rpc: Only show version string if it matches expected pattern

src/daemon/rpc_command_executor.cpp

@@ -38,6 +38,7 @@
 #include "cryptonote_basic/difficulty.h"
 #include "cryptonote_basic/hardfork.h"
 #include "rpc/rpc_payment_signature.h"
+#include "rpc/rpc_version_str.h"
 #include <boost/format.hpp>
 #include <ctime>
 #include <string>
@@ -2465,7 +2466,7 @@ bool t_rpc_command_executor::version()
         }
     }
 
-    if (res.version.empty())
+    if (res.version.empty() || !cryptonote::rpc::is_version_string_valid(res.version))
     {
         tools::fail_msg_writer() << "The daemon software version is not available.";
     }

src/rpc/CMakeLists.txt

@@ -37,6 +37,7 @@ set(rpc_sources
   bootstrap_daemon.cpp
   core_rpc_server.cpp
   rpc_payment.cpp
+  rpc_version_str.cpp
   instanciations)
 
 set(daemon_messages_sources
@@ -54,6 +55,7 @@ set(rpc_base_headers
   rpc_handler.h)
 
 set(rpc_headers
+  rpc_version_str.h
   rpc_handler.h)
 
 set(daemon_rpc_server_headers)

src/rpc/rpc_version_str.cpp

@@ -0,0 +1,55 @@
+// Copyright (c) 2019, The Monero Project
+// 
+// All rights reserved.
+// 
+// Redistribution and use in source and binary forms, with or without modification, are
+// permitted provided that the following conditions are met:
+// 
+// 1. Redistributions of source code must retain the above copyright notice, this list of
+//    conditions and the following disclaimer.
+// 
+// 2. Redistributions in binary form must reproduce the above copyright notice, this list
+//    of conditions and the following disclaimer in the documentation and/or other
+//    materials provided with the distribution.
+// 
+// 3. Neither the name of the copyright holder nor the names of its contributors may be
+//    used to endorse or promote products derived from this software without specific
+//    prior written permission.
+// 
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#include "rpc_version_str.h"
+#include "version.h"
+#include <regex>
+
+namespace cryptonote
+{
+
+namespace rpc
+{
+
+// Expected format of Monero software version string:
+// 1) Four numbers, one to two digits each, separated by periods
+// 2) Optionally, one of the following suffixes:
+//      a) -release
+//      b) -<hash> where <hash> is exactly nine lowercase hex digits
+
+bool is_version_string_valid(const std::string& str)
+{
+    return std::regex_match(str, std::regex(
+        "^\\d{1,2}(\\.\\d{1,2}){3}(-(release|[0-9a-f]{9}))?$",
+        std::regex_constants::nosubs
+    ));
+}
+
+}  // namespace rpc
+
+}  // namespace cryptonote

src/rpc/rpc_version_str.h

@@ -0,0 +1,43 @@
+// Copyright (c) 2019, The Monero Project
+//
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without modification, are
+// permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this list of
+//    conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice, this list
+//    of conditions and the following disclaimer in the documentation and/or other
+//    materials provided with the distribution.
+//
+// 3. Neither the name of the copyright holder nor the names of its contributors may be
+//    used to endorse or promote products derived from this software without specific
+//    prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+#pragma once
+
+#include <string>
+
+namespace cryptonote
+{
+
+namespace rpc
+{
+
+bool is_version_string_valid(const std::string& str);
+
+} // namespace rpc
+
+} // namespace cryptonote

tests/unit_tests/CMakeLists.txt

@@ -92,7 +92,8 @@ set(unit_tests_sources
   ringdb.cpp
   wipeable_string.cpp
   is_hdd.cpp
-  aligned.cpp)
+  aligned.cpp
+  rpc_version_str.cpp)
 
 set(unit_tests_headers
   unit_tests_utils.h)

tests/unit_tests/rpc_version_str.cpp

@@ -0,0 +1,49 @@
+// Copyright (c) 2019, The Monero Project
+// 
+// All rights reserved.
+// 
+// Redistribution and use in source and binary forms, with or without modification, are
+// permitted provided that the following conditions are met:
+// 
+// 1. Redistributions of source code must retain the above copyright notice, this list of
+//    conditions and the following disclaimer.
+// 
+// 2. Redistributions in binary form must reproduce the above copyright notice, this list
+//    of conditions and the following disclaimer in the documentation and/or other
+//    materials provided with the distribution.
+// 
+// 3. Neither the name of the copyright holder nor the names of its contributors may be
+//    used to endorse or promote products derived from this software without specific
+//    prior written permission.
+// 
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#include "gtest/gtest.h"
+
+#include "rpc/rpc_version_str.h"
+#include "version.h"
+
+TEST(rpc, is_version_string_valid)
+{
+  using namespace cryptonote::rpc;
+  ASSERT_TRUE(is_version_string_valid(MONERO_VERSION));
+  ASSERT_TRUE(is_version_string_valid("0.14.1.2"));
+  ASSERT_TRUE(is_version_string_valid("0.15.0.0-release"));
+  ASSERT_TRUE(is_version_string_valid("0.15.0.0-fe3f6a3e6"));
+
+  ASSERT_FALSE(is_version_string_valid(""));
+  ASSERT_FALSE(is_version_string_valid("invalid"));
+  ASSERT_FALSE(is_version_string_valid("0.15.0.0-invalid"));
+  ASSERT_FALSE(is_version_string_valid("0.15.0.0-release0"));
+  ASSERT_FALSE(is_version_string_valid("0.15.0.0-release "));
+  ASSERT_FALSE(is_version_string_valid("0.15.0.0-fe3f6a3e60"));
+  ASSERT_FALSE(is_version_string_valid("0.15.0.0-fe3f6a3e6 "));
+}