Browse Source

fix(geo_common): check bbox parameters are within range

If bounding box lat/lon values are outside the correct range,
Elasticsearch throws very alarming errors.

With a little validation code we can provide more friendly and
actionable error messages.

Fixes https://github.com/pelias/pelias/issues/750
pull/1207/head
Julian Simioni 6 years ago
parent
commit
76bc5c654d
No known key found for this signature in database
GPG Key ID: B9EEB0C6EE0910A1
  1. 22
      sanitizer/_geo_common.js
  2. 32
      test/unit/sanitizer/_geo_common.js

22
sanitizer/_geo_common.js

@ -43,12 +43,34 @@ function sanitize_rect( key_prefix, clean, raw, bbox_is_required ) {
} }
}); });
sanitize_bbox_bounds(raw, key_prefix);
// use sanitize_coord to set values in `clean` // use sanitize_coord to set values in `clean`
properties.forEach(function(prop) { properties.forEach(function(prop) {
sanitize_coord(prop, clean, raw, true); sanitize_coord(prop, clean, raw, true);
}); });
} }
// validate lat/lon values are within bounds
function sanitize_bbox_bounds(raw, key_prefix) {
const bounds = [ { dimension: 'lat', range: 90},
{ dimension: 'lon', range: 180}];
bounds.forEach(function(bound) {
const values = {
max: parseFloat(raw[`${key_prefix}.max_${bound.dimension}`]),
min: parseFloat(raw[`${key_prefix}.min_${bound.dimension}`])
};
['min', 'max'].forEach(function(prefix) {
if (Math.abs(values[prefix]) > bound.range) {
const key =`${key_prefix}.${prefix}_${bound.dimension}`;
throw new Error(`${key} value ${values[prefix]} is outside range -${bound.range},${bound.range}`);
}
});
});
}
/** /**
* Parse and validate circle parameter * Parse and validate circle parameter
* *

32
test/unit/sanitizer/_geo_common.js

@ -298,6 +298,38 @@ module.exports.tests.rect = function(test, common) {
}); });
t.end(); t.end();
}); });
test('invalid rect - out of range latitude', function(t) {
var clean = {};
var params = {
'boundary.rect.max_lat': 352.2387,
'boundary.rect.max_lon': 14.1367,
'boundary.rect.min_lat': 52.7945,
'boundary.rect.min_lon': 12.6398
};
var mandatory = false;
t.throws( function() {
sanitize.sanitize_rect( 'boundary.rect', clean, params, mandatory );
}, /boundary.rect.max_lat value 352.2387 is outside range -90,90/, 'should throw error on boundary.rect.max_lat value');
t.end();
});
test('invalid rect - out of range longitude', function(t) {
var clean = {};
var params = {
'boundary.rect.max_lat': 52.2387,
'boundary.rect.max_lon': 14.1367,
'boundary.rect.min_lat': 12.7945,
'boundary.rect.min_lon': -200.6398
};
var mandatory = false;
t.throws( function() {
sanitize.sanitize_rect( 'boundary.rect', clean, params, mandatory );
}, /boundary.rect.min_lon value -200.6398 is outside range -180,180/, 'should throw error on boundary.rect.min_lon');
t.end();
});
}; };
module.exports.tests.circle = function(test, common) { module.exports.tests.circle = function(test, common) {

Loading…
Cancel
Save