Merge pull request #920 from spadgett/improve-path-validation

Merged by openshift-bot

Author: OpenShift Bot

app/scripts/controllers/addConfigVolume.js

@@ -96,7 +96,6 @@ angular.module('openshiftConsole')
         var generateName = $filter('generateName');
 
         var displayError = function(errorMessage, errorDetails) {
-          $scope.disableInputs = true;
           $scope.alerts['attach-persistent-volume-claim'] = {
             type: "error",
             message: errorMessage,
@@ -225,7 +224,11 @@ angular.module('openshiftConsole')
               $window.history.back();
             },
             function(result) {
-              displayError("An error occurred attaching the persistent volume claim to the " + $filter('humanizeKind')($routeParams.kind) + ".", getErrorDetails(result));
+              $scope.disableInputs = false;
+              var humanizeKind = $filter('humanizeKind');
+              var sourceKind = humanizeKind(source.kind);
+              var targetKind = humanizeKind($routeParams.kind);
+              displayError("An error occurred attaching the " + sourceKind + " to the " + targetKind + ".", getErrorDetails(result));
             }
           );
         };

app/scripts/controllers/attachPVC.js

@@ -168,6 +168,7 @@ angular.module('openshiftConsole')
               },
               function(result) {
                 displayError("An error occurred attaching the persistent volume claim to the " + $filter('humanizeKind')($routeParams.kind) + ".", getErrorDetails(result));
+                $scope.disableInputs = false;
               }
             );
           }

app/views/add-config-volume.html

@@ -136,19 +136,34 @@ <h3>Keys and Paths</h3>
                               </div>
                               <div class="form-group col-md-6">
                                 <label ng-attr-for="path-{{$id}}" class="required">Path</label>
+                                <!--
+                                  Regex matches any paths not starting with `/` or containing `..` as path elements.
+                                  Use negative lookaheads to assert that the value does not match those patterns.
+
+                                    (?!(\.\.)?\/)         do not match strings starting with `/`
+                                    (?!\.\.(\/|$))        do not match strings starting with `../` or exactly `..`
+                                    (?!.*\/\.\.(\/|$))    do not match strings containing `/../` or ending in `/..`
+                                -->
                                 <input
                                     ng-attr-id="path-{{$id}}"
                                     class="form-control"
                                     ng-class="{ 'has-error': forms.addConfigVolumeForm['path-' + $id].$invalid && forms.addConfigVolumeForm['path-' + $id].$touched }"
                                     type="text"
                                     name="path-{{$id}}"
                                     ng-model="item.path"
+                                    ng-pattern="/^(?!\/)(?!\.\.(\/|$))(?!.*\/\.\.(\/|$)).*$/"
                                     required
                                     osc-unique="itemPaths"
                                     placeholder="example: config/app.properties"
                                     autocorrect="off"
                                     autocapitalize="off"
                                     spellcheck="false">
+                                <div class="has-error" ng-show="forms.addConfigVolumeForm['path-' + $id].$error.pattern">
+                                  <span class="help-block">
+                                    Path must be a relative path. It cannot start with <code>/</code> or
+                                    contain <code>..</code> path elements.
+                                  </span>
+                                </div>
                                 <div class="has-error" ng-show="forms.addConfigVolumeForm['path-' + $id].$error.oscUnique">
                                   <span class="help-block">
                                     Paths must be unique.

app/views/attach-pvc.html

@@ -114,13 +114,20 @@ <h3>Volume</h3>
 
                       <div class="form-group">
                         <label for="volume-name">Volume Name</label>
+                        <!--
+                          Volume name must conform to a DNS label
+                          https://github.com/kubernetes/kubernetes/blob/master/docs/design/identifiers.md
+                          https://github.com/kubernetes/kubernetes/blob/d7a87c228506ed11240049ae95cbb4efb07fd178/pkg/util/validation/validation.go#L61-L70
+                        -->
                         <input
                             id="volume-path"
                             class="form-control"
                             type="text"
                             name="volumeName"
                             ng-model="attach.volumeName"
                             osc-unique="existingVolumeNames"
+                            ng-pattern="/^[a-z0-9]([-a-z0-9]*[a-z0-9])?$/"
+                            maxlength="63"
                             placeholder="(generated if empty)"
                             autocorrect="off"
                             autocapitalize="off"
@@ -129,11 +136,22 @@ <h3>Volume</h3>
                         <div>
                           <span id="volume-name-help" class="help-block">Unique name used to identify this volume. If not specified, a volume name is generated.</span>
                         </div>
-                      </div>
-                      <div class="has-error" ng-show="attachPVCForm.volumeName.$error.oscUnique">
-                        <span class="help-block">
-                          Volume name already exists. Please choose another name.
-                        </span>
+                        <div class="has-error" ng-show="attachPVCForm.volumeName.$error.pattern && attachPVCForm.volumeName.$touched">
+                          <span class="help-block">
+                            Volume names may only contain lower-case letters, numbers, and dashes.
+                            They may not start or end with a dash.
+                          </span>
+                        </div>
+                        <div class="has-error" ng-show="attachPVCForm.volumeName.$error.maxlength">
+                          <span class="help-block">
+                            Volume names cannot be longer than 63 characters.
+                          </span>
+                        </div>
+                        <div class="has-error" ng-show="attachPVCForm.volumeName.$error.oscUnique">
+                          <span class="help-block">
+                            Volume name already exists. Please choose another name.
+                          </span>
+                        </div>
                       </div>
 
                       <!-- Prompt for containers only if there is more than one. -->

dist/scripts/scripts.js

@@ -8197,8 +8197,8 @@ a.volumeMounts || (a.volumeMounts = []), a.volumeMounts.push(b);
 var r = j.createVolume(p, i);
 f.spec.volumes || (f.spec.volumes = []), f.spec.volumes.push(r), c.alerts = {}, g.update(l, e.metadata.name, c.attach.resource, h).then(function() {
 d.history.back();
-}, function(c) {
-n("An error occurred attaching the persistent volume claim to the " + a("humanizeKind")(b.kind) + ".", k(c));
+}, function(d) {
+n("An error occurred attaching the persistent volume claim to the " + a("humanizeKind")(b.kind) + ".", k(d)), c.disableInputs = !1;
 });
 }
 };
@@ -8239,7 +8239,7 @@ c.attach.items.splice(a, 1), o();
 }, i.get(b.project).then(_.spread(function(e, h) {
 c.project = e;
 var i = a("orderByDisplayName"), k = a("getErrorDetails"), m = a("generateName"), n = function(a, b) {
-c.disableInputs = !0, c.alerts["attach-persistent-volume-claim"] = {
+c.alerts["attach-persistent-volume-claim"] = {
 type:"error",
 message:a,
 details:b
@@ -8308,8 +8308,10 @@ items:r
 }
 i.spec.volumes = i.spec.volumes || [], i.spec.volumes.push(s), c.alerts = {}, c.disableInputs = !0, g.update(l, e.metadata.name, c.targetObject, h).then(function() {
 d.history.back();
-}, function(c) {
-n("An error occurred attaching the persistent volume claim to the " + a("humanizeKind")(b.kind) + ".", k(c));
+}, function(d) {
+c.disableInputs = !1;
+var e = a("humanizeKind"), g = e(f.kind), h = e(b.kind);
+n("An error occurred attaching the " + g + " to the " + h + ".", k(d));
 });
 }
 };

dist/scripts/templates.js

@@ -1028,7 +1028,13 @@ angular.module('openshiftConsoleTemplates', []).run(['$templateCache', function(
     "</div>\n" +
     "<div class=\"form-group col-md-6\">\n" +
     "<label ng-attr-for=\"path-{{$id}}\" class=\"required\">Path</label>\n" +
-    "<input ng-attr-id=\"path-{{$id}}\" class=\"form-control\" ng-class=\"{ 'has-error': forms.addConfigVolumeForm['path-' + $id].$invalid && forms.addConfigVolumeForm['path-' + $id].$touched }\" type=\"text\" name=\"path-{{$id}}\" ng-model=\"item.path\" required osc-unique=\"itemPaths\" placeholder=\"example: config/app.properties\" autocorrect=\"off\" autocapitalize=\"off\" spellcheck=\"false\">\n" +
+    "\n" +
+    "<input ng-attr-id=\"path-{{$id}}\" class=\"form-control\" ng-class=\"{ 'has-error': forms.addConfigVolumeForm['path-' + $id].$invalid && forms.addConfigVolumeForm['path-' + $id].$touched }\" type=\"text\" name=\"path-{{$id}}\" ng-model=\"item.path\" ng-pattern=\"/^(?!\\/)(?!\\.\\.(\\/|$))(?!.*\\/\\.\\.(\\/|$)).*$/\" required osc-unique=\"itemPaths\" placeholder=\"example: config/app.properties\" autocorrect=\"off\" autocapitalize=\"off\" spellcheck=\"false\">\n" +
+    "<div class=\"has-error\" ng-show=\"forms.addConfigVolumeForm['path-' + $id].$error.pattern\">\n" +
+    "<span class=\"help-block\">\n" +
+    "Path must be a relative path. It cannot start with <code>/</code> or contain <code>..</code> path elements.\n" +
+    "</span>\n" +
+    "</div>\n" +
     "<div class=\"has-error\" ng-show=\"forms.addConfigVolumeForm['path-' + $id].$error.oscUnique\">\n" +
     "<span class=\"help-block\">\n" +
     "Paths must be unique.\n" +
@@ -1165,16 +1171,27 @@ angular.module('openshiftConsoleTemplates', []).run(['$templateCache', function(
     "</div>\n" +
     "<div class=\"form-group\">\n" +
     "<label for=\"volume-name\">Volume Name</label>\n" +
-    "<input id=\"volume-path\" class=\"form-control\" type=\"text\" name=\"volumeName\" ng-model=\"attach.volumeName\" osc-unique=\"existingVolumeNames\" placeholder=\"(generated if empty)\" autocorrect=\"off\" autocapitalize=\"off\" spellcheck=\"false\" aria-describedby=\"volume-name-help\">\n" +
+    "\n" +
+    "<input id=\"volume-path\" class=\"form-control\" type=\"text\" name=\"volumeName\" ng-model=\"attach.volumeName\" osc-unique=\"existingVolumeNames\" ng-pattern=\"/^[a-z0-9]([-a-z0-9]*[a-z0-9])?$/\" maxlength=\"63\" placeholder=\"(generated if empty)\" autocorrect=\"off\" autocapitalize=\"off\" spellcheck=\"false\" aria-describedby=\"volume-name-help\">\n" +
     "<div>\n" +
     "<span id=\"volume-name-help\" class=\"help-block\">Unique name used to identify this volume. If not specified, a volume name is generated.</span>\n" +
     "</div>\n" +
+    "<div class=\"has-error\" ng-show=\"attachPVCForm.volumeName.$error.pattern && attachPVCForm.volumeName.$touched\">\n" +
+    "<span class=\"help-block\">\n" +
+    "Volume names may only contain lower-case letters, numbers, and dashes. They may not start or end with a dash.\n" +
+    "</span>\n" +
+    "</div>\n" +
+    "<div class=\"has-error\" ng-show=\"attachPVCForm.volumeName.$error.maxlength\">\n" +
+    "<span class=\"help-block\">\n" +
+    "Volume names cannot be longer than 63 characters.\n" +
+    "</span>\n" +
     "</div>\n" +
     "<div class=\"has-error\" ng-show=\"attachPVCForm.volumeName.$error.oscUnique\">\n" +
     "<span class=\"help-block\">\n" +
     "Volume name already exists. Please choose another name.\n" +
     "</span>\n" +
     "</div>\n" +
+    "</div>\n" +
     "\n" +
     "<div ng-if=\"attach.resource.spec.template.spec.containers.length > 1\">\n" +
     "<div ng-if=\"attach.allContainers\">\n" +