From 9d870f06113a85d22a26295726116d92f171e0c2 Mon Sep 17 00:00:00 2001
From: Andrew <mcdeweykp@gmail.com>
Date: Fri, 1 Sep 2023 20:15:33 -0400
Subject: [PATCH] Check for valid uuid

---
 .../web/routes/api/crafty/announcements/index.py | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/app/classes/web/routes/api/crafty/announcements/index.py b/app/classes/web/routes/api/crafty/announcements/index.py
index 79899e9e..12430725 100644
--- a/app/classes/web/routes/api/crafty/announcements/index.py
+++ b/app/classes/web/routes/api/crafty/announcements/index.py
@@ -1,5 +1,6 @@
 import logging
 import json
+import uuid
 from jsonschema import ValidationError, validate
 from app.classes.web.base_api_handler import BaseApiHandler
 
@@ -92,7 +93,11 @@ class ApiAnnounceIndexHandler(BaseApiHandler):
         for item in cleared_notifs[:]:
             if item not in res:
                 cleared_notifs.remove(item)
-        cleared_notifs.append(data["id"])
+        if is_valid_uuid(data["id"]):
+            cleared_notifs.append(data["id"])
+        else:
+            self.finish_json(200, {"status": "error", "error": "INVALID_DATA"})
+            return
         updata = {"cleared_notifs": ",".join(cleared_notifs)}
         self.controller.users.update_user(auth_data[4]["user_id"], updata)
         self.finish_json(
@@ -102,3 +107,12 @@ class ApiAnnounceIndexHandler(BaseApiHandler):
                 "data": {},
             },
         )
+
+
+def is_valid_uuid(value):
+    try:
+        uuid.UUID(str(value))
+
+        return True
+    except ValueError:
+        return False