Re: [PR] Sanitize the rbd file cmd parameter during the convert through Script [cloudstack]

Sat, 18 Oct 2025 02:29:01 -0700 


Copilot commented on code in PR #11801:
URL: https://github.com/apache/cloudstack/pull/11801#discussion_r2410202445


##########
utils/src/main/java/com/cloud/utils/script/Script.java:
##########
@@ -181,6 +176,49 @@ protected String buildCommandLine(String[] command) {
         return builder.toString();
     }
 
+    private boolean sanitizeViCmdParameter(String cmd, StringBuilder builder) {
+        if (StringUtils.isEmpty(cmd) || !cmd.startsWith("vi://")) {
+            return false;
+        }
+
+        if (builder == null) {
+            builder = new StringBuilder();
+        }
+
+        String[] tokens = cmd.split("@");
+        if (tokens.length >= 2) {
+            
builder.append("vi://").append("******@").append(tokens[1]).append(" ");
+        } else {
+            builder.append("vi://").append("******").append(" ");
+        }
+        return true;
+    }
+
+    private boolean sanitizeRbdFileFormatCmdParameter(String cmd, 
StringBuilder builder) {
+        if (StringUtils.isEmpty(cmd) || !cmd.startsWith("rbd:") || 
!cmd.contains("key=")) {
+            return false;
+        }
+
+        String[] tokens = cmd.split("key=");
+        if (tokens.length != 2) {
+            return false;
+        }
+
+        if (builder == null) {
+            builder = new StringBuilder();
+        }

Review Comment:
   The null check and reassignment of the builder parameter is ineffective 
because Java passes references by value. This creates a new StringBuilder 
locally but doesn't modify the original builder reference in the calling 
method, potentially causing a NullPointerException when the method returns.



##########
utils/src/main/java/com/cloud/utils/script/Script.java:
##########
@@ -181,6 +176,49 @@ protected String buildCommandLine(String[] command) {
         return builder.toString();
     }
 
+    private boolean sanitizeViCmdParameter(String cmd, StringBuilder builder) {
+        if (StringUtils.isEmpty(cmd) || !cmd.startsWith("vi://")) {
+            return false;
+        }
+
+        if (builder == null) {
+            builder = new StringBuilder();
+        }

Review Comment:
   The null check and reassignment of the builder parameter is ineffective 
because Java passes references by value. This creates a new StringBuilder 
locally but doesn't modify the original builder reference in the calling 
method, potentially causing a NullPointerException when the method returns.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to