Skip to content

Define+enforce validation of VMID, Namespace and other API inputs #195

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
sipsma opened this issue Jun 3, 2019 · 2 comments
Closed

Define+enforce validation of VMID, Namespace and other API inputs #195

sipsma opened this issue Jun 3, 2019 · 2 comments
Assignees
@mxpv
Milestone
"pod"/"task" support

Comments

@sipsma
Copy link
Contributor

sipsma commented Jun 3, 2019
edited
Loading

VMID is currently unvalidated in terms of length, invalid characters, etc..

We should do some validation; it is used to construct filesystem paths and abstract unix socket paths, which is a starting point for defining length contraints and invalid characters (i.e. we probably don't want to allow anything that would result in ../../.. or similar).

We also construct paths from the containerd namespace, container/task ID, and potentially other parameters provided by clients. We need to do validation on those too (probably even if containerd currently has some form of validation on them for an extra layer of assurance). We should audit our codebase for any other examples of user inputs being used to construct paths.
@sipsma sipsma changed the title Define+enforce validation of VMID Define+enforce validation of VMID, Namespace and other API inputs Jun 3, 2019
@mxpv mxpv self-assigned this Jun 5, 2019
@mxpv mxpv mentioned this issue Jun 11, 2019
Merged
@mxpv mxpv closed this as completed Jun 11, 2019
@samuelkarp
Copy link
Contributor

Reopening since #205 only covered the VM ID and not the containerd namespace or container/task ID inputs.

@samuelkarp samuelkarp reopened this Jun 12, 2019
@samuelkarp samuelkarp added this to the "pod"/"task" support milestone Jun 17, 2019
@mxpv mxpv mentioned this issue Jul 2, 2019
Merged
@mxpv
Copy link
Contributor

mxpv commented Jul 2, 2019

Addressed in #218 . Now it validates all path related IDs (vm id, container id, and namespace).

@mxpv mxpv closed this as completed Jul 2, 2019
fangn2 pushed a commit to fangn2/firecracker-containerd that referenced this issue Mar 23, 2023
@kzys
Merge pull request firecracker-microvm#195 from kzys/go-mod-cleanup
ff934f0 
Check go.mod and go.sum on BuildKite
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mxpv mxpv

Labels
None yet
Projects
None yet
Milestone
"pod"/"task" support
Development

No branches or pull requests
3 participants
@samuelkarp @mxpv @sipsma