----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/8876/#review15173 -----------------------------------------------------------
Good start indeed, and John would know better about security :) We should be supporting unicode params as well (which may not be possible for 4.1), so one plan is to work on unicode as well not just ascii, don't know how we should handle unallowed chars. - Rohit Yadav On Jan. 8, 2013, 5:27 a.m., Likitha Shetty wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/8876/ > ----------------------------------------------------------- > > (Updated Jan. 8, 2013, 5:27 a.m.) > > > Review request for cloudstack, Alena Prokharchyk and Rohit Yadav. > > > Description > ------- > > Non-printable characters results in empty pages for all users loading the > corrupted object in the web interface. It also results in the API call > results getting truncated with an error when it encounters the non-printable > characters. > To find if a parameter value contains a control character, every decoded > parameter value was matched with the regex [\000-\037\177] as the ASCII > non-printable characters are numbers 0 to 31 and 127 decimal. > > > This addresses bug CLOUDSTACK-863. > > > Diffs > ----- > > server/src/com/cloud/api/ApiServer.java f42025c > > Diff: https://reviews.apache.org/r/8876/diff/ > > > Testing > ------- > > Manual Testing done, > For sample API's (updateVirtualMachine, createVolume, > authorizeSecurityGroupIngress etc), provide input values containing > character(s) that are > • ASCII printable - pass > • ASCII non-printable - fail with error code 431 and error 'Received value > <parameter-value> for parameter <parameter-name> is invalid, contains illegal > ASCII non-printable characters' > • non-english - pass > > > Thanks, > > Likitha Shetty > >
