Bug Fix #79 Ban '/' from serial numbers

Disco.Services/Devices/DeviceExtensions.cs

@@ -69,6 +69,9 @@ namespace Disco.Services
             // - Assigned User Id
             // - Batch
 
+            if (d.SerialNumber.Contains("/") || d.SerialNumber.Contains(@"\"))
+                throw new ArgumentException(@"The device serial number cannot contain '/' or '\' characters.", nameof(d));
+
             // Enforce Authorization
             var auth = UserService.CurrentAuthorization;
             if (!auth.Has(Claims.Device.Properties.AssetNumber))

Disco.Services/Devices/Enrolment/DeviceEnrolment.cs

@@ -189,9 +189,13 @@ namespace Disco.Services.Devices.Enrolment
                 sessionId = OpenSessionId;
             }
             EnrolmentLog.LogSessionDeviceInfo(sessionId, Request);
+
             MacEnrolResponse response = new MacEnrolResponse();
             try
             {
+                if (Request.DeviceSerialNumber.Contains("/") || Request.DeviceSerialNumber.Contains(@"\"))
+                    throw new EnrolmentSafeException(@"The serial number cannot contain '/' or '\' characters.");
+
                 EnrolmentLog.LogSessionProgress(sessionId, 10, "Querying Database");
                 Device RepoDevice = Database.Devices.Include("AssignedUser").Include("DeviceProfile").Include("DeviceProfile").Where(d => d.SerialNumber == Request.DeviceSerialNumber).FirstOrDefault();
                 if (!Trusted)
@@ -307,6 +311,9 @@ namespace Disco.Services.Devices.Enrolment
 
             try
             {
+                if (Request.SerialNumber.Contains("/") || Request.SerialNumber.Contains(@"\"))
+                    throw new EnrolmentSafeException(@"The serial number cannot contain '/' or '\' characters.");
+
                 EnrolmentLog.LogSessionProgress(sessionId, 10, "Loading User Data");
                 if (!string.IsNullOrWhiteSpace(Username))
                 {

Disco.Services/Devices/Importing/Fields/DeviceSerialNumberImportField.cs

@@ -28,7 +28,11 @@ namespace Disco.Services.Devices.Importing.Fields
             {
                 parsedValue = Value.Trim();
                 if (parsedValue.Length > maxLength)
-                    return Error(string.Format("Cannot be more than {0} characters", maxLength));
+                    return Error($"Cannot be more than {maxLength} characters");
+                if (parsedValue.Contains(@"/"))
+                    return Error(@"The '/' character is not allowed.");
+                if (parsedValue.Contains(@"\"))
+                    return Error(@"The '\' character is not allowed.");
             }
 
             // Duplicate
@@ -38,7 +42,7 @@ namespace Disco.Services.Devices.Importing.Fields
                 .Where(r => IsDeviceSerialNumberValid(r.Item2))
                 .FirstOrDefault(r => r.Item2.Equals(parsedValue, StringComparison.OrdinalIgnoreCase));
             if (duplicate != null)
-                return Error(string.Format("This Device Serial Number was already present on Row {0}", duplicate.Item1 + 1));
+                return Error($"This Device Serial Number was already present on Row {duplicate.Item1 + 1}");
 
             // No action required
             return Success(EntityState.Unchanged);

Disco.Web/Controllers/DeviceController.cs

@@ -67,6 +67,10 @@ namespace Disco.Web.Controllers
             {
                 ModelState.AddModelError("Device.SerialNumber", "The Serial Number is Required");
             }
+            else if (m.Device.SerialNumber.Contains("/") || m.Device.SerialNumber.Contains(@"\"))
+            {
+                ModelState.AddModelError("Device.SerialNumber", @"The Serial Number cannot contain '/' or '\' characters");
+            }
             else
             {
                 // Ensure Existing Device Doesn't Exist