[pve-devel] [PATCH proxmox-firewall] fix #5410: config: fix naming scheme for names in firewall config

[pve-devel] [PATCH proxmox-firewall] fix #5410: config: fix naming scheme for names in firewall config

[Stefan Hanreich]

This should bring the allowed names on par with the pve-firewall
naming scheme [1].

[1] https://git.proxmox.com/?p=pve-firewall.git;a=blob;f=src/PVE/Firewall.pm;h=0abfeccffc94cec940760e69a894e392dc33f151;hb=29b48c381d14bf425232dc65c9c0d18f95c8f222#l51

Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
 proxmox-ve-config/src/firewall/parse.rs       |  8 +++++++-
 proxmox-ve-config/src/firewall/types/alias.rs | 14 ++++++++++++++
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/proxmox-ve-config/src/firewall/parse.rs b/proxmox-ve-config/src/firewall/parse.rs
index 93cf014..7bf00c0 100644
--- a/proxmox-ve-config/src/firewall/parse.rs
+++ b/proxmox-ve-config/src/firewall/parse.rs
@@ -2,6 +2,8 @@ use std::fmt;
 
 use anyhow::{bail, format_err, Error};
 
+const NAME_SPECIAL_CHARACTERS: [u8; 2] = [b'-', b'_'];
+
 /// Parses out a "name" which can be alphanumeric and include dashes.
 ///
 /// Returns `None` if the name part would be empty.
@@ -16,10 +18,14 @@ use anyhow::{bail, format_err, Error};
 /// assert_eq!(match_name(" someremainder"), None);
 /// ```
 pub fn match_name(line: &str) -> Option<(&str, &str)> {
+    if !line.starts_with(|c: char| c.is_ascii_alphabetic()) {
+        return None;
+    }
+
     let end = line
         .as_bytes()
         .iter()
-        .position(|&b| !(b.is_ascii_alphanumeric() || b == b'-'));
+        .position(|&b| !(b.is_ascii_alphanumeric() || NAME_SPECIAL_CHARACTERS.contains(&b)));
 
     let (name, rest) = match end {
         Some(end) => line.split_at(end),
diff --git a/proxmox-ve-config/src/firewall/types/alias.rs b/proxmox-ve-config/src/firewall/types/alias.rs
index 43c6486..e6aa30d 100644
--- a/proxmox-ve-config/src/firewall/types/alias.rs
+++ b/proxmox-ve-config/src/firewall/types/alias.rs
@@ -147,6 +147,20 @@ impl FromStr for Alias {
 mod tests {
     use super::*;
 
+    #[test]
+    fn test_parse_alias() {
+        for alias in [
+            "local_network 10.0.0.0/32",
+            "test-_123-___-a---- 10.0.0.1/32",
+        ] {
+            alias.parse::<Alias>().expect("valid alias");
+        }
+
+        for alias in ["-- 10.0.0.1/32", "0asd 10.0.0.1/32", "__test 10.0.0.0/32"] {
+            alias.parse::<Alias>().expect_err("invalid alias");
+        }
+    }
+
     #[test]
     fn test_parse_alias_name() {
         for name in ["dc/proxmox_123", "guest/proxmox-123"] {
-- 
2.39.2


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] applied: [PATCH proxmox-firewall] fix #5410: config: fix naming scheme for names in firewall config

[Thomas Lamprecht]

Am 24/04/2024 um 18:15 schrieb Stefan Hanreich:
> This should bring the allowed names on par with the pve-firewall
> naming scheme [1].
> 
> [1] https://git.proxmox.com/?p=pve-firewall.git;a=blob;f=src/PVE/Firewall.pm;h=0abfeccffc94cec940760e69a894e392dc33f151;hb=29b48c381d14bf425232dc65c9c0d18f95c8f222#l51
> 
> Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
> ---
>  proxmox-ve-config/src/firewall/parse.rs       |  8 +++++++-
>  proxmox-ve-config/src/firewall/types/alias.rs | 14 ++++++++++++++
>  2 files changed, 21 insertions(+), 1 deletion(-)
> 
>

applied, thanks!


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel