Adding table name request param validation
Project: http://git-wip-us.apache.org/repos/asf/stratos/repo Commit: http://git-wip-us.apache.org/repos/asf/stratos/commit/cdc4d885 Tree: http://git-wip-us.apache.org/repos/asf/stratos/tree/cdc4d885 Diff: http://git-wip-us.apache.org/repos/asf/stratos/diff/cdc4d885 Branch: refs/heads/stratos-4.1.x Commit: cdc4d8856d49fdad2f2a09552cc6c04a6b7923dc Parents: a5b0061 Author: Thanuja <[email protected]> Authored: Fri Oct 9 11:22:52 2015 +0530 Committer: Akila Perera <[email protected]> Committed: Sat Oct 10 00:51:09 2015 +0530 ---------------------------------------------------------------------- .../das/metering-service/capps/jaggery-files/member-count.jag | 4 ++-- .../das/metering-service/capps/jaggery-files/member-info.jag | 2 +- .../das/metering-service/capps/jaggery-files/member-status.jag | 2 +- extensions/das/metering-service/capps/jaggery-files/schema.jag | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/stratos/blob/cdc4d885/extensions/das/metering-service/capps/jaggery-files/member-count.jag ---------------------------------------------------------------------- diff --git a/extensions/das/metering-service/capps/jaggery-files/member-count.jag b/extensions/das/metering-service/capps/jaggery-files/member-count.jag index 031b3bf..53d4767 100644 --- a/extensions/das/metering-service/capps/jaggery-files/member-count.jag +++ b/extensions/das/metering-service/capps/jaggery-files/member-count.jag @@ -27,7 +27,7 @@ var carbon = require('carbon'); var configs = require('/configs/designer.json'); - var tableName = request.getParameter(TABLE_NAME); + var tableName = encodeURIComponent(request.getParameter(TABLE_NAME)); if (tableName == null) { log.error("Table name param is not provided!"); response.status = HTTP_INTERNAL_ERROR; @@ -83,7 +83,7 @@ if (clusterId == ALL_CLUSTERS) { result = db.query("SELECT FROM_UNIXTIME(CEILING( Time/('" + x_axis_interval + "'*1000)) *'" + x_axis_interval + "', '%Y:%m:%d %h:%i') AS Time, SUM(CreatedInstanceCount) AS CreatedInstanceCount , SUM(InitializedInstanceCount) AS InitializedInstanceCount , SUM(ActiveInstanceCount) AS ActiveInstanceCount, SUM(TerminatedInstanceCount) AS TerminatedInstanceCount FROM " + tableName + " WHERE ApplicationId=? AND Time > ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000-'" + interval + "' ) AND Time <= ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000) GROUP BY FROM_UNIXTIME( CEILING( Time/('" + x_axis_interval + "'*1000)) *'"+x_axis_interval+"', '%Y:%m:%d %h:%i'), ApplicationId", applicationId); } else { - result = db.query("SELECT FROM_UNIXTIME(CEILING( Time/('" + x_axis_interval + "'*1000)) *'" + x_axis_interval + "', '%Y:%m:%d %h:%i') AS Time, SUM(CreatedInstanceCount) AS CreatedInstanceCount , SUM(InitializedInstanceCount) AS InitializedInstanceCount , SUM(ActiveInstanceCount) AS ActiveInstanceCount, SUM(TerminatedInstanceCount) AS TerminatedInstanceCount FROM " + tableName + " WHERE ApplicationId=? AND ClusterAlias=? AND Time > ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000-'" + interval + "' ) AND Time <= ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000) GROUP BY FROM_UNIXTIME( CEILING( Time/('" + x_axis_interval + "'*1000)) *'"+x_axis_interval+"', '%Y:%m:%d %h:%i')",applicationId, clusterId); + result = db.query("SELECT FROM_UNIXTIME(CEILING( Time/('" + x_axis_interval + "'*1000)) *'" + x_axis_interval + "', '" + time_format + "') AS Time, SUM(CreatedInstanceCount) AS CreatedInstanceCount , SUM(InitializedInstanceCount) AS InitializedInstanceCount , SUM(ActiveInstanceCount) AS ActiveInstanceCount, SUM(TerminatedInstanceCount) AS TerminatedInstanceCount FROM " + tableName + " WHERE ApplicationId=? AND ClusterAlias=? AND Time > ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000-'" + interval + "' ) AND Time <= ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000) GROUP BY FROM_UNIXTIME( CEILING( Time/('" + x_axis_interval + "'*1000)) *'"+x_axis_interval+"', '%Y:%m:%d %h:%i')",applicationId, clusterId); } print(result); http://git-wip-us.apache.org/repos/asf/stratos/blob/cdc4d885/extensions/das/metering-service/capps/jaggery-files/member-info.jag ---------------------------------------------------------------------- diff --git a/extensions/das/metering-service/capps/jaggery-files/member-info.jag b/extensions/das/metering-service/capps/jaggery-files/member-info.jag index 32b9823..ed7f8e6 100644 --- a/extensions/das/metering-service/capps/jaggery-files/member-info.jag +++ b/extensions/das/metering-service/capps/jaggery-files/member-info.jag @@ -27,7 +27,7 @@ var carbon = require('carbon'); var configs = require('/configs/designer.json'); - var tableName = request.getParameter(TABLE_NAME); + var tableName = encodeURIComponent(request.getParameter(TABLE_NAME)); if (tableName == null) { log.error("Table name param is not provided!"); response.status = HTTP_INTERNAL_ERROR; http://git-wip-us.apache.org/repos/asf/stratos/blob/cdc4d885/extensions/das/metering-service/capps/jaggery-files/member-status.jag ---------------------------------------------------------------------- diff --git a/extensions/das/metering-service/capps/jaggery-files/member-status.jag b/extensions/das/metering-service/capps/jaggery-files/member-status.jag index f3db328..be40e78 100644 --- a/extensions/das/metering-service/capps/jaggery-files/member-status.jag +++ b/extensions/das/metering-service/capps/jaggery-files/member-status.jag @@ -35,7 +35,7 @@ var carbon = require('carbon'); var configs = require('/configs/designer.json'); - var tableName = request.getParameter(TABLE_NAME); + var tableName = encodeURIComponent(request.getParameter(TABLE_NAME)); if (tableName == null) { log.error("Table name param is not provided!"); response.status = HTTP_INTERNAL_ERROR; http://git-wip-us.apache.org/repos/asf/stratos/blob/cdc4d885/extensions/das/metering-service/capps/jaggery-files/schema.jag ---------------------------------------------------------------------- diff --git a/extensions/das/metering-service/capps/jaggery-files/schema.jag b/extensions/das/metering-service/capps/jaggery-files/schema.jag index ef5050f..2d076d5 100644 --- a/extensions/das/metering-service/capps/jaggery-files/schema.jag +++ b/extensions/das/metering-service/capps/jaggery-files/schema.jag @@ -28,7 +28,7 @@ var carbon = require('carbon'); var configs = require('/configs/designer.json'); - var tableName = request.getParameter(TABLE_NAME); + var tableName = encodeURIComponent(request.getParameter(TABLE_NAME)); if (tableName == null) { log.error("Table name param is not provided!"); response.status = HTTP_INTERNAL_ERROR;
