From b118549485b359610792e52246a5ba2c88f41389 Mon Sep 17 00:00:00 2001
From: Rudolf Copi Eckelberg <rce16@inf.ufpr.br>
Date: Mon, 10 Oct 2016 10:41:39 -0300
Subject: [PATCH] Sanitization of enrollments for simulation model

---
 src/libs/models/simulation.js | 47 ++++++++++++++++++++++++++++++-----
 src/libs/routes/simulation.js | 14 ++++++++++-
 src/test/test.js              | 29 +++++++++++++++++++--
 3 files changed, 81 insertions(+), 9 deletions(-)

diff --git a/src/libs/models/simulation.js b/src/libs/models/simulation.js
index a445c280..cf6ad41c 100644
--- a/src/libs/models/simulation.js
+++ b/src/libs/models/simulation.js
@@ -19,38 +19,73 @@ let SimulationSchema = new Schema({
     failure_rate: Array,
     goals_care: Array,
     goals_inclusion: Array,
+    enrollments: Array,
 });
 
 SimulationSchema.methods.setTime = function (t) {
     t = parseInt(t, 10);
     if (!t || t > MAX_SIMULATION_TIME) {
         // Throw an error?
-        return;
+        return false;
     }
     this.time = t;
+    return true;
 };
 SimulationSchema.methods.setLocation = function (l) {
     // Should sanitize
     this.location = l;
+    return true;
 };
 SimulationSchema.methods.setFailureRate = function (fr) {
     // Should sanitize
     this.failure_rate = fr;
+    return true;
 };
 SimulationSchema.methods.setCareGoals = function (g) {
     // Should sanitize
     this.goals_care = g;
+    return true;
 };
 SimulationSchema.methods.setInclusionGoals = function (g) {
     // Should sanitize
     this.goals_inclusion = g;
+    return true;
 };
+SimulationSchema.methods.setEnrollments = function (e) {
+    e = JSON.parse(e);
+    for(let i=0; i<e.length; i++){
+        if(!(e[i] instanceof Array)){
+            return false;
+        }
+        if(e[i].length !== this.time){
+            return false;
+        }
+        for(let n of e[i])
+            if(!(n instanceof Number) && (n !== parseInt(n, 10))){
+                return false;
+            }
+    }
+    log.debug("rolou");
+    this.enrollments = e;
+
+    return true;
+}
 SimulationSchema.methods.update = function (property, value) {
-    if (property === 'time') this.setTime(value);
-    if (property === 'location') this.setLocation(value);
-    if (property === 'failure_rate') this.setFailureRate(value);
-    if (property === 'goals_care') this.setCareGoals(value);
-    if (property === 'goals_inclusion') this.setInclusionGoals(value);
+    let success = true;
+    if (property === 'time') {
+        if (!this.setTime(value)) success = false;
+    } else if (property === 'location') {
+        if (!this.setLocation(value)) success = false;
+    } else if (property === 'failure_rate') {
+        if (!this.setFailureRate(value)) success = false;
+    } else if (property === 'goals_care') {
+        if (!this.setCareGoals(value)) success = false;
+    } else if (property === 'goals_inclusion') {
+        if (!this.setInclusionGoals(value)) success = false;
+    } else if (property === 'enrollments') {
+        if (!this.setEnrollments(value)) success = false;
+    } else success = false;
+    return success;
 };
 
 SimulationSchema.methods.run = function () {
diff --git a/src/libs/routes/simulation.js b/src/libs/routes/simulation.js
index 961f6173..ce1a2ff0 100644
--- a/src/libs/routes/simulation.js
+++ b/src/libs/routes/simulation.js
@@ -85,7 +85,19 @@ simulationApp.post('/:id', (req, res, next) => {
 }, (req, res) => {
     for (let property in req.body) {
         if (Simulation.schema.tree.hasOwnProperty(property)) {
-            req.simulation.update(property, req.body[property]);
+            if(!req.simulation.update(property, req.body[property])){
+                res.send({
+                    success: false,
+                    msg: 'Invalid format for ' + property,
+                });
+                return ;
+            }
+        } else {
+            res.send({
+                success: false,
+                msg: 'Unknown property ' + property,
+            });
+            return ;
         }
     }
     req.simulation.save((err) => {
diff --git a/src/test/test.js b/src/test/test.js
index a5fc30a6..d0763cbe 100644
--- a/src/test/test.js
+++ b/src/test/test.js
@@ -597,7 +597,32 @@ describe('Requires a simulation', () => {
                     done();
                 });
         });
-
     });
-
+    it('should include consistent enrollment tables', (done) => {
+        newSimulation = new Simulation();
+        newSimulation.name = 'test';
+        newSimulation.save((err, sim) => {
+            let id = sim._id;
+            chai.request(server)
+                .post(`/api/v1/simulation/${id}`)
+                .send({
+                    time: 5,
+                    enrollments: "[[100, 150, 200, 250, 300]]",
+                })
+                .end((err, res) => {
+                    res.should.have.status(200);
+                    res.should.be.json;
+                    res.body.should.have.property('id');
+                    res.body.id.should.be.a('string');
+                    Simulation.findById(res.body.id, (err, simulation) => {
+                        simulation.should.have.property('name');
+                        simulation.name.should.be.a('string');
+                        simulation.should.have.property('time');
+                        simulation.time.should.be.a('number');
+                        simulation.time.should.equal(5);
+                    });
+                    done();
+                });
+        });
+    });
 });
-- 
GitLab