diff options
author | Roberto Hueso Gómez <rhueso@soleta.eu> | 2019-11-05 11:42:27 +0100 |
---|---|---|
committer | OpenGnSys Support Team <soporte-og@soleta.eu> | 2019-11-06 11:27:47 +0100 |
commit | abe2a888ab769677e89000b7f32b1c07d9fed17e (patch) | |
tree | 01fd739f690e247c7048137149163e388f5c08a5 /sources | |
parent | 1a1ecf7791e06c3c7fb03cbb9e401bbcecf427a3 (diff) |
#915 Validate POST /image/create REST API parameters
This patch ensures that all required parameters are sent in the request.
Diffstat (limited to 'sources')
-rw-r--r-- | sources/ogAdmServer.cpp | 34 |
1 files changed, 27 insertions, 7 deletions
diff --git a/sources/ogAdmServer.cpp b/sources/ogAdmServer.cpp index 553cccc..5b18593 100644 --- a/sources/ogAdmServer.cpp +++ b/sources/ogAdmServer.cpp @@ -3298,6 +3298,10 @@ struct og_msg_params { #define OG_REST_PARAM_RUN_CMD (1UL << 3) #define OG_REST_PARAM_DISK (1UL << 4) #define OG_REST_PARAM_PARTITION (1UL << 5) +#define OG_REST_PARAM_REPO (1UL << 6) +#define OG_REST_PARAM_NAME (1UL << 7) +#define OG_REST_PARAM_ID (1UL << 8) +#define OG_REST_PARAM_CODE (1UL << 9) static bool og_msg_params_validate(const struct og_msg_params *params, const uint64_t flags) @@ -4021,25 +4025,41 @@ static int og_cmd_create_image(json_t *element, struct og_msg_params *params) return -1; json_object_foreach(element, key, value) { - if (!strcmp(key, "disk")) + if (!strcmp(key, "disk")) { err = og_json_parse_string(value, ¶ms->disk); - else if (!strcmp(key, "partition")) + params->flags |= OG_REST_PARAM_DISK; + } else if (!strcmp(key, "partition")) { err = og_json_parse_string(value, ¶ms->partition); - else if (!strcmp(key, "name")) + params->flags |= OG_REST_PARAM_PARTITION; + } else if (!strcmp(key, "name")) { err = og_json_parse_string(value, ¶ms->name); - else if (!strcmp(key, "repository")) + params->flags |= OG_REST_PARAM_NAME; + } else if (!strcmp(key, "repository")) { err = og_json_parse_string(value, ¶ms->repository); - else if (!strcmp(key, "clients")) + params->flags |= OG_REST_PARAM_REPO; + } else if (!strcmp(key, "clients")) { err = og_json_parse_clients(value, params); - else if (!strcmp(key, "id")) + } else if (!strcmp(key, "id")) { err = og_json_parse_string(value, ¶ms->id); - else if (!strcmp(key, "code")) + params->flags |= OG_REST_PARAM_ID; + } else if (!strcmp(key, "code")) { err = og_json_parse_string(value, ¶ms->code); + params->flags |= OG_REST_PARAM_CODE; + } if (err < 0) break; } + if (!og_msg_params_validate(params, OG_REST_PARAM_ADDR | + OG_REST_PARAM_DISK | + OG_REST_PARAM_PARTITION | + OG_REST_PARAM_CODE | + OG_REST_PARAM_ID | + OG_REST_PARAM_NAME | + OG_REST_PARAM_REPO)) + return -1; + len = snprintf(buf, sizeof(buf), "nfn=CrearImagen\rdsk=%s\rpar=%s\rcpt=%s\ridi=%s\rnci=%s\ripr=%s\r", params->disk, params->partition, params->code, |