Cloudstack Source code

cloud cloudstack iaas infrastructure java kubernetes kvm libvirt orchestration python virtual-machine virtualization vmware vsphere xcp-ng xenserver

Go to file

Vijayendra Bhamidipati f1ec4fddd3 CS-15217: Security: Malicious user is able to get the size of the cloud by enumerating IDs Description: As part of the fix for Bug CS-13127, a new overloaded function, addProxyObject() was added to facilitate transparent db id to uuid conversions when db IDs were added to exceptions that were thrown in the Cloudstack mgmt server code. However, it turns out that there are quite many db IDs still in the code that are being directly embedded in the String message that is passed during exception creation. In this commit, we modify the default constructor of InvalidParameterValueException so that it takes a second argument of type List<IdentityProxy>. This will help developers see that there is a second parameter required, and make them look into what that parameter is about. Hopefully, this will stop db IDs from being embedded into the exception message. The parameter can be set to null though, since there are many places in the code that don't embed any DB IDs in the exception. This is still a WIP, so the older default constructor for InvalidParameterValueException has not been removed yet. When all instances of throw new InvalidParameterValueException() have been moved over to the new default constructor, the old one will be removed, else compilation will break. The reason for having to do this in batches is that there are way too many places in the code that throw exceptions, and they all cannot be covered in a single commit without it taking much time. In following commits, all other exceptions will be changed in the same way as InvalidParameterValueException.		2012-07-05 16:48:36 -07:00
agent	bug CS-15389: Added prepareStop to Virtualmachine manager and moved network usage collection into prepareStop of VR manager	2012-06-28 18:07:47 -07:00
agent-simulator	bug CS-15389: Added prepareStop to Virtualmachine manager and moved network usage collection into prepareStop of VR manager	2012-06-28 18:07:47 -07:00
api	CS-15217: Security: Malicious user is able to get the size of the cloud by enumerating IDs	2012-07-05 16:48:36 -07:00
awsapi	modified Bucketpolicydao to extend BaseDAO	2012-07-05 13:29:06 +05:30
awsapi-setup	CS-15007: S3 SQLGrammarException exception in awsapi.log	2012-05-21 11:20:57 +01:00
build	Removing hardcode of config file path	2012-07-02 09:55:07 +05:30
client	VPC: listPrivateGateways command is available for regular user too (he needs to know the gatewayId for the static route creation)	2012-06-29 15:17:17 -07:00
cloud-cli	Switch to Apache license	2012-04-03 04:54:14 -07:00
console	bug 14559: podId is required parameter in addCluster api	2012-03-30 10:38:48 -07:00
console-proxy	1) Fix Console viewer CTRL key problem on Chrome browser	2012-06-12 15:53:43 -07:00
console-viewer	bug 14559: podId is required parameter in addCluster api	2012-03-30 10:38:48 -07:00
core	VPC : add static route	2012-07-02 17:28:54 -07:00
daemonize	Switch to Apache license	2012-04-03 04:54:14 -07:00
debian	CS-15040: Do not package the css, js, ui and images directory in the agent package	2012-05-22 11:15:35 +05:30
deps	revert xenserver api java file to old license header	2012-07-03 16:13:19 -07:00
docs	Update documentation source files.	2012-05-01 13:47:26 +01:00
ovm	bug CS-15389: Added prepareStop to Virtualmachine manager and moved network usage collection into prepareStop of VR manager	2012-06-28 18:07:47 -07:00
patches	CS-15427 : always provide gateway as DNS server due to no traffic is allowed by ACL, the external DNS doesn't work by default	2012-07-03 19:13:44 -07:00
python	Switch to Apache license	2012-04-03 04:54:14 -07:00
scripts	VPC : loadbalancer works	2012-06-28 17:16:54 -07:00
server	CS-15217: Security: Malicious user is able to get the size of the cloud by enumerating IDs	2012-07-05 16:48:36 -07:00
setup	VPC: listPrivateGateways command is available for regular user too (he needs to know the gatewayId for the static route creation)	2012-06-29 15:17:17 -07:00
test	Adding Upload volumes & security enhancements tests	2012-07-05 21:28:14 +05:30
tools	networkId is None by default	2012-07-02 09:55:33 +05:30
ui	cloudstack 3.0 UI: VPC feature - implement listView and detailView.	2012-07-03 16:59:18 -07:00
usage	Switch to Apache license	2012-04-03 04:54:14 -07:00
utils	CS-15217: Security: Malicious user is able to get the size of the cloud by enumerating IDs	2012-07-05 16:48:36 -07:00
vmware-base	CS-15173: Additional Cluster is allowed to add with the same VSM IPaddress as the previous cluster	2012-05-31 23:20:38 -07:00
.gitignore	Revert `07e3632b59` removing change to awsapi-lib	2012-05-06 18:49:43 +01:00
.project.general	new file: .project	2012-05-01 13:51:14 +01:00
INSTALL.txt	Switch to Apache license	2012-04-03 04:54:14 -07:00
README.html	Switch to Apache license	2012-04-03 04:54:14 -07:00
README.md	adding a markdown readme for github	2011-12-01 13:02:38 -05:00
build.xml	Finishing merge with 3.0.x	2012-05-01 15:08:51 +01:00
cloud.spec	CS-15376	2012-06-28 16:11:22 -07:00
configure-info.in	Source code committed	2010-08-11 09:13:29 -07:00
version-info.in	more file changes	2010-09-09 13:27:20 -07:00
waf	Source code committed	2010-08-11 09:13:29 -07:00
waf.bat	Source code committed	2010-08-11 09:13:29 -07:00
wscript	Initial checkin for resource tags feature	2012-06-12 10:59:56 -07:00
wscript_build	CS-14722	2012-05-04 11:25:44 -07:00
wscript_configure	add AWSAPILOG token to waf build	2012-04-30 17:08:35 -07:00

README.md

CloudStack

CloudStack is a massively scalable free/libre open source Infrastructure as a Service cloud platform.

Visit us at cloudstack.org or join #cloudstack on irc.freenode.net

Binary Downloads

Downloads are available from: http://cloudstack.org/download.html

Supported Hypervisors

XenServer
KVM
VMware ESX/ESXi (via vCenter)
Oracle VM
XCP

Mailing lists

Announcement Mailing List Development Mailing List Users Mailing list Commits mailing list