From 854defb4ff5e0d53f51545d20796aff662f9850f Mon Sep 17 00:00:00 2001

From: Saravanakumar Arumugam <sarumuga@redhat.com>

Date: Thu, 9 Jul 2015 15:56:28 +0530

Subject: [PATCH 411/449] tools/glusterfind : validate session name

Validate a session name(during create) for the following:

1. minimum 2 character length.

2. Maximum 256 characters.

3. No special characters apart from underscore, hyphen allowed.

Also, validate volume(expect, while using glusterfind list).

>Change-Id: I1b1e64e218f93d0a531d3cf69fc2ce7e2ed11d01

>BUG: 1241494

>Signed-off-by: Saravanakumar Arumugam <sarumuga@redhat.com>

>Signed-off-by: Shwetha K Acharya <sacharya@redhat.com>

backport of https://review.gluster.org/#/c/glusterfs/+/11602/

BUG: 1234220

Change-Id: I1b1e64e218f93d0a531d3cf69fc2ce7e2ed11d01

Signed-off-by: Shwetha K Acharya <sacharya@redhat.com>

Reviewed-on: https://code.engineering.redhat.com/gerrit/202469

Tested-by: RHGS Build Bot <nigelb@redhat.com>

Reviewed-by: Sunil Kumar Heggodu Gopala Acharya <sheggodu@redhat.com>

---

 tools/glusterfind/src/main.py | 50 ++++++++++++++++++++++++++++++++++++-------

 1 file changed, 42 insertions(+), 8 deletions(-)

diff --git a/tools/glusterfind/src/main.py b/tools/glusterfind/src/main.py

index 5ca1fec..4b5466d 100644

--- a/tools/glusterfind/src/main.py

+++ b/tools/glusterfind/src/main.py

@@ -23,6 +23,7 @@ import tempfile

 import signal

 from datetime import datetime

 import codecs

+import re

 from utils import execute, is_host_local, mkdirp, fail

 from utils import setup_logger, human_time, handle_rm_error

@@ -520,11 +521,8 @@ def write_output(outfile, outfilemerger, field_separator):

                 else:

                     gfind_write(f, row[0], field_separator, p_rep)

-def mode_create(session_dir, args):

-    logger.debug("Init is called - Session: %s, Volume: %s"

-                 % (args.session, args.volume))

-

-    cmd = ["gluster", 'volume', 'info', args.volume, "--xml"]

+def validate_volume(volume):

+    cmd = ["gluster", 'volume', 'info', volume, "--xml"]

     _, data, _ = execute(cmd,

                          exit_msg="Failed to Run Gluster Volume Info",

                          logger=logger)

@@ -532,11 +530,42 @@ def mode_create(session_dir, args):

         tree = etree.fromstring(data)

         statusStr = tree.find('volInfo/volumes/volume/statusStr').text

     except (ParseError, AttributeError) as e:

-        fail("Invalid Volume: %s" % e, logger=logger)

-

+        fail("Invalid Volume: Check the Volume name! %s" % e)

     if statusStr != "Started":

-        fail("Volume %s is not online" % args.volume, logger=logger)

+        fail("Volume %s is not online" % volume)

+

+# The rules for a valid session name.

+SESSION_NAME_RULES = {

+    'min_length': 2,

+    'max_length': 256,  # same as maximum volume length

+    # Specifies all alphanumeric characters, underscore, hyphen.

+    'valid_chars': r'0-9a-zA-Z_-',

+}

+

+

+# checks valid session name, fail otherwise

+def validate_session_name(session):

+    # Check for minimum length

+    if len(session) < SESSION_NAME_RULES['min_length']:

+        fail('session_name must be at least ' +

+                 str(SESSION_NAME_RULES['min_length']) + ' characters long.')

+    # Check for maximum length

+    if len(session) > SESSION_NAME_RULES['max_length']:

+        fail('session_name must not exceed ' +

+                 str(SESSION_NAME_RULES['max_length']) + ' characters length.')

+

+    # Matches strings composed entirely of characters specified within

+    if not re.match(r'^[' + SESSION_NAME_RULES['valid_chars'] +

+                        ']+$', session):

+        fail('Session name can only contain these characters: ' +

+                         SESSION_NAME_RULES['valid_chars'])

+

+

+def mode_create(session_dir, args):

+    validate_session_name(args.session)

+    logger.debug("Init is called - Session: %s, Volume: %s"

+                 % (args.session, args.volume))

     mkdirp(session_dir, exit_on_err=True, logger=logger)

     mkdirp(os.path.join(session_dir, args.volume), exit_on_err=True,

            logger=logger)

@@ -850,6 +879,11 @@ def main():

                 args.mode not in ["create", "list", "query"]:

             fail("Invalid session %s" % args.session)

+        # volume involved, validate the volume first

+        if args.mode not in ["list"]:

+            validate_volume(args.volume)

+

+

         # "default" is a system defined session name

         if args.mode in ["create", "post", "pre", "delete"] and \

                 args.session == "default":

-- 

1.8.3.1