From 5c6e4aa80672966ad4449007feea970cd62dee10 Mon Sep 17 00:00:00 2001
From: "Dave Walker (Daviey)" <DaveWalker@ubuntu.com>
Date: Sun, 17 Jul 2011 23:52:50 +0100
Subject: Some basic validation for creating ec2 security groups. (LP: #715443)

---
 nova/api/ec2/__init__.py |  4 ++++
 nova/api/ec2/cloud.py    | 17 +++++++++++++++++
 nova/exception.py        |  4 ++++
 3 files changed, 25 insertions(+)

diff --git a/nova/api/ec2/__init__.py b/nova/api/ec2/__init__.py
index 890d57fe7..027e35933 100644
--- a/nova/api/ec2/__init__.py
+++ b/nova/api/ec2/__init__.py
@@ -349,6 +349,10 @@ class Executor(wsgi.Application):
             LOG.debug(_('KeyPairExists raised: %s'), unicode(ex),
                      context=context)
             return self._error(req, context, type(ex).__name__, unicode(ex))
+        except exception.InvalidParameterValue as ex:
+            LOG.debug(_('InvalidParameterValue raised: %s'), unicode(ex),
+                     context=context)
+            return self._error(req, context, type(ex).__name__, unicode(ex))
         except Exception as ex:
             extra = {'environment': req.environ}
             LOG.exception(_('Unexpected error raised: %s'), unicode(ex),
diff --git a/nova/api/ec2/cloud.py b/nova/api/ec2/cloud.py
index acfd1361c..3ef64afa7 100644
--- a/nova/api/ec2/cloud.py
+++ b/nova/api/ec2/cloud.py
@@ -28,6 +28,7 @@ import os
 import urllib
 import tempfile
 import shutil
+import re
 
 from nova import compute
 from nova import context
@@ -602,6 +603,22 @@ class CloudController(object):
         return source_project_id
 
     def create_security_group(self, context, group_name, group_description):
+        if not re.match('^[a-zA-Z0-9_\- ]+$',group_name):
+            # Some validation to ensure that values match API spec.
+            # - Alphanumeric characters, spaces, dashes, and underscores.
+            # TODO(Daviey): extend beyond group_name checking, and probably 
+            # create a param validator function that can be used elsewhere. 
+            err = _("Value (%s) for parameter GroupName is invalid."
+                    " Content limited to Alphanumeric characters, "
+                    "spaces, dashes, and underscores.") % group_name
+            # err not that of master ec2 implementation, as they fail to raise.
+            raise exception.InvalidParameterValue(err=err)
+
+        if len(str(group_name)) > 255:
+            err = _("Value (%s) for parameter GroupName is invalid."
+                    " Length exceeds maximum of 255.") % group_name
+            raise exception.InvalidParameterValue(err=err)
+
         LOG.audit(_("Create Security Group %s"), group_name, context=context)
         self.compute_api.ensure_default_security_group(context)
         if db.security_group_exists(context, context.project_id, group_name):
diff --git a/nova/exception.py b/nova/exception.py
index ad6c005f8..8771328d8 100644
--- a/nova/exception.py
+++ b/nova/exception.py
@@ -196,6 +196,10 @@ class InvalidIpProtocol(Invalid):
 class InvalidContentType(Invalid):
     message = _("Invalid content type %(content_type)s.")
 
+class InvalidParameterValue(Invalid):
+    # Cannot be templated as the error syntax varies.
+    # msg needs to be constructed when raised.
+    message = _("%(err)s")
 
 class InstanceNotRunning(Invalid):
     message = _("Instance %(instance_id)s is not running.")
-- 
cgit