[libvirt] [PATCH 00/11] Add checks to ensure a name isn't all whitespace
John Ferlan
jferlan at redhat.com
Tue Jul 31 12:15:52 UTC 2018
On 07/31/2018 04:28 AM, Ján Tomko wrote:
> On Mon, Jul 30, 2018 at 02:46:37PM -0400, John Ferlan wrote:
>> https://bugzilla.redhat.com/show_bug.cgi?id=1107420
>>
>> As unusual as the case may be, having a name of all white space
>> has been allowed. This leads to the obvious problem of how a future
>> usage would be able to "utilize" that resource since it's not "simple"
>> to determine what combination of spaces and tabs are being used for
>> the name.
>>
>
> So if the user wants it difficult, they can do so.
> What do we gain by forbidding it?
>
>> 46 files changed, 418 insertions(+), 131 deletions(-)
>> create mode 100644 tests/domainsnapshotxml2xmlin/name_whitespace.xml
>> create mode 100644 tests/networkxml2xmlin/network-whitespace-name.xml
>> create mode 100644 tests/nwfilterxml2xmlin/name-whitespace-invalid.xml
>> create mode 100644 tests/qemuxml2argvdata/name-whitespace.xml
>> create mode 100644 tests/secretxml2xmlin/usage-whitespace-invalid.xml
>> create mode 100644
>> tests/storagepoolxml2xmlin/pool-dir-whitespace-name.xml
>>
>
> (apart from extra 300 lines)
>
> Jano
Since when has the number of insertions/deletions become the determining
factor of what is and isn't a problem? I could drop the tests and shave
a few off. Skipping a few comments along the way may pick up a few more.
As long as one "knows" to list certain objects using 'virsh xxx-list
--uuid', then they can manipulate the white space named object once they
figure out which UUID is associated with their white space named
resource. Still snapshot's don't provide that, so they'd be a problem.
At least nwfilter and secrets are in your face with the UUID. Domains,
networks, and pools just make you work a bit harder.
If you don't think this is a problem, then grab/own the bz and close it.
John
More information about the libvir-list
mailing list