From d8146636ea0cb3b325b9b7d14806e249c45e37b9 Mon Sep 17 00:00:00 2001 From: nogoodidea Date: Mon, 26 Feb 2024 19:15:27 -0500 Subject: [PATCH] added input valadation --- proxstar/__init__.py | 9 ++++++++- proxstar/static/js/script.js | 11 ++++++++++- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/proxstar/__init__.py b/proxstar/__init__.py index f5a03b5..c72f0f5 100644 --- a/proxstar/__init__.py +++ b/proxstar/__init__.py @@ -412,6 +412,8 @@ def vm_renew(vmid): @app.route('/vm//disk/create/', methods=['POST']) @auth.oidc_auth def create_disk(vmid, size): + if(size =< 0):## are they trying to disk with zero size + return '', 400 user = User(session['userinfo']['preferred_username']) connect_proxmox() if user.rtp or int(vmid) in user.allowed_vms: @@ -589,8 +591,13 @@ def create(): name = request.form['name'].lower() cores = request.form['cores'] memory = request.form['mem'] - template = request.form['template'] disk = request.form['disk'] + ## CHECK STUFF DEAR GOD + if(int(cores) <= 0 or int(memory) <= 0 or int(disk) <= 0){ + return 'VM creation with cores and/or mem and/or disk values that are less than 0' 400 + } + + template = request.form['template'] iso = request.form['iso'] ssh_key = request.form['ssh_key'] if iso != 'none': diff --git a/proxstar/static/js/script.js b/proxstar/static/js/script.js index 6f61324..2e1708b 100644 --- a/proxstar/static/js/script.js +++ b/proxstar/static/js/script.js @@ -238,12 +238,21 @@ $("#create-vm").click(function(){ if (name && disk) { if (template != 'none' && !ssh_regex.test(ssh_key)) { swal("Uh oh...", "Invalid SSH key!", "error"); + // MAXIMUM BOUNDS CHECK } else if (disk > max_disk) { swal("Uh oh...", `You do not have enough disk resources available! Please lower the VM disk size to ${max_disk}GB or lower.`, "error"); } else if (template != 'none' && cores > max_cpu) { swal("Uh oh...", `You do not have enough CPU resources available! Please lower the VM cores to ${max_cpu} or lower.`, "error"); } else if (template != 'none' && mem/1024 > max_mem) { swal("Uh oh...", `You do not have enough memory resources available! Please lower the VM memory to ${max_mem}GB or lower.`, "error"); + // MINIMUM BOUNDS CHECK + else if(0 <= disk){ + swal("Uh oh...", `Selected disk size is less than 0.`,"error"); + }else if(0 <= cores){ + swal("Uh oh...", `Selected cores amount is less than 0.`,"error"); + }else if(0 <= mem){ + swal("Uh oh...", `Selected memory size is less than 0.`,"error"); + } } else { fetch(`/hostname/${name}`, { credentials: 'same-origin', @@ -1155,4 +1164,4 @@ $(".delete-disk").click(function(){ const vmid = $(this).data('vmid') const disk = $(this).data('disk') confirmDialog(`/vm/${vmid}/disk/${disk}/delete`, `Are you sure you want to delete ${disk}?`, "Delete", `Deleting ${disk}!`, `Unable to delete disk. Please try again later.`, `/vm/${vmid}`, true) -}); \ No newline at end of file +});