You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by pr...@apache.org on 2013/07/26 00:53:55 UTC

[2/2] git commit: updated refs/heads/4.2 to f59947c

CLOUDSTACK-3821 RegisterTemplate URL validation issue

Changes:
- Added validation for the url path


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/f59947c3
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/f59947c3
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/f59947c3

Branch: refs/heads/4.2
Commit: f59947c322b8ae26f0df01027392835bc0655498
Parents: 6a7d7f6
Author: Prachi Damle <pr...@cloud.com>
Authored: Thu Jul 25 15:31:16 2013 -0700
Committer: Prachi Damle <pr...@cloud.com>
Committed: Thu Jul 25 15:31:16 2013 -0700

----------------------------------------------------------------------
 .../template/HypervisorTemplateAdapter.java     | 56 +++++++++++++++-----
 1 file changed, 43 insertions(+), 13 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f59947c3/server/src/com/cloud/template/HypervisorTemplateAdapter.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/template/HypervisorTemplateAdapter.java b/server/src/com/cloud/template/HypervisorTemplateAdapter.java
index 6531838..4b3cade 100755
--- a/server/src/com/cloud/template/HypervisorTemplateAdapter.java
+++ b/server/src/com/cloud/template/HypervisorTemplateAdapter.java
@@ -16,6 +16,8 @@
 // under the License.
 package com.cloud.template;
 
+import java.net.MalformedURLException;
+import java.net.URL;
 import java.util.List;
 import java.util.concurrent.ExecutionException;
 
@@ -111,7 +113,29 @@ public class HypervisorTemplateAdapter extends TemplateAdapterBase {
     public TemplateProfile prepare(RegisterTemplateCmd cmd) throws ResourceAllocationException {
         TemplateProfile profile = super.prepare(cmd);
         String url = profile.getUrl();
+        String path = null;
+        try {
+            URL str = new URL(url);
+            path = str.getPath();
+        } catch (MalformedURLException ex) {
+            throw new InvalidParameterValueException("Please specify a valid URL. URL:" + url + " is invalid");
+        }
+
+        try {
+            checkFormat(cmd.getFormat(), url);
+        } catch (InvalidParameterValueException ex) {
+            checkFormat(cmd.getFormat(), path);
+        }
 
+        UriUtils.validateUrl(url);
+        profile.setUrl(url);
+        // Check that the resource limit for secondary storage won't be exceeded
+        _resourceLimitMgr.checkResourceLimit(_accountMgr.getAccount(cmd.getEntityOwnerId()),
+                ResourceType.secondary_storage, UriUtils.getRemoteSize(url));
+        return profile;
+    }
+
+    private void checkFormat(String format, String url) {
         if((!url.toLowerCase().endsWith("vhd"))&&(!url.toLowerCase().endsWith("vhd.zip"))
                 &&(!url.toLowerCase().endsWith("vhd.bz2"))&&(!url.toLowerCase().endsWith("vhd.gz"))
                 &&(!url.toLowerCase().endsWith("qcow2"))&&(!url.toLowerCase().endsWith("qcow2.zip"))
@@ -121,25 +145,31 @@ public class HypervisorTemplateAdapter extends TemplateAdapterBase {
                 &&(!url.toLowerCase().endsWith("tar"))&&(!url.toLowerCase().endsWith("tar.zip"))
                 &&(!url.toLowerCase().endsWith("tar.bz2"))&&(!url.toLowerCase().endsWith("tar.gz"))
                 &&(!url.toLowerCase().endsWith("img"))&&(!url.toLowerCase().endsWith("raw"))){
-            throw new InvalidParameterValueException("Please specify a valid "+ cmd.getFormat().toLowerCase());
+            throw new InvalidParameterValueException("Please specify a valid " + format.toLowerCase());
         }
 
-        if ((cmd.getFormat().equalsIgnoreCase("vhd") && (!url.toLowerCase().endsWith("vhd") && !url.toLowerCase().endsWith("vhd.zip") && !url.toLowerCase().endsWith("vhd.bz2") && !url.toLowerCase().endsWith("vhd.gz") ))
-                || (cmd.getFormat().equalsIgnoreCase("qcow2") && (!url.toLowerCase().endsWith("qcow2") && !url.toLowerCase().endsWith("qcow2.zip") && !url.toLowerCase().endsWith("qcow2.bz2") && !url.toLowerCase().endsWith("qcow2.gz") ))
-                || (cmd.getFormat().equalsIgnoreCase("ova") && (!url.toLowerCase().endsWith("ova") && !url.toLowerCase().endsWith("ova.zip") && !url.toLowerCase().endsWith("ova.bz2") && !url.toLowerCase().endsWith("ova.gz")))
-                || (cmd.getFormat().equalsIgnoreCase("tar") && (!url.toLowerCase().endsWith("tar") && !url.toLowerCase().endsWith("tar.zip") && !url.toLowerCase().endsWith("tar.bz2") && !url.toLowerCase().endsWith("tar.gz")))
-                || (cmd.getFormat().equalsIgnoreCase("raw") && (!url.toLowerCase().endsWith("img") && !url.toLowerCase().endsWith("raw")))) {
-            throw new InvalidParameterValueException("Please specify a valid URL. URL:" + url + " is an invalid for the format " + cmd.getFormat().toLowerCase());
+        if ((format.equalsIgnoreCase("vhd") && (!url.toLowerCase().endsWith("vhd")
+                && !url.toLowerCase().endsWith("vhd.zip") && !url.toLowerCase().endsWith("vhd.bz2") && !url
+                .toLowerCase().endsWith("vhd.gz")))
+                || (format.equalsIgnoreCase("qcow2") && (!url.toLowerCase().endsWith("qcow2")
+                        && !url.toLowerCase().endsWith("qcow2.zip") && !url.toLowerCase().endsWith("qcow2.bz2") && !url
+                        .toLowerCase().endsWith("qcow2.gz")))
+                || (format.equalsIgnoreCase("ova") && (!url.toLowerCase().endsWith("ova")
+                        && !url.toLowerCase().endsWith("ova.zip") && !url.toLowerCase().endsWith("ova.bz2") && !url
+                        .toLowerCase().endsWith("ova.gz")))
+                || (format.equalsIgnoreCase("tar") && (!url.toLowerCase().endsWith("tar")
+                        && !url.toLowerCase().endsWith("tar.zip") && !url.toLowerCase().endsWith("tar.bz2") && !url
+                        .toLowerCase().endsWith("tar.gz")))
+                || (format.equalsIgnoreCase("raw") && (!url.toLowerCase().endsWith("img") && !url.toLowerCase()
+                        .endsWith("raw")))) {
+            throw new InvalidParameterValueException("Please specify a valid URL. URL:" + url
+                    + " is an invalid for the format " + format.toLowerCase());
         }
 
-        UriUtils.validateUrl(url);
-        profile.setUrl(url);
-        // Check that the resource limit for secondary storage won't be exceeded
-        _resourceLimitMgr.checkResourceLimit(_accountMgr.getAccount(cmd.getEntityOwnerId()),
-                ResourceType.secondary_storage, UriUtils.getRemoteSize(url));
-        return profile;
+
     }
 
+
     @Override
     public VMTemplateVO create(TemplateProfile profile) {
         // persist entry in vm_template, vm_template_details and template_zone_ref tables, not that entry at template_store_ref is not created here, and created in createTemplateAsync.