Skip to content

Commit

Permalink
[do not merge] attempt to resolve CodeQL errors
Browse files Browse the repository at this point in the history
Signed-off-by: Mark Bolton <mark.bolton@canonical.com>
  • Loading branch information
boltmark committed Sep 4, 2024
1 parent a3a86e2 commit b580917
Show file tree
Hide file tree
Showing 6 changed files with 23 additions and 16 deletions.
7 changes: 4 additions & 3 deletions lxd/instance_backup.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import (
"fmt"
"net/http"
"net/url"
"slices"
"strings"
"time"

Expand Down Expand Up @@ -310,7 +311,7 @@ func instanceBackupsPost(d *Daemon, r *http.Request) response.Response {
}

// Validate the name.
if strings.Contains(req.Name, "/") {
if slices.Contains([]string{"/", "\\", ".."}, req.Name) {
return response.BadRequest(fmt.Errorf("Backup names may not contain slashes"))
}

Expand Down Expand Up @@ -508,7 +509,7 @@ func instanceBackupPost(d *Daemon, r *http.Request) response.Response {
}

// Validate the name
if strings.Contains(req.Name, "/") {
if slices.Contains([]string{"/", "\\", ".."}, req.Name) {
return response.BadRequest(fmt.Errorf("Backup names may not contain slashes"))
}

Expand All @@ -518,7 +519,7 @@ func instanceBackupPost(d *Daemon, r *http.Request) response.Response {
return response.SmartError(err)
}

newName := name + shared.SnapshotDelimiter + req.Name
newName := backup.Instance().Name() + shared.SnapshotDelimiter + req.Name

rename := func(op *operations.Operation) error {
err := backup.Rename(newName)
Expand Down
8 changes: 4 additions & 4 deletions lxd/profiles.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,11 @@ import (
"io"
"net/http"
"net/url"
"strings"
"slices"

"github.com/gorilla/mux"

"github.com/canonical/lxd/client"
lxd "github.com/canonical/lxd/client"
"github.com/canonical/lxd/lxd/auth"
"github.com/canonical/lxd/lxd/cluster"
"github.com/canonical/lxd/lxd/db"
Expand Down Expand Up @@ -342,7 +342,7 @@ func profilesPost(d *Daemon, r *http.Request) response.Response {
return response.BadRequest(fmt.Errorf("No name provided"))
}

if strings.Contains(req.Name, "/") {
if slices.Contains([]string{"/", "\\", ".."}, req.Name) {
return response.BadRequest(fmt.Errorf("Profile names may not contain slashes"))
}

Expand Down Expand Up @@ -780,7 +780,7 @@ func profilePost(d *Daemon, r *http.Request) response.Response {
return response.BadRequest(fmt.Errorf("No name provided"))
}

if strings.Contains(req.Name, "/") {
if slices.Contains([]string{"/", "\\", ".."}, req.Name) {
return response.BadRequest(fmt.Errorf("Profile names may not contain slashes"))
}

Expand Down
5 changes: 5 additions & 0 deletions lxd/storage/backend_lxd.go
Original file line number Diff line number Diff line change
Expand Up @@ -7841,6 +7841,11 @@ func (b *lxdBackend) CreateBucketFromBackup(srcBackup backup.Info, srcData io.Re
return fmt.Errorf("Storage pool does not support buckets")
}

// Validate bucket name.
if slices.Contains([]string{"/", "\\", ".."}, srcBackup.Name) {
return errors.New("Backup names may not contain slashes")
}

revert := revert.New()
defer revert.Fail()

Expand Down
8 changes: 4 additions & 4 deletions lxd/storage_buckets_backup.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import (
"fmt"
"net/http"
"net/url"
"slices"
"strings"
"time"

Expand Down Expand Up @@ -354,7 +355,7 @@ func storagePoolBucketBackupsPost(d *Daemon, r *http.Request) response.Response
}

// Validate the name.
if strings.Contains(req.Name, "/") {
if slices.Contains([]string{"/", "\\", ".."}, req.Name) {
return response.BadRequest(fmt.Errorf("Backup names may not contain slashes"))
}

Expand Down Expand Up @@ -564,8 +565,7 @@ func storagePoolBucketBackupPost(d *Daemon, r *http.Request) response.Response {
}

// Validate the name
newBackupName := req.Name
if strings.Contains(newBackupName, "/") {
if slices.Contains([]string{"/", "\\", ".."}, req.Name) {
return response.BadRequest(fmt.Errorf("Backup names may not contain slashes"))
}

Expand All @@ -576,7 +576,7 @@ func storagePoolBucketBackupPost(d *Daemon, r *http.Request) response.Response {
return response.SmartError(err)
}

newName := backup.BucketName() + shared.SnapshotDelimiter + newBackupName
newName := backup.BucketName() + shared.SnapshotDelimiter + req.Name

rename := func(op *operations.Operation) error {
err := backup.Rename(newName)
Expand Down
6 changes: 3 additions & 3 deletions lxd/storage_pools.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,12 @@ import (
"fmt"
"net/http"
"net/url"
"strings"
"slices"
"sync"

"github.com/gorilla/mux"

"github.com/canonical/lxd/client"
lxd "github.com/canonical/lxd/client"
"github.com/canonical/lxd/lxd/auth"
"github.com/canonical/lxd/lxd/cluster"
clusterRequest "github.com/canonical/lxd/lxd/cluster/request"
Expand Down Expand Up @@ -268,7 +268,7 @@ func storagePoolsPost(d *Daemon, r *http.Request) response.Response {
return response.BadRequest(fmt.Errorf("No name provided"))
}

if strings.Contains(req.Name, "/") {
if slices.Contains([]string{"/", "\\", ".."}, req.Name) {
return response.BadRequest(fmt.Errorf("Storage pool names may not contain slashes"))
}

Expand Down
5 changes: 3 additions & 2 deletions lxd/storage_volumes_backup.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import (
"fmt"
"net/http"
"net/url"
"slices"
"strings"
"time"

Expand Down Expand Up @@ -359,7 +360,7 @@ func storagePoolVolumeTypeCustomBackupsPost(d *Daemon, r *http.Request) response
}

// Validate the name.
if strings.Contains(req.Name, "/") {
if slices.Contains([]string{"/", "\\", ".."}, req.Name) {
return response.BadRequest(fmt.Errorf("Backup names may not contain slashes"))
}

Expand Down Expand Up @@ -567,7 +568,7 @@ func storagePoolVolumeTypeCustomBackupPost(d *Daemon, r *http.Request) response.
}

// Validate the name
if strings.Contains(req.Name, "/") {
if slices.Contains([]string{"/", "\\", ".."}, req.Name) {
return response.BadRequest(fmt.Errorf("Backup names may not contain slashes"))
}

Expand Down

0 comments on commit b580917

Please sign in to comment.