Escape control characters #32

Erethon · 2014-07-01T11:13:21Z

As discussed by @vkoukis some time ago, Kamaki should escape all control characters from data received by the user/server.

Here is a proof of concept demonstrating the problem:

root@snf-196067:~# kamaki server list
12 Test
root@snf-196067:~# kamaki server create --name $(echo -e "\b\b\b\b\b\b\b\\b\b\bDELETED") --flavor-id 1 --image-id c7b2acd4-bf23-4759-a40f-c814e8308fc4
root@snf-196067:~# kamaki server list
12 Test                                                                                            DELETED

I've tested this with servers/volumes/files and it works in all three of them, so I believe it's a global problem across Kamaki.

The text was updated successfully, but these errors were encountered:

saxtouri · 2014-07-04T08:49:56Z

Just to be precise, kamaki needs to escape anything that can be semantically identified as metadata. If something is semantically considered raw content, it should not be modified by recipients.

vkoukis · 2014-09-15T14:12:57Z

This should be reverted.
It doesn't make sense to mangle the JSON string itself with "unicode_escape".

If you need to display or log strings which may contain control characters, this must happen at the point where the strings are to be shown to the user, or logged. It doesn't make sense to modify the response so early in the ResponseManager.

Please see:
https://stackoverflow.com/questions/9778550/which-is-the-correct-way-to-encode-escape-characters-in-python-2-without-killing

Finally, please review all instances of using "unicode_escape" that have been added after this commit.
They are probably broken and need to be replaced.

This reverts commit 556d5f1. For more information, please see the discussion on Issue #32.

Refs grnet#32 Implement method escape_ctrl_chars Escape control characters in HTTP data logs Remove misleading separators from HTTP logs

Closes grnet#32 String decoding was used to deal with unicode strings, which were encoded as "unicode_escape" in earlier steps. The later was wrong and it was fixed with 18d5b05 The present commit completes the fix by undoing the decoding.

Refs grnet#32 String decoding was used to deal with unicode strings, which were encoded as "unicode_escape" in earlier steps. The later was wrong and it was fixed with 18d5b05 The present commit completes the fix by undoing the decoding.

Closes grnet#32 Kamaki CLI commands use some generic output methods to handle outputs. Generic output methods that escape control characters: - in kamaki.cli.utils: print_items, print_dict, print_list - in kamaki.cli.cmds: error Generic output methods that don't escape control characters: - in kamaki.cli.cmds: writeln, write The methods that don't escape control characters are used when the standard methods are not sufficient. For example, in "kamaki.cli.pithos" the "PithosAccount.print_objects" method adds decorative escape characters (i.e., bold, alignment), but has to escape the parts object and container names. To achieve this, escaping is handled in the method, and the output is printed with the "write" and "writeln" methods mentioned earlier. Also, fix flake8 errors on files affected by the above changes