----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/8876/ -----------------------------------------------------------
(Updated Feb. 11, 2013, 12:34 p.m.) Review request for cloudstack, John Kinsella, Alena Prokharchyk, and Rohit Yadav. Changes ------- Thanks for reviewing John and sorry for the delayed response. In the updated diff, for each of the parameter value the control characters are stripped out using ESAPI library. The new string that has been stripped out of control characters is compared with the original value. And if the two strings don't match an InvalidParameterValue error is thrown. Since CloudStack allows for non-english characters, it didn't seem feasible to use getValidSafeHTML() method, isValidPrintable() or even a whitelisting pattern. Please review and let me know if you have any suggestions. Description ------- Non-printable characters results in empty pages for all users loading the corrupted object in the web interface. It also results in the API call results getting truncated with an error when it encounters the non-printable characters. To find if a parameter value contains a control character, every decoded parameter value was matched with the regex [\000-\037\177] as the ASCII non-printable characters are numbers 0 to 31 and 127 decimal. This addresses bug CLOUDSTACK-863. Diffs (updated) ----- server/src/com/cloud/api/ApiServer.java d99d188 utils/pom.xml 937fad3 utils/src/com/cloud/utils/StringUtils.java 8f0a503 Diff: https://reviews.apache.org/r/8876/diff/ Testing ------- Manual Testing done, For sample API's (updateVirtualMachine, createVolume, authorizeSecurityGroupIngress etc), provide input values containing character(s) that are • ASCII printable - pass • ASCII non-printable - fail with error code 431 and error 'Received value <parameter-value> for parameter <parameter-name> is invalid, contains illegal ASCII non-printable characters' • non-english - pass Thanks, Likitha Shetty
