#include <errno.h>
#include <ctime>
+#include <regex>
#include "common/errno.h"
#include "common/Formatter.h"
{
int ret;
+ if (! validate_input()) {
+ return -EINVAL;
+ }
+
/* check to see the name is not used */
ret = read_id(name, tenant, id);
if (exclusive && ret == 0) {
return 0;
}
+bool RGWRole::validate_input()
+{
+ if (name.length() > MAX_ROLE_NAME_LEN) {
+ ldout(cct, 0) << "ERROR: Invalid name length " << dendl;
+ return false;
+ }
+
+ if (path.length() > MAX_PATH_NAME_LEN) {
+ ldout(cct, 0) << "ERROR: Invalid path length " << dendl;
+ return false;
+ }
+
+ std::regex regex_name("[A-Za-z0-9:=,.@-]+");
+ if (! std::regex_match(name, regex_name)) {
+ ldout(cct, 0) << "ERROR: Invalid chars in name " << dendl;
+ return false;
+ }
+
+ std::regex regex_path("(\/[!-~]+\/)|(\/)");
+ if (! std::regex_match(path,regex_path)) {
+ ldout(cct, 0) << "ERROR: Invalid chars in path " << dendl;
+ return false;
+ }
+}
+
void RGWRole::update_trust_policy(string& trust_policy)
{
this->trust_policy = trust_policy;
static const string role_oid_prefix;
static const string role_path_oid_prefix;
static const string role_arn_prefix;
+ static constexpr int MAX_ROLE_NAME_LEN = 64;
+ static constexpr int MAX_PATH_NAME_LEN = 512;
CephContext *cct;
RGWRados *store;
int read_name();
int read_info();
void set_id(const string& id) { this->id = id; }
+ bool validate_input();
public:
RGWRole(CephContext *cct,
projects / ceph.git / commitdiff