diff options
| author | Roberto Hueso Gómez <rhueso@soleta.eu> | 2019-11-05 11:43:49 +0100 |
|---|---|---|
| committer | OpenGnSys Support Team <soporte-og@soleta.eu> | 2019-11-06 11:29:42 +0100 |
| commit | ec4189b18f71381fc7b45cfa77d7f3fa660458c4 (patch) | |
| tree | 80785c9b9eccd63c1a46ed3a02462cda8b9f5be2 | |
| parent | abe2a888ab769677e89000b7f32b1c07d9fed17e (diff) | |
#915 Validate POST /image/restore REST API parameters
This patch ensures that all required parameters are sent in the request.
| -rw-r--r-- | sources/ogAdmServer.cpp | 36 |
1 files changed, 28 insertions, 8 deletions
diff --git a/sources/ogAdmServer.cpp b/sources/ogAdmServer.cpp index 5b18593..a392697 100644 --- a/sources/ogAdmServer.cpp +++ b/sources/ogAdmServer.cpp @@ -3302,6 +3302,8 @@ struct og_msg_params { #define OG_REST_PARAM_NAME (1UL << 7) #define OG_REST_PARAM_ID (1UL << 8) #define OG_REST_PARAM_CODE (1UL << 9) +#define OG_REST_PARAM_TYPE (1UL << 10) +#define OG_REST_PARAM_PROFILE (1UL << 11) static bool og_msg_params_validate(const struct og_msg_params *params, const uint64_t flags) @@ -4089,27 +4091,45 @@ static int og_cmd_restore_image(json_t *element, struct og_msg_params *params) return -1; json_object_foreach(element, key, value) { - if (!strcmp(key, "disk")) + if (!strcmp(key, "disk")) { err = og_json_parse_string(value, ¶ms->disk); - else if (!strcmp(key, "partition")) + params->flags |= OG_REST_PARAM_DISK; + } else if (!strcmp(key, "partition")) { err = og_json_parse_string(value, ¶ms->partition); - else if (!strcmp(key, "name")) + params->flags |= OG_REST_PARAM_PARTITION; + } else if (!strcmp(key, "name")) { err = og_json_parse_string(value, ¶ms->name); - else if (!strcmp(key, "repository")) + params->flags |= OG_REST_PARAM_NAME; + } else if (!strcmp(key, "repository")) { err = og_json_parse_string(value, ¶ms->repository); - else if (!strcmp(key, "clients")) + params->flags |= OG_REST_PARAM_REPO; + } else if (!strcmp(key, "clients")) { err = og_json_parse_clients(value, params); - else if (!strcmp(key, "type")) + } else if (!strcmp(key, "type")) { err = og_json_parse_string(value, ¶ms->type); - else if (!strcmp(key, "profile")) + params->flags |= OG_REST_PARAM_TYPE; + } else if (!strcmp(key, "profile")) { err = og_json_parse_string(value, ¶ms->profile); - else if (!strcmp(key, "id")) + params->flags |= OG_REST_PARAM_PROFILE; + } else if (!strcmp(key, "id")) { err = og_json_parse_string(value, ¶ms->id); + params->flags |= OG_REST_PARAM_ID; + } if (err < 0) break; } + if (!og_msg_params_validate(params, OG_REST_PARAM_ADDR | + OG_REST_PARAM_DISK | + OG_REST_PARAM_PARTITION | + OG_REST_PARAM_NAME | + OG_REST_PARAM_REPO | + OG_REST_PARAM_TYPE | + OG_REST_PARAM_PROFILE | + OG_REST_PARAM_ID)) + return -1; + len = snprintf(buf, sizeof(buf), "nfn=RestaurarImagen\ridi=%s\rdsk=%s\rpar=%s\rifs=%s\r" "nci=%s\ripr=%s\rptc=%s\r", |