Non-printable characters results in empty pages for all users loading the
corrupted object in the web interface. It also results in the API call results
getting truncated with an error when it encounters the non-printable characters.
Every decoded parameter value is checked for control character using OWASP's
ESAPI library.
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
Changes:
- Use of class variable of type GenericSearchBuilder causes issues when multiple threads invoke this method to findCapacity
- Changing the scope of the variable to be local to these methods.
The issue occur in two conditions
(1) If I use two sessions or browsers to EnableStaticNat on CloudStack
UI. one is successful, the other is failed. However, there is no ip in
database.
(2) If I use API call EnableStaticNat several times The first time
succeed, the second failed, the third succeed. the result is
success-fail-success-fail-success-fail, which it is not correct.
Reported-by: Wei Zhou <w.zhou@leaseweb.com>
Reviewed-by: https://reviews.apache.org/r/9254/
Signed-off-by: Prasanna Santhanam <tsp@apache.org>
Addition of two new resource types i.e. CPU and Memory in the existing pool of
resource types.
Added some methods to set the limits on these resources using updateResourceLimit
API command and to get a count using updateResourceCount. Also added calls in the
Virtual machine life cycle to check these limits and to increment/decrement the new
resource types
Resource Name :: Resource type number
CPU 8
Memory 9
Also added Unit Tests for the same.
Firewall manager was being used instead of LoadBalancingRules manager
while applying the load balancer rules in shut down network. Changing it
to LoadBalancingRules manager.
- Mgmt server impl is a pluggable service, fix it's method
- Fix getCommands() to return all cmd api classes supported by this mgmt server
- For api-discovery, get commands from pluggable services only, don't use reflections
- Don't use reflections in ApiServer, iterate pluggableservices
- Fix api discovery unit test
- The fix was done automatically using following python program along with
following step:
1. Get all apis provided by default mgmt server, all of them are in cloud-api now
cd api/src/org/apache/cloudstack/api/command
find . >> apis
2. For all apis, generate java code that adds the class to the cmdList arraylist:
f = open('apis', 'r')
data = f.read()
f.close()
output = ""
for a in data.split('\n'):
output += "cmdList.add(%s);" % a.split('/')[-1].replace('.java', '.class')
# wrote output to a file, copied content to mgmt server impl's getCommands()
# similarly, fixed import statements using same code, splitting on /
Testing:
Ran apiserver, put breakpoints in ApiServer's init() where classes are processed
Total cmd classes found by reflections (ReflectUtil) = 354
Total cmd classes found by getCommands for all pluggable services = 354
Next, copied the comma separated values for each set to a string in ipython, a & b
set(a).difference(set(b)) returned null.
The above test implies both set of cmd classes found by both methods, i.e. using
reflections and using getCommands() had same set of apis and all were unique.
Conclusion:
The changes are idempotent and don't break api server's cmd class api discovery
processing.
BUG-ID: CLOUDSTACK-1210
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
