shaba/one
1
0
Fork 0
mirror of https://github.com/OpenNebula/one.git synced 2025-04-02 10:50:07 +03:00
Code Releases Wiki Activity

feature #4162: Sanitize some user attributes in XML douments

Browse Source
This commit is contained in:
Ruben S. Montero 2016-03-03 12:32:36 +01:00
parent 0579f23cf7
commit 6004270685
12 changed files with 81 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
include/Attribute.h
View File

@ -22,6 +22,8 @@
#include <sstream>
#include <algorithm>
#include "NebulaUtil.h"
using namespace std;
/**
@ -163,8 +165,8 @@ public:
{
string * xml = new string;
*xml = "<" + name() + "><![CDATA[" + attribute_value
+ "]]></"+ name() + ">";
*xml = "<" + name() + ">" + one_util::escape_xml(attribute_value) +
"</"+ name() + ">";
return xml;
}

10
src/common/Attribute.cc
View File

@ -19,8 +19,7 @@
#include <cstring>
#include "Attribute.h"
#define TO_UPPER(S) transform(S.begin(),S.end(),S.begin(),(int(*)(int))toupper)
#include "NebulaUtil.h"
const char * VectorAttribute::magic_sep = "@^_^@";
const int VectorAttribute::magic_sep_size = 5;
@ -101,8 +100,9 @@ void VectorAttribute::to_xml(ostringstream &oss) const
}
else
{
oss << "<" << it->first << "><![CDATA[" << it->second
<< "]]></"<< it->first << ">";
oss << "<" << it->first << ">"
<< one_util::escape_xml(it->second)
<< "</" << it->first << ">";
}
}
@ -294,7 +294,7 @@ int VectorAttribute::vector_value(const char *name, bool& value) const
string tmp = it->second;
TO_UPPER(tmp);
one_util::toupper(tmp);
if (tmp == "YES")
{

34
src/datastore/Datastore.cc
View File

@ -651,24 +651,24 @@ string& Datastore::to_xml(string& xml) const
oss <<
"<DATASTORE>" <<
"<ID>" << oid << "</ID>" <<
"<UID>" << uid << "</UID>" <<
"<GID>" << gid << "</GID>" <<
"<UNAME>" << uname << "</UNAME>" <<
"<GNAME>" << gname << "</GNAME>" <<
"<NAME>" << name << "</NAME>" <<
"<ID>" << oid << "</ID>" <<
"<UID>" << uid << "</UID>" <<
"<GID>" << gid << "</GID>" <<
"<UNAME>" << uname << "</UNAME>" <<
"<GNAME>" << gname << "</GNAME>" <<
"<NAME>" << name << "</NAME>" <<
perms_to_xml(perms_xml) <<
"<DS_MAD><![CDATA[" << ds_mad << "]]></DS_MAD>" <<
"<TM_MAD><![CDATA[" << tm_mad << "]]></TM_MAD>" <<
"<BASE_PATH><![CDATA[" << base_path << "]]></BASE_PATH>"<<
"<TYPE>" << type << "</TYPE>" <<
"<DISK_TYPE>" << disk_type << "</DISK_TYPE>" <<
"<STATE>" << state << "</STATE>" <<
"<CLUSTER_ID>" << cluster_id << "</CLUSTER_ID>" <<
"<CLUSTER>" << cluster << "</CLUSTER>" <<
"<TOTAL_MB>" << total_mb << "</TOTAL_MB>" <<
"<FREE_MB>" << free_mb << "</FREE_MB>" <<
"<USED_MB>" << used_mb << "</USED_MB>" <<
"<DS_MAD>" << one_util::escape_xml(ds_mad) << "</DS_MAD>" <<
"<TM_MAD>" << one_util::escape_xml(tm_mad) << "</TM_MAD>" <<
"<BASE_PATH>" << one_util::escape_xml(base_path)<< "</BASE_PATH>"<<
"<TYPE>" << type << "</TYPE>" <<
"<DISK_TYPE>" << disk_type << "</DISK_TYPE>" <<
"<STATE>" << state << "</STATE>" <<
"<CLUSTER_ID>" << cluster_id << "</CLUSTER_ID>"<<
"<CLUSTER>" << cluster << "</CLUSTER>" <<
"<TOTAL_MB>" << total_mb << "</TOTAL_MB>" <<
"<FREE_MB>" << free_mb << "</FREE_MB>" <<
"<USED_MB>" << used_mb << "</USED_MB>" <<
images.to_xml(collection_xml) <<
obj_template->to_xml(template_xml) <<
"</DATASTORE>";

6
src/host/Host.cc
View File

@ -592,9 +592,9 @@ string& Host::to_xml(string& xml) const
"<ID>" << oid << "</ID>" <<
"<NAME>" << name << "</NAME>" <<
"<STATE>" << state << "</STATE>" <<
"<IM_MAD><![CDATA[" << im_mad_name << "]]></IM_MAD>" <<
"<VM_MAD><![CDATA[" << vmm_mad_name << "]]></VM_MAD>" <<
"<VN_MAD><![CDATA[" << vnm_mad_name << "]]></VN_MAD>" <<
"<IM_MAD>" << one_util::escape_xml(im_mad_name) << "</IM_MAD>" <<
"<VM_MAD>" << one_util::escape_xml(vmm_mad_name) << "</VM_MAD>" <<
"<VN_MAD>" << one_util::escape_xml(vnm_mad_name) << "</VN_MAD>" <<
"<LAST_MON_TIME>" << last_monitored << "</LAST_MON_TIME>" <<
"<CLUSTER_ID>" << cluster_id << "</CLUSTER_ID>" <<
"<CLUSTER>" << cluster << "</CLUSTER>" <<

6
src/image/Image.cc
View File

@ -352,9 +352,9 @@ string& Image::to_xml(string& xml) const
"<DISK_TYPE>" << disk_type << "</DISK_TYPE>" <<
"<PERSISTENT>" << persistent_img << "</PERSISTENT>" <<
"<REGTIME>" << regtime << "</REGTIME>" <<
"<SOURCE><![CDATA["<< source << "]]></SOURCE>" <<
"<PATH><![CDATA[" << path << "]]></PATH>" <<
"<FSTYPE><![CDATA["<< fs_type << "]]></FSTYPE>" <<
"<SOURCE>" << one_util::escape_xml(source) << "</SOURCE>" <<
"<PATH>" << one_util::escape_xml(path) << "</PATH>" <<
"<FSTYPE>" << one_util::escape_xml(fs_type)<< "</FSTYPE>" <<
"<SIZE>" << size_mb << "</SIZE>" <<
"<STATE>" << state << "</STATE>" <<
"<RUNNING_VMS>" << running_vms << "</RUNNING_VMS>" <<

14
src/market/MarketPlaceApp.cc
View File

@ -240,14 +240,14 @@ std::string& MarketPlaceApp::to_xml(std::string& xml) const
"<GNAME>" << gname << "</GNAME>" <<
"<REGTIME>" << regtime << "</REGTIME>" <<
"<NAME>" << name << "</NAME>" <<
"<ORIGIN_ID>" << origin_id << "</ORIGIN_ID>" <<
"<SOURCE>" << source << "</SOURCE>" <<
"<MD5>" << md5 << "</MD5>" <<
"<ORIGIN_ID>" << one_util::escape_xml(origin_id)<< "</ORIGIN_ID>" <<
"<SOURCE>" << one_util::escape_xml(source) << "</SOURCE>" <<
"<MD5>" << one_util::escape_xml(md5) << "</MD5>" <<
"<SIZE>" << size_mb << "</SIZE>" <<
"<DESCRIPTION>" << description << "</DESCRIPTION>" <<
"<VERSION>" << version << "</VERSION>" <<
"<FORMAT>" << format << "</FORMAT>" <<
"<APPTEMPLATE64>" << apptemplate64 << "</APPTEMPLATE64>" <<
"<DESCRIPTION>" << one_util::escape_xml(description) << "</DESCRIPTION>" <<
"<VERSION>" << one_util::escape_xml(version) << "</VERSION>" <<
"<FORMAT>" << one_util::escape_xml(format) << "</FORMAT>" <<
"<APPTEMPLATE64>" << one_util::escape_xml(apptemplate64) << "</APPTEMPLATE64>" <<
"<MARKETPLACE_ID>" << market_id << "</MARKETPLACE_ID>" <<
"<MARKETPLACE>" << market_name << "</MARKETPLACE>" <<
"<STATE>" << state << "</STATE>" <<

6
src/pool/PoolObjectSQL.cc
View File

@ -526,9 +526,9 @@ string& PoolObjectSQL::lock_db_to_xml(string& xml) const
int locked_int = locked ? 1 : 0;
oss << "<LOCK>"
<< "<LOCKED>" << locked_int << "</LOCKED>"
<< "<OWNER><![CDATA[" << lock_owner << "]]></OWNER>"
<< "<EXPIRES>" << lock_expires << "</EXPIRES>"
<< "<LOCKED>" << locked_int << "</LOCKED>"
<< "<OWNER>" << one_util::escape_xml(lock_owner) << "</OWNER>"
<< "<EXPIRES>" << lock_expires << "</EXPIRES>"
<< "</LOCK>";
xml = oss.str();

4
src/um/User.cc
View File

@ -234,8 +234,8 @@ string& User::to_xml_extended(string& xml, bool extended) const
groups.to_xml(collection_xml) <<
"<GNAME>" << gname <<"</GNAME>" <<
"<NAME>" << name <<"</NAME>" <<
"<PASSWORD>" << password <<"</PASSWORD>" <<
"<AUTH_DRIVER>" << auth_driver <<"</AUTH_DRIVER>"<<
"<PASSWORD>" <<one_util::escape_xml(password) <<"</PASSWORD>" <<
"<AUTH_DRIVER>" <<one_util::escape_xml(auth_driver)<<"</AUTH_DRIVER>"<<
"<ENABLED>" << enabled_int <<"</ENABLED>" <<
login_token.to_xml(token_xml) <<
obj_template->to_xml(template_xml);

40
src/vm/History.cc
View File

@ -300,26 +300,26 @@ string& History::to_xml(string& xml, bool database) const
oss <<
"<HISTORY>" <<
"<OID>" << oid << "</OID>" <<
"<SEQ>" << seq << "</SEQ>" <<
"<HOSTNAME>" << hostname << "</HOSTNAME>"<<
"<HID>" << hid << "</HID>" <<
"<CID>" << cid << "</CID>" <<
"<STIME>" << stime << "</STIME>" <<
"<ETIME>" << etime << "</ETIME>" <<
"<VMMMAD>" << vmm_mad_name << "</VMMMAD>"<<
"<VNMMAD>" << vnm_mad_name << "</VNMMAD>"<<
"<TMMAD>" << tm_mad_name << "</TMMAD>" <<
"<DS_LOCATION>" << ds_location << "</DS_LOCATION>" <<
"<DS_ID>" << ds_id << "</DS_ID>" <<
"<PSTIME>" << prolog_stime << "</PSTIME>"<<
"<PETIME>" << prolog_etime << "</PETIME>"<<
"<RSTIME>" << running_stime << "</RSTIME>"<<
"<RETIME>" << running_etime << "</RETIME>"<<
"<ESTIME>" << epilog_stime << "</ESTIME>"<<
"<EETIME>" << epilog_etime << "</EETIME>"<<
"<REASON>" << reason << "</REASON>"<<
"<ACTION>" << action << "</ACTION>";
"<OID>" << oid << "</OID>" <<
"<SEQ>" << seq << "</SEQ>" <<
"<HOSTNAME>" << hostname << "</HOSTNAME>"<<
"<HID>" << hid << "</HID>" <<
"<CID>" << cid << "</CID>" <<
"<STIME>" << stime << "</STIME>" <<
"<ETIME>" << etime << "</ETIME>" <<
"<VMMMAD>" << one_util::escape_xml(vmm_mad_name) << "</VMMMAD>"<<
"<VNMMAD>" << one_util::escape_xml(vnm_mad_name) << "</VNMMAD>"<<
"<TMMAD>" << one_util::escape_xml(tm_mad_name) << "</TMMAD>" <<
"<DS_LOCATION>" << one_util::escape_xml(ds_location) << "</DS_LOCATION>" <<
"<DS_ID>" << ds_id << "</DS_ID>" <<
"<PSTIME>" << prolog_stime << "</PSTIME>"<<
"<PETIME>" << prolog_etime << "</PETIME>"<<
"<RSTIME>" << running_stime << "</RSTIME>"<<
"<RETIME>" << running_etime << "</RETIME>"<<
"<ESTIME>" << epilog_stime << "</ESTIME>"<<
"<EETIME>" << epilog_etime << "</EETIME>"<<
"<REASON>" << reason << "</REASON>"<<
"<ACTION>" << action << "</ACTION>";
if ( database )
{

6
src/vmm/VirtualMachineManager.cc
View File

@ -425,7 +425,7 @@ string * VirtualMachineManager::format_message(
if ( !tm_command.empty() )
{
oss << "<TM_COMMAND><![CDATA[" << tm_command << "]]></TM_COMMAND>";
oss << "<TM_COMMAND>" << one_util::escape_xml(tm_command) << "</TM_COMMAND>";
}
else
{
@ -434,8 +434,8 @@ string * VirtualMachineManager::format_message(
if (!tm_command_rollback.empty())
{
oss << "<TM_COMMAND_ROLLBACK><![CDATA[" << tm_command_rollback
<< "]]></TM_COMMAND_ROLLBACK>";
oss << "<TM_COMMAND_ROLLBACK>" << one_util::escape_xml(tm_command_rollback)
<< "</TM_COMMAND_ROLLBACK>";
}
else
{

18
src/vnm/AddressRange.cc
View File

@ -422,14 +422,15 @@ void AddressRange::to_xml(ostringstream &oss, const vector<int>& vms,
continue;
}
oss << "<" << it->first << "><![CDATA[" << it->second
<< "]]></"<< it->first << ">";
oss << "<" << it->first << ">"
<< one_util::escape_xml(it->second)
<< "</"<< it->first << ">";
}
mac_end[1] = mac[1];
mac_end[0] = (mac[0] + size - 1);
oss << "<MAC_END><![CDATA[" << mac_to_s(mac_end) << "]]></MAC_END>";
oss << "<MAC_END>" << one_util::escape_xml(mac_to_s(mac_end))<<"</MAC_END>";
aux_st = attr->vector_value("IP");
@ -441,7 +442,8 @@ void AddressRange::to_xml(ostringstream &oss, const vector<int>& vms,
if (rc == 0)
{
oss << "<IP_END><![CDATA[" << ip_to_s(ip_i + size - 1) << "]]></IP_END>";
oss << "<IP_END>" << one_util::escape_xml(ip_to_s(ip_i + size - 1))
<< "</IP_END>";
}
}
@ -452,19 +454,19 @@ void AddressRange::to_xml(ostringstream &oss, const vector<int>& vms,
if (ula6[1] != 0 || ula6[0] != 0 ) /* Unique Local Address */
{
ip6_to_s(ula6, mac, ip6_s);
oss << "<IP6_ULA><![CDATA[" << ip6_s << "]]></IP6_ULA>";
oss << "<IP6_ULA>" << one_util::escape_xml(ip6_s) << "</IP6_ULA>";
ip6_to_s(ula6, mac_end, ip6_s);
oss << "<IP6_ULA_END><![CDATA[" << ip6_s << "]]></IP6_ULA_END>";
oss << "<IP6_ULA_END>" << one_util::escape_xml(ip6_s) << "</IP6_ULA_END>";
}
if (global6[1] != 0 || global6[0] != 0 ) /* Glocal Unicast */
{
ip6_to_s(global6, mac, ip6_s);
oss << "<IP6_GLOBAL><![CDATA[" << ip6_s << "]]></IP6_GLOBAL>";
oss << "<IP6_GLOBAL>" << one_util::escape_xml(ip6_s) << "</IP6_GLOBAL>";
ip6_to_s(global6, mac_end, ip6_s);
oss << "<IP6_GLOBAL_END><![CDATA[" << ip6_s << "]]></IP6_GLOBAL_END>";
oss << "<IP6_GLOBAL_END>" << one_util::escape_xml(ip6_s) << "</IP6_GLOBAL_END>";
}
}

8
src/vnm/VirtualNetwork.cc
View File

@ -436,8 +436,8 @@ string& VirtualNetwork::to_xml_extended(string& xml, bool extended,
perms_to_xml(perm_str) <<
"<CLUSTER_ID>"<< cluster_id<< "</CLUSTER_ID>"<<
"<CLUSTER>" << cluster << "</CLUSTER>" <<
"<BRIDGE>" << bridge << "</BRIDGE>" <<
"<VLAN>" << vlan << "</VLAN>";
"<BRIDGE>" << one_util::escape_xml(bridge)<< "</BRIDGE>" <<
"<VLAN>" << one_util::escape_xml(vlan) << "</VLAN>";
if (parent_vid != -1)
{
@ -450,7 +450,7 @@ string& VirtualNetwork::to_xml_extended(string& xml, bool extended,
if (!phydev.empty())
{
os << "<PHYDEV><![CDATA[" << phydev << "]]></PHYDEV>";
os << "<PHYDEV>" << one_util::escape_xml(phydev) << "</PHYDEV>";
}
else
{
@ -459,7 +459,7 @@ string& VirtualNetwork::to_xml_extended(string& xml, bool extended,
if (!vlan_id.empty())
{
os << "<VLAN_ID><![CDATA[" << vlan_id << "]]></VLAN_ID>";
os << "<VLAN_ID>" << one_util::escape_xml(vlan_id) << "</VLAN_ID>";
}
else
{