CLOUDSTACK-4586 Added CIDR validation for SG Egress rules (cherry picked from commit b99962d27f3ba24f31d5b99bae64c20ea48f13ae)
Signed-off-by: animesh <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/fbba6d0e Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/fbba6d0e Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/fbba6d0e Branch: refs/heads/4.2 Commit: fbba6d0e3e52fc9210fdc9f77d4711dc4a38085e Parents: e9cb0d6 Author: Jayapal <[email protected]> Authored: Tue Sep 3 14:17:16 2013 +0530 Committer: animesh <[email protected]> Committed: Tue Sep 3 16:32:45 2013 -0700 ---------------------------------------------------------------------- .../user/securitygroup/AuthorizeSecurityGroupIngressCmd.java | 7 ------- .../com/cloud/network/security/SecurityGroupManagerImpl.java | 8 ++++++++ 2 files changed, 8 insertions(+), 7 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/fbba6d0e/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupIngressCmd.java ---------------------------------------------------------------------- diff --git a/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupIngressCmd.java b/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupIngressCmd.java index f8cd8c5..13d2133 100644 --- a/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupIngressCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupIngressCmd.java @@ -207,13 +207,6 @@ public class AuthorizeSecurityGroupIngressCmd extends BaseAsyncCmd { @Override public void execute() { - if(cidrList != null){ - for(String cidr : cidrList ){ - if (!NetUtils.isValidCIDR(cidr)){ - throw new ServerApiException(ApiErrorCode.PARAM_ERROR, cidr + " is an Invalid CIDR "); - } - } - } List<? extends SecurityRule> ingressRules = _securityGroupService.authorizeSecurityGroupIngress(this); if (ingressRules != null && !ingressRules.isEmpty()) { SecurityGroupResponse response = _responseGenerator.createSecurityGroupResponseFromSecurityGroupRule(ingressRules); http://git-wip-us.apache.org/repos/asf/cloudstack/blob/fbba6d0e/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java index 1c189c4..fc95f21 100755 --- a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java +++ b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java @@ -600,6 +600,14 @@ public class SecurityGroupManagerImpl extends ManagerBase implements SecurityGro protocol = NetUtils.ALL_PROTO; } + if(cidrList != null){ + for(String cidr : cidrList ){ + if (!NetUtils.isValidCIDR(cidr)){ + throw new InvalidParameterValueException("Invalid cidr " + cidr); + } + } + } + if (!NetUtils.isValidSecurityGroupProto(protocol)) { throw new InvalidParameterValueException("Invalid protocol " + protocol); }
