[lxc-devel] [lxd/master] api/project: Fixes issue handling project names with URI encodable characters

tomponline on Github lxc-bot at linuxcontainers.org
Wed Aug 14 13:57:13 UTC 2019 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 621 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20190814/0fb351cf/attachment-0001.bin>
-------------- next part --------------
From ce3c6581b0fd4c8e39e3da34087624c7434a7fff Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Wed, 14 Aug 2019 14:54:37 +0100
Subject: [PATCH] api/project: Fixes issue with handling project names with URI
 encodable characters in

Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
 lxd/api_project.go | 37 +++++++++++++++++++++++++++----------
 1 file changed, 27 insertions(+), 10 deletions(-)

diff --git a/lxd/api_project.go b/lxd/api_project.go
index bcac34b722..083ad3db6d 100644
--- a/lxd/api_project.go
+++ b/lxd/api_project.go
@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"io/ioutil"
 	"net/http"
+	"net/url"
 	"strings"
 
 	"github.com/gorilla/mux"
@@ -15,6 +16,7 @@ import (
 	"github.com/lxc/lxd/lxd/device/config"
 	"github.com/lxc/lxd/lxd/util"
 	"github.com/lxc/lxd/shared"
+
 	"github.com/lxc/lxd/shared/api"
 	"github.com/lxc/lxd/shared/version"
 )
@@ -178,7 +180,10 @@ func projectCreateDefaultProfile(tx *db.ClusterTx, project string) error {
 }
 
 func projectGet(d *Daemon, r *http.Request) Response {
-	name := mux.Vars(r)["name"]
+	name, err := url.QueryUnescape(mux.Vars(r)["name"])
+	if err != nil {
+		return SmartError(err)
+	}
 
 	// Check user permissions
 	if !d.userHasPermission(r, name, "view") {
@@ -187,7 +192,7 @@ func projectGet(d *Daemon, r *http.Request) Response {
 
 	// Get the database entry
 	var project *api.Project
-	err := d.cluster.Transaction(func(tx *db.ClusterTx) error {
+	err = d.cluster.Transaction(func(tx *db.ClusterTx) error {
 		var err error
 		project, err = tx.ProjectGet(name)
 		return err
@@ -206,7 +211,10 @@ func projectGet(d *Daemon, r *http.Request) Response {
 }
 
 func projectPut(d *Daemon, r *http.Request) Response {
-	name := mux.Vars(r)["name"]
+	name, err := url.QueryUnescape(mux.Vars(r)["name"])
+	if err != nil {
+		return SmartError(err)
+	}
 
 	// Check user permissions
 	if !d.userHasPermission(r, name, "manage-projects") {
@@ -215,7 +223,7 @@ func projectPut(d *Daemon, r *http.Request) Response {
 
 	// Get the current data
 	var project *api.Project
-	err := d.cluster.Transaction(func(tx *db.ClusterTx) error {
+	err = d.cluster.Transaction(func(tx *db.ClusterTx) error {
 		var err error
 		project, err = tx.ProjectGet(name)
 		return err
@@ -247,7 +255,10 @@ func projectPut(d *Daemon, r *http.Request) Response {
 }
 
 func projectPatch(d *Daemon, r *http.Request) Response {
-	name := mux.Vars(r)["name"]
+	name, err := url.QueryUnescape(mux.Vars(r)["name"])
+	if err != nil {
+		return SmartError(err)
+	}
 
 	// Check user permissions
 	if !d.userHasPermission(r, name, "manage-projects") {
@@ -256,7 +267,7 @@ func projectPatch(d *Daemon, r *http.Request) Response {
 
 	// Get the current data
 	var project *api.Project
-	err := d.cluster.Transaction(func(tx *db.ClusterTx) error {
+	err = d.cluster.Transaction(func(tx *db.ClusterTx) error {
 		var err error
 		project, err = tx.ProjectGet(name)
 		return err
@@ -367,12 +378,15 @@ func projectChange(d *Daemon, project *api.Project, req api.ProjectPut) Response
 }
 
 func projectPost(d *Daemon, r *http.Request) Response {
-	name := mux.Vars(r)["name"]
+	name, err := url.QueryUnescape(mux.Vars(r)["name"])
+	if err != nil {
+		return SmartError(err)
+	}
 
 	// Parse the request
 	req := api.ProjectPost{}
 
-	err := json.NewDecoder(r.Body).Decode(&req)
+	err = json.NewDecoder(r.Body).Decode(&req)
 	if err != nil {
 		return BadRequest(err)
 	}
@@ -434,7 +448,10 @@ func projectPost(d *Daemon, r *http.Request) Response {
 }
 
 func projectDelete(d *Daemon, r *http.Request) Response {
-	name := mux.Vars(r)["name"]
+	name, err := url.QueryUnescape(mux.Vars(r)["name"])
+	if err != nil {
+		return SmartError(err)
+	}
 
 	// Sanity checks
 	if name == "default" {
@@ -442,7 +459,7 @@ func projectDelete(d *Daemon, r *http.Request) Response {
 	}
 
 	var id int64
-	err := d.cluster.Transaction(func(tx *db.ClusterTx) error {
+	err = d.cluster.Transaction(func(tx *db.ClusterTx) error {
 		project, err := tx.ProjectGet(name)
 		if err != nil {
 			return errors.Wrapf(err, "Fetch project %q", name)

More information about the lxc-devel mailing list