Skip to content

Define+enforce validation of VMID, Namespace and other API inputs #195

@sipsma

Description

@sipsma

VMID is currently unvalidated in terms of length, invalid characters, etc..

We should do some validation; it is used to construct filesystem paths and abstract unix socket paths, which is a starting point for defining length contraints and invalid characters (i.e. we probably don't want to allow anything that would result in ../../.. or similar).

We also construct paths from the containerd namespace, container/task ID, and potentially other parameters provided by clients. We need to do validation on those too (probably even if containerd currently has some form of validation on them for an extra layer of assurance). We should audit our codebase for any other examples of user inputs being used to construct paths.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Relationships

None yet

Development

No branches or pull requests

Issue actions