apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-11-02 20:02:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

server: use resource UUID instead of resource ID in API response (#2527) (#3099)

Browse Source 
List resourcedetails was adding DB ID instead of UUID. This is a security risk and needs fix.

Fixes: #2527
This commit is contained in:
Anurag Awasthi 2019-01-15 14:05:16 +05:30 committed by Rohit Yadav
parent 1725130975
commit 1a6eb4b856
1 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
server/src/main/java/com/cloud/api/query/QueryManagerImpl.java
View File

@ -153,7 +153,6 @@ import com.cloud.api.query.vo.UserAccountJoinVO;
import com.cloud.api.query.vo.UserVmJoinVO;
import com.cloud.api.query.vo.VolumeJoinVO;
import com.cloud.dc.DedicatedResourceVO;
import com.cloud.dc.dao.DataCenterDetailsDao;
import com.cloud.dc.dao.DedicatedResourceDao;
import com.cloud.domain.Domain;
import com.cloud.domain.DomainVO;
@ -205,6 +204,7 @@ import com.cloud.utils.DateUtil;
import com.cloud.utils.Pair;
import com.cloud.utils.StringUtils;
import com.cloud.utils.Ternary;
import com.cloud.utils.db.EntityManager;
import com.cloud.utils.db.Filter;
import com.cloud.utils.db.JoinBuilder;
import com.cloud.utils.db.SearchBuilder;
@ -330,7 +330,7 @@ public class QueryManagerImpl extends MutualExclusiveIdsManagerBase implements Q
private DomainRouterDao _routerDao;
@Inject
UserVmDetailsDao _userVmDetailDao;
private UserVmDetailsDao _userVmDetailDao;
@Inject
private HighAvailabilityManager _haMgr;
@ -342,7 +342,7 @@ public class QueryManagerImpl extends MutualExclusiveIdsManagerBase implements Q
private TemplateJoinDao _templateJoinDao;
@Inject
ResourceManager _resourceMgr;
private ResourceManager _resourceMgr;
@Inject
private ResourceMetaDataService _resourceMetaDataMgr;
@ -350,7 +350,7 @@ public class QueryManagerImpl extends MutualExclusiveIdsManagerBase implements Q
private TaggedResourceService _taggedResourceMgr;
@Inject
AffinityGroupVMMapDao _affinityGroupVMMapDao;
private AffinityGroupVMMapDao _affinityGroupVMMapDao;
@Inject
private AffinityGroupJoinDao _affinityGroupJoinDao;
@ -359,22 +359,22 @@ public class QueryManagerImpl extends MutualExclusiveIdsManagerBase implements Q
private DedicatedResourceDao _dedicatedDao;
@Inject
DataCenterDetailsDao _dcDetailsDao;
private DomainManager _domainMgr;
@Inject
DomainManager _domainMgr;
private AffinityGroupDomainMapDao _affinityGroupDomainMapDao;
@Inject
AffinityGroupDomainMapDao _affinityGroupDomainMapDao;
private NetworkDetailsDao _networkDetailsDao;
@Inject
NetworkDetailsDao _networkDetailsDao;
private ResourceTagDao _resourceTagDao;
@Inject
ResourceTagDao _resourceTagDao;
private DataStoreManager dataStoreManager;
@Inject
DataStoreManager dataStoreManager;
private EntityManager _entityMgr;
/*
* (non-Javadoc)
@ -3674,7 +3674,7 @@ public class QueryManagerImpl extends MutualExclusiveIdsManagerBase implements Q
protected ResourceDetailResponse createResourceDetailsResponse(ResourceDetail requestedDetail, ResourceTag.ResourceObjectType resourceType) {
ResourceDetailResponse resourceDetailResponse = new ResourceDetailResponse();
resourceDetailResponse.setResourceId(String.valueOf(requestedDetail.getResourceId()));
resourceDetailResponse.setResourceId(_taggedResourceMgr.getUuid(String.valueOf(requestedDetail.getResourceId()), resourceType));
resourceDetailResponse.setName(requestedDetail.getName());
resourceDetailResponse.setValue(requestedDetail.getValue());
resourceDetailResponse.setForDisplay(requestedDetail.isDisplay());