Re: [PR] User data content size validation with actual length only, register managed user data using POST call from UI, and some code improvements [cloudstack]

Mon, 08 Jan 2024 07:45:57 -0800 


JoaoJandre commented on code in PR #8418:
URL: https://github.com/apache/cloudstack/pull/8418#discussion_r1444852101


##########
engine/userdata/src/main/java/org/apache/cloudstack/userdata/UserDataManagerImpl.java:
##########
@@ -90,49 +88,50 @@ public String concatenateUserData(String userdata1, String 
userdata2, String use
 
     @Override
     public String validateUserData(String userData, BaseCmd.HTTPMethod 
httpmethod) {
-        byte[] decodedUserData = null;
-        if (userData != null) {
-
-            if (userData.contains("%")) {
-                try {
-                    userData = URLDecoder.decode(userData, "UTF-8");
-                } catch (UnsupportedEncodingException e) {
-                    throw new InvalidParameterValueException("Url decoding of 
userdata failed.");
-                }
-            }
+        if (StringUtils.isBlank(userData)) {
+            return null;
+        }
 
-            if (!Base64.isBase64(userData)) {
-                throw new InvalidParameterValueException("User data is not 
base64 encoded");
-            }
-            // If GET, use 4K. If POST, support up to 1M.
-            if (httpmethod.equals(BaseCmd.HTTPMethod.GET)) {
-                decodedUserData = validateAndDecodeByHTTPMethod(userData, 
MAX_HTTP_GET_LENGTH, BaseCmd.HTTPMethod.GET);
-            } else if (httpmethod.equals(BaseCmd.HTTPMethod.POST)) {
-                decodedUserData = validateAndDecodeByHTTPMethod(userData, 
MAX_HTTP_POST_LENGTH, BaseCmd.HTTPMethod.POST);
+        if (userData.contains("%")) {
+            try {
+                userData = URLDecoder.decode(userData, "UTF-8");
+            } catch (UnsupportedEncodingException e) {
+                throw new InvalidParameterValueException("Url decoding of 
userdata failed.");
             }
+        }
 
-            if (decodedUserData == null || decodedUserData.length < 1) {
-                throw new InvalidParameterValueException("User data is too 
short");
-            }
-            // Re-encode so that the '=' paddings are added if necessary since 
'isBase64' does not require it, but python does on the VR.
-            return Base64.encodeBase64String(decodedUserData);
+        if (!Base64.isBase64(userData)) {
+            throw new InvalidParameterValueException("User data is not base64 
encoded");

Review Comment:
   ```suggestion
               throw new InvalidParameterValueException("User data is not 
base64 encoded.");
   ```



##########
engine/userdata/src/main/java/org/apache/cloudstack/userdata/UserDataManagerImpl.java:
##########
@@ -90,49 +88,50 @@ public String concatenateUserData(String userdata1, String 
userdata2, String use
 
     @Override
     public String validateUserData(String userData, BaseCmd.HTTPMethod 
httpmethod) {
-        byte[] decodedUserData = null;
-        if (userData != null) {
-
-            if (userData.contains("%")) {
-                try {
-                    userData = URLDecoder.decode(userData, "UTF-8");
-                } catch (UnsupportedEncodingException e) {
-                    throw new InvalidParameterValueException("Url decoding of 
userdata failed.");
-                }
-            }
+        if (StringUtils.isBlank(userData)) {

Review Comment:
   Could you add a log line at the start of the method that logs the userdata 
that is being validated? something like:
   ```suggestion
           logger.debug(String.format("Validating userdata [%s].", userData));
           
           if (StringUtils.isBlank(userData)) {
   ```



##########
engine/userdata/src/main/java/org/apache/cloudstack/userdata/UserDataManagerImpl.java:
##########
@@ -90,49 +88,50 @@ public String concatenateUserData(String userdata1, String 
userdata2, String use
 
     @Override
     public String validateUserData(String userData, BaseCmd.HTTPMethod 
httpmethod) {
-        byte[] decodedUserData = null;
-        if (userData != null) {
-
-            if (userData.contains("%")) {
-                try {
-                    userData = URLDecoder.decode(userData, "UTF-8");
-                } catch (UnsupportedEncodingException e) {
-                    throw new InvalidParameterValueException("Url decoding of 
userdata failed.");
-                }
-            }
+        if (StringUtils.isBlank(userData)) {
+            return null;
+        }
 
-            if (!Base64.isBase64(userData)) {
-                throw new InvalidParameterValueException("User data is not 
base64 encoded");
-            }
-            // If GET, use 4K. If POST, support up to 1M.
-            if (httpmethod.equals(BaseCmd.HTTPMethod.GET)) {
-                decodedUserData = validateAndDecodeByHTTPMethod(userData, 
MAX_HTTP_GET_LENGTH, BaseCmd.HTTPMethod.GET);
-            } else if (httpmethod.equals(BaseCmd.HTTPMethod.POST)) {
-                decodedUserData = validateAndDecodeByHTTPMethod(userData, 
MAX_HTTP_POST_LENGTH, BaseCmd.HTTPMethod.POST);
+        if (userData.contains("%")) {
+            try {
+                userData = URLDecoder.decode(userData, "UTF-8");
+            } catch (UnsupportedEncodingException e) {
+                throw new InvalidParameterValueException("Url decoding of 
userdata failed.");
             }
+        }
 
-            if (decodedUserData == null || decodedUserData.length < 1) {
-                throw new InvalidParameterValueException("User data is too 
short");
-            }
-            // Re-encode so that the '=' paddings are added if necessary since 
'isBase64' does not require it, but python does on the VR.
-            return Base64.encodeBase64String(decodedUserData);
+        if (!Base64.isBase64(userData)) {
+            throw new InvalidParameterValueException("User data is not base64 
encoded");
         }
-        return null;
-    }
 
-    private byte[] validateAndDecodeByHTTPMethod(String userData, int 
maxHTTPLength, BaseCmd.HTTPMethod httpMethod) {
         byte[] decodedUserData = null;
 
-        if (userData.length() >= maxHTTPLength) {
-            throw new InvalidParameterValueException(String.format("User data 
is too long for an http %s request", httpMethod.toString()));
+        // If GET, use 4K. If POST, support up to 1M.
+        if (httpmethod.equals(BaseCmd.HTTPMethod.GET)) {
+            decodedUserData = validateAndDecodeByHTTPMethod(userData, 
MAX_HTTP_GET_LENGTH, BaseCmd.HTTPMethod.GET);
+        } else if (httpmethod.equals(BaseCmd.HTTPMethod.POST)) {
+            decodedUserData = validateAndDecodeByHTTPMethod(userData, 
MAX_HTTP_POST_LENGTH, BaseCmd.HTTPMethod.POST);
         }
-        if (userData.length() > 
ConfigurationManager.VM_USERDATA_MAX_LENGTH.value()) {
-            throw new InvalidParameterValueException("User data has exceeded 
configurable max length : " + 
ConfigurationManager.VM_USERDATA_MAX_LENGTH.value());
+
+        // Re-encode so that the '=' paddings are added if necessary since 
'isBase64' does not require it, but python does on the VR.
+        return Base64.encodeBase64String(decodedUserData);
+    }
+
+    private byte[] validateAndDecodeByHTTPMethod(String userData, int 
maxHTTPLength, BaseCmd.HTTPMethod httpMethod) {
+        byte[] decodedUserData = Base64.decodeBase64(userData.getBytes());
+        if (decodedUserData == null || decodedUserData.length < 1) {
+            throw new InvalidParameterValueException("User data is too short");

Review Comment:
   ```suggestion
               throw new InvalidParameterValueException("User data is too 
short.");
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to