So I have some code running an IP check to ensure an ADMIN account cannot have access from outside my network.
string strIP = Request.ServerVariables["REMOTE_ADDR"];
if (
(strIP.Substring(0, 9) != "XXX.XX.X.")
&& (strIP.Substring(0, 10) != "XXX.XX.XX.")
&& (strIP.Substring(0, 6) != "XX.XX.")
&& (strIP.Substring(0, 6) != "XX.XX.")
)
{
..// Check user for being an ADMIN // ....
}
This code was working fine for several weeks, but suddenly has started consistently to err out. The error message is:
Exception
Exception Type: System. ArgumentOUtOfRangeException
Exception Message: Index and length must refer to a location within the string. Parameter name: length.
When I remove the line with "Substring(0,10)", everything works. Also, when I change the line "Substring(0,10)" to "Substring(0,9)" and remove the last ".", everything works.
Can anyone tell me why or perhaps instruct on what is being done incorrectly? For the life of me I can't figure out what is going on.
The problem is that strIP doesn't have 10 characters because your configuration changed for some reason. You could do something like:
(strIP.Length >= 9 && strIP.Substring(0, 9) != "XXX.XX.X.")
|| (strIP.Length >= 10 && strIP.Substring(0, 10) != "XXX.XX.XX.")
|| (strIP.Length >= 6 && strIP.Substring(0, 6) != "XX.XX.")
Notice that the fourth line was a duplicate of the third.
Do not allow an out of bounds error to happen by putting a check for length of strIP before you try to do any of the sub-string comparisons, like this:
if (strIP.Length == 10)
{
if ((strIP.Substring(0, 9) != "XXX.XX.X.")
&& (strIP.Substring(0, 10) != "XXX.XX.XX.")
&& (strIP.Substring(0, 6) != "XX.XX.")
&& (strIP.Substring(0, 6) != "XX.XX."))
{
..// Check user for being an ADMIN // ....
}
}
else
{
// Do something here, error, message to user, deny access, etc.
}
UPDATE:
If you want to only apply checks, based upon the length of the string, then use a switch statement, like this:
switch (strIP.Length)
{
case 6:
if(strIP.Substring(0, 6) != "XX.XX.")
{
// Check user for being an ADMIN
}
break;
case 9:
if(strIP.Substring(0, 9) != "XXX.XX.X.")
{
// Check user for being an ADMIN
}
break;
case 10:
if(strIP.Substring(0, 10) != "XXX.XX.XX.")
{
// Check user for being an ADMIN
}
break;
default:
// IP string is not in format expected, do something here
// Most likely would want to err on the side of caution and deny access
break;
}
Related
I am setting security rules so user can increment a value only if (newData + alreadyInsertedData) < limit
but firebase security rules editor showing below error
Invalid + expression: right operand is not a number or string.
Can we convert newData to int/long so we can add it and check if condition?
the rule I have error in,
".write":"auth != null && ((root.child(\"GameResult\").child($adminRef).child($gameName).child($jodi).child($uid).val()+newData) < root.child(\"Limits\").child($adminRef).child(\"maxAmountOnEachJodi\").val())"
complete rules(please ignore other issues right now),
{
"rules":{
".read":"auth != null",
// ".write":"auth != null",
"GameResult":{
"$adminRef":{
"$gameName":{
"$jodi":{
"$uid":{
".write":"auth != null && ((root.child(\"GameResult\").child($adminRef).child($gameName).child($jodi).child($uid).val()+newData) < root.child(\"Limits\").child($adminRef).child(\"maxAmountOnEachJodi\").val())"
}
}
}
}
}
}
}
database nodes are below:
the value(red marked) in GameResult node should not cross the value(blue marked) in Limit node.
GameResult node:
Limit node:
Finally what I want is:
(GameResult/*/*/*/*:value+ newData) <= (Limits/*/*/maxAmountOnEachJodi:value)
I found it, newData is kind of a object which has a val() function. So calling newData.val() will get the job done.
I've looked around for a while for an answer but no one has one and everyone keeps saying it's how it's supposed to work.
I need to render an & (ampersand) as plain javascript code. Not as a string.
if (#(Model.Month == null ? "now.getMonth() == tooltipItems[0].index" : "now.getMonth() == tooltipItems[0].index && now.getDay() == tooltipItems[0].index") && now.getFullYear() == $('#DistinctYears').val()) {
//
} else {
//
}
I need this section:
"now.getMonth() == tooltipItems[0].index && now.getDay() == tooltipItems[0].index"
To render as plain javascript code but when it renders, the ampersands automatically get converted to &&
Surround the entire ternary expression with Html.Raw():
#Html.Raw(Model.Month == null ? "now.getMonth() == tooltipItems[0].index" : "now.getMonth() == " + (Model.Month - 1) + " && now.getDate() == (tooltipItems[0].index + 1)")
This article stated that "[writeFields] is now deprecated".
Additionally, I cannot find any documentation for writeFields, it is not even listed as part of Request in the documentation anymore.
Problem
The problem I am facing with Cloud Firestore Security Rules is that verifying that only particular fields are modified requires massive amounts of conditions.
For example, if I want to verify that the only modified value of a document is cakes, I have to write the following rule:
allow update: if request.resource.data.size() == 20
&& request.resource.data.likes == resource.data.likes
&& request.resource.data.name == resource.data.name
&& request.resource.data.date == resource.data.date
&& request.resource.data.body == resource.data.body
&& request.resource.data.title == resource.data.title
&& request.resource.data.tags == resource.data.tags
&& request.resource.data.comments == resource.data.comments
&& request.resource.data.answers == resource.data.answers
&& request.resource.data.awards == resource.data.awards
&& request.resource.data.image == resource.data.image
&& request.resource.data.link == resource.data.link
&& request.resource.data.format == resource.data.format
&& request.resource.data.type == resource.data.type
&& request.resource.data.user == resource.data.user
&& request.resource.data.views == resource.data.views
&& request.resource.data.reports == resource.data.reports
&& request.resource.data.roles == resource.data.roles
&& request.resource.data.category == resource.data.category
&& request.resource.data.votes == resource.data.votes
&& request.resource.data.cakes is int;
Using writeFields, the exact same rule would have looked like this:
allow update: if request.writeFields.hasOnly(['cakes']) && request.resource.data.cakes is int;
What can I do to decrease the code size of my rules / what is the alternative to writeFields?
Limits
There are two limits mentioned in the documentation that make this problem even worse:
Maximum number of expressions evaluated per request: 1,000
Maximum size of a ruleset: 64 KB
I expect to reach both of these at some point with this limitation.
Yes! There is now a replacement called "Map Diffs". Check this syntax out:
allow update: if request.resource.data.diff(resource.data).affectedKeys().hasOnly(['cakes'])
&& request.resource.data.cakes is int;
Unfortunately, what you're doing right now is currently your best option.
The Firebase rules team is working on a language improvement to make it easier to compare/diff map type objects, which will drastically cut down on the number of expressions it takes to do this sort of thing, but there is no timeline for that right now. Please stay tuned.
I end up writing these helper function:
// returns true if all the fields changed are contained in the array parameter
function onlyAllowedFields(fieldsArray) {
return fieldsArray.toSet().hasAll(request.resource.data.diff(resource.data).affectedKeys());
}
// returns true if none of the fields are changed
function noneOfDisallowedFields(fieldsArray) {
return request.resource.data.diff(resource.data).affectedKeys().hasAny(fieldsArray.toSet()) == false
}
I found more helpful this way instead of using hasOnly() that would require that all fields that could be changed must have been changed.
ternary make code concise and readable, I'm curious about how to change the following if condition to ternary operator:
var1 = if(true){'a'};
I try the following
var1 = true? 'a': ;
since it require nothing to do with false condition, I leave blank after :, but apparently it gives me a error.
Is there a way to do this?
--------update---------
The intention of using the above example is that I want to simplify the problem, however it made everyone more confuse, so I post my original code:
if($_SERVER['REQUEST_METHOD'] == 'GET'){ $sub_count = 0; }
$sub_count = $_SERVER['REQUEST_METHOD'] == 'GET'? 0 : ;
how to change the if condition to ternary ?
$sub_count = null;
$sub_count = $_SERVER['REQUEST_METHOD'] == 'GET'? 0 : null;
// To check:
if(!isset($sub_count))
{
// Do something because $_SERVER['REQUEST_METHOD'] != 'GET'
} else {
if($sub_count===0)
{
// REQUEST METHOD IS GET
}
}
I'm having a bit of trouble trying to find if my url parameters exist or not.
I have tried the following:
// doesn't work
(Request.QueryString["showTop"] != "" && Request.QueryString["showTop"] != null)
// doesn't work
(Request.Params["showTop"] != "" && Request.Params["showTop"] != null)
I am trying to find the correct value. The full statement looks like:
showTop = (Request.QueryString["showTop"] != "" &&
Request.QueryString["showTop"] != null) ?
Request.QueryString["showTop"] : (10).ToString();
Which works fine, if showTop exists with a value.
This is being done within the view.
Try the following:
showTop = string.IsNullOrEmpty(Request["showTop"]) ? "10" : Request["showTop"];
Assuming you want "showTop"to default to "10".
First check whether QueryString has keys or not by calling this method.
bool qKeys = Request.QueryString.HasKeys();