incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rohit Yadav" <bhais...@apache.org>
Subject Re: Review Request: Non-printable characters such as %00 or %0025 are getting stored in raw/non encoded form in the database
Date Wed, 09 Jan 2013 04:29:46 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/8876/#review15173
-----------------------------------------------------------


Good start indeed, and John would know better about security :)
We should be supporting unicode params as well (which may not be possible for 4.1), so one
plan is to work on unicode as well not just ascii, don't know how we should handle unallowed
chars.

- Rohit Yadav


On Jan. 8, 2013, 5:27 a.m., Likitha Shetty wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/8876/
> -----------------------------------------------------------
> 
> (Updated Jan. 8, 2013, 5:27 a.m.)
> 
> 
> Review request for cloudstack, Alena Prokharchyk and Rohit Yadav.
> 
> 
> Description
> -------
> 
> Non-printable characters results in empty pages for all users loading the corrupted object
in the web interface. It also results in the API call results getting truncated with an error
when it encounters the non-printable characters.
> To find if a parameter value contains a control character, every decoded parameter value
was matched with the regex [\000-\037\177] as the ASCII non-printable characters are numbers
0 to 31 and 127 decimal.
> 
> 
> This addresses bug CLOUDSTACK-863.
> 
> 
> Diffs
> -----
> 
>   server/src/com/cloud/api/ApiServer.java f42025c 
> 
> Diff: https://reviews.apache.org/r/8876/diff/
> 
> 
> Testing
> -------
> 
> Manual Testing done, 
> For sample API's (updateVirtualMachine, createVolume, authorizeSecurityGroupIngress etc),
provide input values containing character(s) that are
> • ASCII printable - pass 
> • ASCII non-printable - fail with error code 431 and error 'Received value <parameter-value>
for parameter <parameter-name> is invalid, contains illegal ASCII non-printable characters'

> • non-english - pass
> 
> 
> Thanks,
> 
> Likitha Shetty
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message