From 2860c664d036752be14c7e5982ba5371c46d5595 Mon Sep 17 00:00:00 2001
From: Unrud <unrud@openaliasbox.org>
Date: Tue, 6 Jun 2017 20:01:09 +0200
Subject: [PATCH] Check that vobject_item have a UID

---
 radicale/__init__.py            |  2 ++
 radicale/storage.py             | 23 +++++++++++++++++++++--
 radicale/tests/static/todo2.ics |  1 +
 radicale/tests/static/todo3.ics |  1 +
 radicale/tests/static/todo4.ics |  1 +
 radicale/tests/static/todo5.ics |  1 +
 radicale/tests/static/todo6.ics |  1 +
 radicale/tests/static/todo7.ics |  1 +
 radicale/tests/static/todo8.ics |  2 +-
 9 files changed, 30 insertions(+), 3 deletions(-)

diff --git a/radicale/__init__.py b/radicale/__init__.py
index c5bc34e..ae53c89 100644
--- a/radicale/__init__.py
+++ b/radicale/__init__.py
@@ -788,6 +788,8 @@ class Application:
 
             try:
                 items = list(vobject.readComponents(content or ""))
+                for item in items:
+                    storage.check_item(item)
             except Exception as e:
                 self.logger.warning(
                     "Bad PUT request on %r: %s", path, e, exc_info=True)
diff --git a/radicale/storage.py b/radicale/storage.py
index e258879..711e7fc 100644
--- a/radicale/storage.py
+++ b/radicale/storage.py
@@ -114,6 +114,20 @@ def load(configuration, logger):
     return CollectionCopy
 
 
+def check_item(vobject_item):
+    """Check vobject items for common errors."""
+    if vobject_item.name == "VCALENDAR":
+        for component in vobject_item.components():
+            if (component.name in ("VTODO", "VEVENT", "VJOURNAL") and
+                    not get_uid(component)):
+                raise ValueError("UID in %s is missing" % component.name)
+    elif vobject_item.name == "VCARD":
+        if not get_uid(vobject_item):
+            raise ValueError("UID in VCARD is missing")
+    else:
+        raise ValueError("Unknown item type: %r" % vobject_item.name)
+
+
 def scandir(path, only_dirs=False, only_files=False):
     """Iterator for directory elements. (For compatibility with Python < 3.5)
 
@@ -986,8 +1000,13 @@ class Collection(BaseCollection):
             cinput_hash = cetag = ctext = ctag = cstart = cend = None
         vobject_item = None
         if input_hash != cinput_hash:
-            vobject_item = Item(self, href=href,
-                                text=btext.decode(self.encoding)).item
+            try:
+                vobject_item = Item(self, href=href,
+                                    text=btext.decode(self.encoding)).item
+                check_item(vobject_item)
+            except Exception as e:
+                raise RuntimeError("Failed to parse item %r from %r: %s" %
+                                   (href, self.path, e)) from e
             # Serialize the object again, to normalize the text representation.
             # The storage may have been edited externally.
             ctext = vobject_item.serialize()
diff --git a/radicale/tests/static/todo2.ics b/radicale/tests/static/todo2.ics
index 0642ef6..32274f7 100644
--- a/radicale/tests/static/todo2.ics
+++ b/radicale/tests/static/todo2.ics
@@ -23,5 +23,6 @@ BEGIN:VTODO
 DTSTART;TZID=Europe/Paris:20130901T180000
 DUE;TZID=Europe/Paris:20130903T180000
 RRULE:FREQ=MONTHLY
+UID:todo2
 END:VTODO
 END:VCALENDAR
diff --git a/radicale/tests/static/todo3.ics b/radicale/tests/static/todo3.ics
index fb29bc1..f9252fd 100644
--- a/radicale/tests/static/todo3.ics
+++ b/radicale/tests/static/todo3.ics
@@ -21,5 +21,6 @@ END:STANDARD
 END:VTIMEZONE
 BEGIN:VTODO
 DTSTART;TZID=Europe/Paris:20130901T180000
+UID:todo3
 END:VTODO
 END:VCALENDAR
diff --git a/radicale/tests/static/todo4.ics b/radicale/tests/static/todo4.ics
index eeecb96..1c651dc 100644
--- a/radicale/tests/static/todo4.ics
+++ b/radicale/tests/static/todo4.ics
@@ -21,5 +21,6 @@ END:STANDARD
 END:VTIMEZONE
 BEGIN:VTODO
 DUE;TZID=Europe/Paris:20130901T180000
+UID:todo4
 END:VTODO
 END:VCALENDAR
diff --git a/radicale/tests/static/todo5.ics b/radicale/tests/static/todo5.ics
index ae6a629..29c307f 100644
--- a/radicale/tests/static/todo5.ics
+++ b/radicale/tests/static/todo5.ics
@@ -22,5 +22,6 @@ END:VTIMEZONE
 BEGIN:VTODO
 CREATED;TZID=Europe/Paris:20130903T180000
 COMPLETED;TZID=Europe/Paris:20130920T180000
+UID:todo5
 END:VTODO
 END:VCALENDAR
diff --git a/radicale/tests/static/todo6.ics b/radicale/tests/static/todo6.ics
index db9b4b5..805b4cf 100644
--- a/radicale/tests/static/todo6.ics
+++ b/radicale/tests/static/todo6.ics
@@ -21,5 +21,6 @@ END:STANDARD
 END:VTIMEZONE
 BEGIN:VTODO
 COMPLETED;TZID=Europe/Paris:20130920T180000
+UID:todo6
 END:VTODO
 END:VCALENDAR
diff --git a/radicale/tests/static/todo7.ics b/radicale/tests/static/todo7.ics
index 1d44c3a..f94b271 100644
--- a/radicale/tests/static/todo7.ics
+++ b/radicale/tests/static/todo7.ics
@@ -21,5 +21,6 @@ END:STANDARD
 END:VTIMEZONE
 BEGIN:VTODO
 CREATED;TZID=Europe/Paris:20130803T180000
+UID:todo7
 END:VTODO
 END:VCALENDAR
diff --git a/radicale/tests/static/todo8.ics b/radicale/tests/static/todo8.ics
index 8005238..27d4962 100644
--- a/radicale/tests/static/todo8.ics
+++ b/radicale/tests/static/todo8.ics
@@ -20,6 +20,6 @@ RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
 END:STANDARD
 END:VTIMEZONE
 BEGIN:VTODO
-
+UID:todo8
 END:VTODO
 END:VCALENDAR