNumberImportField.cs b/Disco.Services/Devices/Importing/Fields/DeviceSerialNumberImportField.cs index ff0b4091..a8678f5f 100644 --- a/Disco.Services/Devices/Importing/Fields/DeviceSerialNumberImportField.cs +++ b/Disco.Services/Devices/Importing/Fields/DeviceSerialNumberImportField.cs @@ -28,7 +28,11 @@ namespace Disco.Services.Devices.Importing.Fields { parsedValue = Value.Trim(); if (parsedValue.Length > maxLength) - return Error(string.Format("Cannot be more than {0} characters", maxLength)); + return Error($"Cannot be more than {maxLength} characters"); + if (parsedValue.Contains(@"/")) + return Error(@"The '/' character is not allowed."); + if (parsedValue.Contains(@"\")) + return Error(@"The '\' character is not allowed."); } // Duplicate @@ -38,7 +42,7 @@ namespace Disco.Services.Devices.Importing.Fields .Where(r => IsDeviceSerialNumberValid(r.Item2)) .FirstOrDefault(r => r.Item2.Equals(parsedValue, StringComparison.OrdinalIgnoreCase)); if (duplicate != null) - return Error(string.Format("This Device Serial Number was already present on Row {0}", duplicate.Item1 + 1)); + return Error($"This Device Serial Number was already present on Row {duplicate.Item1 + 1}"); // No action required return Success(EntityState.Unchanged); diff --git a/Disco.Web/Controllers/DeviceController.cs b/Disco.Web/Controllers/DeviceController.cs index c2968520..529ce092 100644 --- a/Disco.Web/Controllers/DeviceController.cs +++ b/Disco.Web/Controllers/DeviceController.cs @@ -67,6 +67,10 @@ namespace Disco.Web.Controllers { ModelState.AddModelError("Device.SerialNumber", "The Serial Number is Required"); } + else if (m.Device.SerialNumber.Contains("/") || m.Device.SerialNumber.Contains(@"\")) + { + ModelState.AddModelError("Device.SerialNumber", @"The Serial Number cannot contain '/' or '\' characters"); + } else { // Ensure Existing Device Doesn't Exist