From e6b42d7bdf92c8dade030798436cb3e5ec652ee9 Mon Sep 17 00:00:00 2001
From: Josh Kearney <josh@jk0.org>
Date: Mon, 21 May 2012 12:55:49 -0500
Subject: Only permit alpha-numerics and ._- for instance type names.

Fixes bug 977187.

Change-Id: I883204a508f39441c172f3c42c8be3d6598c35d8
---
 nova/compute/instance_types.py    | 10 ++++++++++
 nova/tests/test_instance_types.py |  7 +++++++
 2 files changed, 17 insertions(+)

(limited to 'nova')

diff --git a/nova/compute/instance_types.py b/nova/compute/instance_types.py
index 2bc470a41..c4a6f66f9 100644
--- a/nova/compute/instance_types.py
+++ b/nova/compute/instance_types.py
@@ -20,6 +20,8 @@
 
 """Built-in instance properties."""
 
+import re
+
 from nova import context
 from nova import db
 from nova import exception
@@ -29,6 +31,8 @@ from nova import log as logging
 FLAGS = flags.FLAGS
 LOG = logging.getLogger(__name__)
 
+INVALID_NAME_REGEX = re.compile("[^\w\.\- ]")
+
 
 def create(name, memory, vcpus, root_gb, ephemeral_gb, flavorid, swap=None,
            rxtx_factor=None):
@@ -48,6 +52,12 @@ def create(name, memory, vcpus, root_gb, ephemeral_gb, flavorid, swap=None,
         'rxtx_factor': rxtx_factor,
     }
 
+    # ensure name does not contain any special characters
+    invalid_name = INVALID_NAME_REGEX.search(name)
+    if invalid_name:
+        msg = _("names can only contain [a-zA-Z0-9_.- ]")
+        raise exception.InvalidInput(reason=msg)
+
     # ensure some attributes are integers and greater than or equal to 0
     for option in kwargs:
         try:
diff --git a/nova/tests/test_instance_types.py b/nova/tests/test_instance_types.py
index 8b8ab1592..b790d6b1e 100644
--- a/nova/tests/test_instance_types.py
+++ b/nova/tests/test_instance_types.py
@@ -88,6 +88,13 @@ class InstanceTypeTestCase(test.TestCase):
         new_list = instance_types.get_all_types()
         self.assertEqual(original_list, new_list)
 
+    def test_instance_type_create_with_special_characters(self):
+        """Ensure instance types raises InvalidInput for invalid characters"""
+        name = "foo.bar!@#$%^-test_name"
+        flavorid = "flavor1"
+        self.assertRaises(exception.InvalidInput, instance_types.create,
+                name, 256, 1, 120, 100, flavorid)
+
     def test_get_all_instance_types(self):
         """Ensures that all instance types can be retrieved"""
         session = sql_session.get_session()
-- 
cgit