Ensures that keypair names are only AlphaNumeric.

Throws a 400 error if keypair contains any unsafe characters. Safe characters are '_-', digits, and ascii_leters. Added test_keypair_create_with_non_alphanumeric_name. Fixes bug 937408. Change-Id: If9b1393ee8f36113d2fa8a3b97ca526cc2e6ccf1
openstack · Feb 29, 2012 · c8b0a9a · c8b0a9a
1 parent f38281d
commit c8b0a9a
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 0 deletions.
diff --git a/nova/api/openstack/compute/contrib/keypairs.py b/nova/api/openstack/compute/contrib/keypairs.py
@@ -17,6 +17,8 @@
 
 """ Keypair management extension"""
 
+import string
+
 import webob
 import webob.exc
 
@@ -61,6 +63,13 @@ def _gen_key(self):
                 'public_key': public_key,
                 'fingerprint': fingerprint}
 
+    def _validate_keypair_name(self, value):
+        safechars = "_-" + string.digits + string.ascii_letters
+        clean_value = "".join(x for x in value if x in safechars)
+        if clean_value != value:
+            msg = _("Keypair name contains unsafe characters")
+            raise webob.exc.HTTPBadRequest(explanation=msg)
+
     @wsgi.serializers(xml=KeypairTemplate)
     def create(self, req, body):
         """
@@ -80,6 +89,7 @@ def create(self, req, body):
         authorize(context)
         params = body['keypair']
         name = params['name']
+        self._validate_keypair_name(name)
 
         if not 0 < len(name) < 256:
             msg = _('Keypair name must be between 1 and 255 characters long')

diff --git a/nova/tests/api/openstack/compute/contrib/test_keypairs.py b/nova/tests/api/openstack/compute/contrib/test_keypairs.py
@@ -107,6 +107,20 @@ def test_keypair_create_with_invalid_name(self):
         res = req.get_response(fakes.wsgi_app())
         self.assertEqual(res.status_int, 400)
 
+    def test_keypair_create_with_non_alphanumeric_name(self):
+        body = {
+            'keypair': {
+                'name': 'test/keypair'
+            }
+        }
+        req = webob.Request.blank('/v2/fake/os-keypairs')
+        req.method = 'POST'
+        req.body = json.dumps(body)
+        req.headers['Content-Type'] = 'application/json'
+        res = req.get_response(fakes.wsgi_app())
+        res_dict = json.loads(res.body)
+        self.assertEqual(res.status_int, 400)
+
     def test_keypair_import(self):
         body = {
             'keypair': {