You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by pr...@apache.org on 2013/07/26 00:53:55 UTC
[2/2] git commit: updated refs/heads/4.2 to f59947c
CLOUDSTACK-3821 RegisterTemplate URL validation issue
Changes:
- Added validation for the url path
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/f59947c3
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/f59947c3
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/f59947c3
Branch: refs/heads/4.2
Commit: f59947c322b8ae26f0df01027392835bc0655498
Parents: 6a7d7f6
Author: Prachi Damle <pr...@cloud.com>
Authored: Thu Jul 25 15:31:16 2013 -0700
Committer: Prachi Damle <pr...@cloud.com>
Committed: Thu Jul 25 15:31:16 2013 -0700
----------------------------------------------------------------------
.../template/HypervisorTemplateAdapter.java | 56 +++++++++++++++-----
1 file changed, 43 insertions(+), 13 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f59947c3/server/src/com/cloud/template/HypervisorTemplateAdapter.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/template/HypervisorTemplateAdapter.java b/server/src/com/cloud/template/HypervisorTemplateAdapter.java
index 6531838..4b3cade 100755
--- a/server/src/com/cloud/template/HypervisorTemplateAdapter.java
+++ b/server/src/com/cloud/template/HypervisorTemplateAdapter.java
@@ -16,6 +16,8 @@
// under the License.
package com.cloud.template;
+import java.net.MalformedURLException;
+import java.net.URL;
import java.util.List;
import java.util.concurrent.ExecutionException;
@@ -111,7 +113,29 @@ public class HypervisorTemplateAdapter extends TemplateAdapterBase {
public TemplateProfile prepare(RegisterTemplateCmd cmd) throws ResourceAllocationException {
TemplateProfile profile = super.prepare(cmd);
String url = profile.getUrl();
+ String path = null;
+ try {
+ URL str = new URL(url);
+ path = str.getPath();
+ } catch (MalformedURLException ex) {
+ throw new InvalidParameterValueException("Please specify a valid URL. URL:" + url + " is invalid");
+ }
+
+ try {
+ checkFormat(cmd.getFormat(), url);
+ } catch (InvalidParameterValueException ex) {
+ checkFormat(cmd.getFormat(), path);
+ }
+ UriUtils.validateUrl(url);
+ profile.setUrl(url);
+ // Check that the resource limit for secondary storage won't be exceeded
+ _resourceLimitMgr.checkResourceLimit(_accountMgr.getAccount(cmd.getEntityOwnerId()),
+ ResourceType.secondary_storage, UriUtils.getRemoteSize(url));
+ return profile;
+ }
+
+ private void checkFormat(String format, String url) {
if((!url.toLowerCase().endsWith("vhd"))&&(!url.toLowerCase().endsWith("vhd.zip"))
&&(!url.toLowerCase().endsWith("vhd.bz2"))&&(!url.toLowerCase().endsWith("vhd.gz"))
&&(!url.toLowerCase().endsWith("qcow2"))&&(!url.toLowerCase().endsWith("qcow2.zip"))
@@ -121,25 +145,31 @@ public class HypervisorTemplateAdapter extends TemplateAdapterBase {
&&(!url.toLowerCase().endsWith("tar"))&&(!url.toLowerCase().endsWith("tar.zip"))
&&(!url.toLowerCase().endsWith("tar.bz2"))&&(!url.toLowerCase().endsWith("tar.gz"))
&&(!url.toLowerCase().endsWith("img"))&&(!url.toLowerCase().endsWith("raw"))){
- throw new InvalidParameterValueException("Please specify a valid "+ cmd.getFormat().toLowerCase());
+ throw new InvalidParameterValueException("Please specify a valid " + format.toLowerCase());
}
- if ((cmd.getFormat().equalsIgnoreCase("vhd") && (!url.toLowerCase().endsWith("vhd") && !url.toLowerCase().endsWith("vhd.zip") && !url.toLowerCase().endsWith("vhd.bz2") && !url.toLowerCase().endsWith("vhd.gz") ))
- || (cmd.getFormat().equalsIgnoreCase("qcow2") && (!url.toLowerCase().endsWith("qcow2") && !url.toLowerCase().endsWith("qcow2.zip") && !url.toLowerCase().endsWith("qcow2.bz2") && !url.toLowerCase().endsWith("qcow2.gz") ))
- || (cmd.getFormat().equalsIgnoreCase("ova") && (!url.toLowerCase().endsWith("ova") && !url.toLowerCase().endsWith("ova.zip") && !url.toLowerCase().endsWith("ova.bz2") && !url.toLowerCase().endsWith("ova.gz")))
- || (cmd.getFormat().equalsIgnoreCase("tar") && (!url.toLowerCase().endsWith("tar") && !url.toLowerCase().endsWith("tar.zip") && !url.toLowerCase().endsWith("tar.bz2") && !url.toLowerCase().endsWith("tar.gz")))
- || (cmd.getFormat().equalsIgnoreCase("raw") && (!url.toLowerCase().endsWith("img") && !url.toLowerCase().endsWith("raw")))) {
- throw new InvalidParameterValueException("Please specify a valid URL. URL:" + url + " is an invalid for the format " + cmd.getFormat().toLowerCase());
+ if ((format.equalsIgnoreCase("vhd") && (!url.toLowerCase().endsWith("vhd")
+ && !url.toLowerCase().endsWith("vhd.zip") && !url.toLowerCase().endsWith("vhd.bz2") && !url
+ .toLowerCase().endsWith("vhd.gz")))
+ || (format.equalsIgnoreCase("qcow2") && (!url.toLowerCase().endsWith("qcow2")
+ && !url.toLowerCase().endsWith("qcow2.zip") && !url.toLowerCase().endsWith("qcow2.bz2") && !url
+ .toLowerCase().endsWith("qcow2.gz")))
+ || (format.equalsIgnoreCase("ova") && (!url.toLowerCase().endsWith("ova")
+ && !url.toLowerCase().endsWith("ova.zip") && !url.toLowerCase().endsWith("ova.bz2") && !url
+ .toLowerCase().endsWith("ova.gz")))
+ || (format.equalsIgnoreCase("tar") && (!url.toLowerCase().endsWith("tar")
+ && !url.toLowerCase().endsWith("tar.zip") && !url.toLowerCase().endsWith("tar.bz2") && !url
+ .toLowerCase().endsWith("tar.gz")))
+ || (format.equalsIgnoreCase("raw") && (!url.toLowerCase().endsWith("img") && !url.toLowerCase()
+ .endsWith("raw")))) {
+ throw new InvalidParameterValueException("Please specify a valid URL. URL:" + url
+ + " is an invalid for the format " + format.toLowerCase());
}
- UriUtils.validateUrl(url);
- profile.setUrl(url);
- // Check that the resource limit for secondary storage won't be exceeded
- _resourceLimitMgr.checkResourceLimit(_accountMgr.getAccount(cmd.getEntityOwnerId()),
- ResourceType.secondary_storage, UriUtils.getRemoteSize(url));
- return profile;
+
}
+
@Override
public VMTemplateVO create(TemplateProfile profile) {
// persist entry in vm_template, vm_template_details and template_zone_ref tables, not that entry at template_store_ref is not created here, and created in createTemplateAsync.