From 8a2d80b6bc3489654e0610c78e5a773f6cb84322 Mon Sep 17 00:00:00 2001 From: PaulAngus Date: Sun, 7 Jun 2020 16:34:58 +0100 Subject: [PATCH 1/8] start removing dubious phrases --- .../apache/cloudstack/query/QueryService.java | 4 ++-- .../acl/DynamicRoleBasedAPIAccessChecker.java | 2 +- .../acl/StaticRoleBasedAPIAccessChecker.java | 2 +- .../java/com/cloud/utils/db/StaticStrategy.java | 10 +++++----- .../com/cloud/api/query/QueryManagerImpl.java | 6 +++--- .../cloud/api/query/dao/UserVmJoinDaoImpl.java | 4 ++-- .../configuration/ConfigurationManagerImpl.java | 2 +- .../com/cloud/network/vpc/VpcManagerImpl.java | 16 ++++++++-------- .../java/com/cloud/vm/UserVmManagerImpl.java | 16 ++++++++-------- 9 files changed, 31 insertions(+), 31 deletions(-) diff --git a/api/src/main/java/org/apache/cloudstack/query/QueryService.java b/api/src/main/java/org/apache/cloudstack/query/QueryService.java index 57ac963bb8b1..7a41e159ec38 100644 --- a/api/src/main/java/org/apache/cloudstack/query/QueryService.java +++ b/api/src/main/java/org/apache/cloudstack/query/QueryService.java @@ -92,8 +92,8 @@ public interface QueryService { ConfigKey AllowUserViewDestroyedVM = new ConfigKey<>("Advanced", Boolean.class, "allow.user.view.destroyed.vm", "false", "Determines whether users can view their destroyed or expunging vm ", true, ConfigKey.Scope.Account); - static final ConfigKey UserVMBlacklistedDetails = new ConfigKey("Advanced", String.class, - "user.vm.blacklisted.details", "rootdisksize, cpuOvercommitRatio, memoryOvercommitRatio, Message.ReservedCapacityFreed.Flag", + static final ConfigKey UserVMDenyListedDetails = new ConfigKey("Advanced", String.class, + "user.vm.DenyListed.details", "rootdisksize, cpuOvercommitRatio, memoryOvercommitRatio, Message.ReservedCapacityFreed.Flag", "Determines whether users can view certain VM settings. When set to empty, default value used is: rootdisksize, cpuOvercommitRatio, memoryOvercommitRatio, Message.ReservedCapacityFreed.Flag.", true); static final ConfigKey UserVMReadOnlyDetails = new ConfigKey("Advanced", String.class, diff --git a/plugins/acl/dynamic-role-based/src/main/java/org/apache/cloudstack/acl/DynamicRoleBasedAPIAccessChecker.java b/plugins/acl/dynamic-role-based/src/main/java/org/apache/cloudstack/acl/DynamicRoleBasedAPIAccessChecker.java index 02cdf2a9df4c..e4593120f5a5 100644 --- a/plugins/acl/dynamic-role-based/src/main/java/org/apache/cloudstack/acl/DynamicRoleBasedAPIAccessChecker.java +++ b/plugins/acl/dynamic-role-based/src/main/java/org/apache/cloudstack/acl/DynamicRoleBasedAPIAccessChecker.java @@ -58,7 +58,7 @@ protected DynamicRoleBasedAPIAccessChecker() { } private void denyApiAccess(final String commandName) throws PermissionDeniedException { - throw new PermissionDeniedException("The API " + commandName + " is blacklisted for the account's role."); + throw new PermissionDeniedException("The API " + commandName + " is deny listed for the account's role."); } public boolean isDisabled() { diff --git a/plugins/acl/static-role-based/src/main/java/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java b/plugins/acl/static-role-based/src/main/java/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java index 6b40ab4ddffe..3f26f1ddba2a 100644 --- a/plugins/acl/static-role-based/src/main/java/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java +++ b/plugins/acl/static-role-based/src/main/java/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java @@ -90,7 +90,7 @@ public boolean checkAccess(User user, String commandName) throws PermissionDenie } if (commandNames.contains(commandName)) { - throw new PermissionDeniedException("The API is blacklisted. Role type=" + roleType.toString() + " is not allowed to request the api: " + commandName); + throw new PermissionDeniedException("The API is deny listed. Role type=" + roleType.toString() + " is not allowed to request the api: " + commandName); } else { throw new UnavailableCommandException("The API " + commandName + " does not exist or is not available for this account."); } diff --git a/plugins/database/mysql-ha/src/main/java/com/cloud/utils/db/StaticStrategy.java b/plugins/database/mysql-ha/src/main/java/com/cloud/utils/db/StaticStrategy.java index b3536523a06e..0f76288e2916 100644 --- a/plugins/database/mysql-ha/src/main/java/com/cloud/utils/db/StaticStrategy.java +++ b/plugins/database/mysql-ha/src/main/java/com/cloud/utils/db/StaticStrategy.java @@ -47,9 +47,9 @@ public JdbcConnection pickConnection(InvocationHandler proxy, List confi List whiteList = new ArrayList(numHosts); whiteList.addAll(configuredHosts); - Map blackList = ((LoadBalancedConnectionProxy) proxy).getGlobalBlacklist(); + Map denylist = ((LoadBalancedConnectionProxy) proxy).getGlobalDenylist(); - whiteList.removeAll(blackList.keySet()); + whiteList.removeAll(denylist.keySet()); Map whiteListMap = this.getArrayIndexMap(whiteList); @@ -77,7 +77,7 @@ public JdbcConnection pickConnection(InvocationHandler proxy, List confi whiteList.remove(whiteListIndex.intValue()); whiteListMap = this.getArrayIndexMap(whiteList); } - ((LoadBalancedConnectionProxy) proxy).addToGlobalBlacklist(hostPortSpec); + ((LoadBalancedConnectionProxy) proxy).addToGlobalDenylist(hostPortSpec); if (whiteList.size() == 0) { attempts++; @@ -90,9 +90,9 @@ public JdbcConnection pickConnection(InvocationHandler proxy, List confi // start fresh whiteListMap = new HashMap(numHosts); whiteList.addAll(configuredHosts); - blackList = ((LoadBalancedConnectionProxy) proxy).getGlobalBlacklist(); + denylist = ((LoadBalancedConnectionProxy) proxy).getGlobalDenylist(); - whiteList.removeAll(blackList.keySet()); + whiteList.removeAll(denylist.keySet()); whiteListMap = this.getArrayIndexMap(whiteList); } diff --git a/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java b/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java index 70875eb2694b..b7630f83d669 100644 --- a/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java +++ b/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java @@ -3740,10 +3740,10 @@ public DetailOptionsResponse listDetailOptions(final ListDetailOptionsCmd cmd) { throw new CloudRuntimeException("Resource type not supported."); } if (CallContext.current().getCallingAccount().getType() != Account.ACCOUNT_TYPE_ADMIN) { - final List userBlacklistedSettings = Stream.of(QueryService.UserVMBlacklistedDetails.value().split(",")) + final List userDenylistedSettings = Stream.of(QueryService.UserVMDenylistedDetails.value().split(",")) .map(item -> (item).trim()) .collect(Collectors.toList()); - for (final String detail : userBlacklistedSettings) { + for (final String detail : userDenylistedSettings) { if (options.containsKey(detail)) { options.remove(detail); } @@ -4143,6 +4143,6 @@ public String getConfigComponentName() { @Override public ConfigKey[] getConfigKeys() { - return new ConfigKey[] {AllowUserViewDestroyedVM, UserVMBlacklistedDetails, UserVMReadOnlyDetails, SortKeyAscending, AllowUserViewAllDomainAccounts}; + return new ConfigKey[] {AllowUserViewDestroyedVM, UserVMDenylistedDetails, UserVMReadOnlyDetails, SortKeyAscending, AllowUserViewAllDomainAccounts}; } } diff --git a/server/src/main/java/com/cloud/api/query/dao/UserVmJoinDaoImpl.java b/server/src/main/java/com/cloud/api/query/dao/UserVmJoinDaoImpl.java index 3d75ff7f1604..928377cffe45 100644 --- a/server/src/main/java/com/cloud/api/query/dao/UserVmJoinDaoImpl.java +++ b/server/src/main/java/com/cloud/api/query/dao/UserVmJoinDaoImpl.java @@ -344,9 +344,9 @@ public UserVmResponse newUserVmResponse(ResponseView view, String objectName, Us userVmResponse.setPoolType(userVm.getPoolType().toString()); } - // Remove blacklisted settings if user is not admin + // Remove denylisted settings if user is not admin if (caller.getType() != Account.ACCOUNT_TYPE_ADMIN) { - String[] userVmSettingsToHide = QueryService.UserVMBlacklistedDetails.value().split(","); + String[] userVmSettingsToHide = QueryService.UserVMDenylistedDetails.value().split(","); for (String key : userVmSettingsToHide) { resourceDetails.remove(key.trim()); } diff --git a/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java index f5de35af3ed2..6f838e5ef8c9 100755 --- a/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java +++ b/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java @@ -1021,7 +1021,7 @@ private String validateConfigurationValue(final String name, String value, final if (route != null) { final String routeToVerify = route.trim(); if (!NetUtils.isValidIp4Cidr(routeToVerify)) { - throw new InvalidParameterValueException("Invalid value for blacklisted route: " + route + ". Valid format is list" + throw new InvalidParameterValueException("Invalid value for deny listed route: " + route + ". Valid format is list" + " of cidrs separated by coma. Example: 10.1.1.0/24,192.168.0.0/24"); } } diff --git a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java index a03e3deb1030..fe17138b277e 100644 --- a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java +++ b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java @@ -2293,9 +2293,9 @@ public StaticRoute createStaticRoute(final long gatewayId, final String cidr) th throw new InvalidParameterValueException("CIDR should be outside of link local cidr " + NetUtils.getLinkLocalCIDR()); } - // 3) Verify against blacklisted routes - if (isCidrBlacklisted(cidr, vpc.getZoneId())) { - throw new InvalidParameterValueException("The static gateway cidr overlaps with one of the blacklisted routes of the zone the VPC belongs to"); + // 3) Verify against deny listed routes + if (isCidrDenylisted(cidr, vpc.getZoneId())) { + throw new InvalidParameterValueException("The static gateway cidr overlaps with one of the deny listed routes of the zone the VPC belongs to"); } return Transaction.execute(new TransactionCallbackWithException() { @@ -2317,14 +2317,14 @@ public StaticRouteVO doInTransaction(final TransactionStatus status) throws Netw }); } - protected boolean isCidrBlacklisted(final String cidr, final long zoneId) { + protected boolean isCidrDenylisted(final String cidr, final long zoneId) { final String routesStr = NetworkOrchestrationService.GuestDomainSuffix.valueIn(zoneId); if (routesStr != null && !routesStr.isEmpty()) { - final String[] cidrBlackList = routesStr.split(","); + final String[] cidrDenyList = routesStr.split(","); - if (cidrBlackList != null && cidrBlackList.length > 0) { - for (final String blackListedRoute : cidrBlackList) { - if (NetUtils.isNetworksOverlap(blackListedRoute, cidr)) { + if (cidrDenyList != null && cidrDenyList.length > 0) { + for (final String denyListedRoute : cidrDenyList) { + if (NetUtils.isNetworksOverlap(denyListedRoute, cidr)) { return true; } } diff --git a/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java b/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java index 65776ab59b9b..14e43824d6fc 100644 --- a/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java +++ b/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java @@ -2563,7 +2563,7 @@ public UserVm updateVirtualMachine(UpdateVMCmd cmd) throws ResourceUnavailableEx updateDisplayVmFlag(isDisplayVm, id, vmInstance); } final Account caller = CallContext.current().getCallingAccount(); - final List userBlacklistedSettings = Stream.of(QueryService.UserVMBlacklistedDetails.value().split(",")) + final List userDenyListedSettings = Stream.of(QueryService.UserVMdenylistedDetails.value().split(",")) .map(item -> (item).trim()) .collect(Collectors.toList()); final List userReadOnlySettings = Stream.of(QueryService.UserVMReadOnlyDetails.value().split(",")) @@ -2574,7 +2574,7 @@ public UserVm updateVirtualMachine(UpdateVMCmd cmd) throws ResourceUnavailableEx userVmDetailsDao.removeDetails(id); } else { for (final UserVmDetailVO detail : userVmDetailsDao.listDetails(id)) { - if (detail != null && !userBlacklistedSettings.contains(detail.getName()) + if (detail != null && !userDenyListedSettings.contains(detail.getName()) && !userReadOnlySettings.contains(detail.getName())) { userVmDetailsDao.removeDetail(id, detail.getName()); } @@ -2587,18 +2587,18 @@ public UserVm updateVirtualMachine(UpdateVMCmd cmd) throws ResourceUnavailableEx } if (caller != null && caller.getType() != Account.ACCOUNT_TYPE_ADMIN) { - // Ensure blacklisted or read-only detail is not passed by non-root-admin user + // Ensure deny listed or read-only detail is not passed by non-root-admin user for (final String detailName : details.keySet()) { - if (userBlacklistedSettings.contains(detailName)) { + if (userDenyListedSettings.contains(detailName)) { throw new InvalidParameterValueException("You're not allowed to add or edit the restricted setting: " + detailName); } if (userReadOnlySettings.contains(detailName)) { throw new InvalidParameterValueException("You're not allowed to add or edit the read-only setting: " + detailName); } } - // Add any hidden/blacklisted or read-only detail + // Add any hidden/denylisted or read-only detail for (final UserVmDetailVO detail : userVmDetailsDao.listDetails(id)) { - if (userBlacklistedSettings.contains(detail.getName()) || userReadOnlySettings.contains(detail.getName())) { + if (userDenyListedSettings.contains(detail.getName()) || userReadOnlySettings.contains(detail.getName())) { details.put(detail.getName(), detail.getValue()); } } @@ -5553,7 +5553,7 @@ protected boolean isValidXenOrVmwareConfiguration(String cfg, String[] allowedKe * @param vm */ protected void persistExtraConfigKvm(String decodedUrl, UserVm vm) { - // validate config against blacklisted cfg commands + // validate config against denylisted cfg commands validateKvmExtraConfig(decodedUrl); String[] extraConfigs = decodedUrl.split("\n\n"); for (String cfg : extraConfigs) { @@ -5575,7 +5575,7 @@ protected void persistExtraConfigKvm(String decodedUrl, UserVm vm) { /** * This method is called by the persistExtraConfigKvm - * Validates passed extra configuration data for KVM and validates against blacklist of unwanted commands + * Validates passed extra configuration data for KVM and validates against deny-list of unwanted commands * controlled by Root admin * @param decodedUrl string containing xml configuration to be validated */ From 7ea817d32389aa22b7e3a122d7d652232f842387 Mon Sep 17 00:00:00 2001 From: PaulAngus Date: Mon, 8 Jun 2020 09:31:18 +0100 Subject: [PATCH 2/8] remove black/white list phrasing --- .../com/cloud/utils/db/StaticStrategy.java | 30 +++++++++---------- .../com/cloud/api/query/QueryManagerImpl.java | 6 ++-- .../api/query/dao/UserVmJoinDaoImpl.java | 4 +-- .../java/com/cloud/vm/UserVmManagerImpl.java | 2 +- tools/ngui/static/js/lib/angular.js | 18 +++++------ 5 files changed, 30 insertions(+), 30 deletions(-) diff --git a/plugins/database/mysql-ha/src/main/java/com/cloud/utils/db/StaticStrategy.java b/plugins/database/mysql-ha/src/main/java/com/cloud/utils/db/StaticStrategy.java index 0f76288e2916..945e118d631f 100644 --- a/plugins/database/mysql-ha/src/main/java/com/cloud/utils/db/StaticStrategy.java +++ b/plugins/database/mysql-ha/src/main/java/com/cloud/utils/db/StaticStrategy.java @@ -44,21 +44,21 @@ public JdbcConnection pickConnection(InvocationHandler proxy, List confi SQLException ex = null; - List whiteList = new ArrayList(numHosts); - whiteList.addAll(configuredHosts); + List allowList = new ArrayList(numHosts); + allowList.addAll(configuredHosts); Map denylist = ((LoadBalancedConnectionProxy) proxy).getGlobalDenylist(); - whiteList.removeAll(denylist.keySet()); + allowList.removeAll(denylist.keySet()); - Map whiteListMap = this.getArrayIndexMap(whiteList); + Map allowListMap = this.getArrayIndexMap(allowList); for (int attempts = 0; attempts < numRetries;) { - if (whiteList.size() == 0) { + if (allowList.size() == 0) { throw SQLError.createSQLException("No hosts configured", null); } - String hostPortSpec = whiteList.get(0); //Always take the first host + String hostPortSpec = allowList.get(0); //Always take the first host ConnectionImpl conn = (ConnectionImpl) liveConnections.get(hostPortSpec); @@ -70,16 +70,16 @@ public JdbcConnection pickConnection(InvocationHandler proxy, List confi if (((LoadBalancedConnectionProxy) proxy).shouldExceptionTriggerFailover(sqlEx)) { - Integer whiteListIndex = whiteListMap.get(hostPortSpec); + Integer allowListIndex = allowListMap.get(hostPortSpec); // exclude this host from being picked again - if (whiteListIndex != null) { - whiteList.remove(whiteListIndex.intValue()); - whiteListMap = this.getArrayIndexMap(whiteList); + if (allowListIndex != null) { + allowList.remove(allowListIndex.intValue()); + allowListMap = this.getArrayIndexMap(allowList); } ((LoadBalancedConnectionProxy) proxy).addToGlobalDenylist(hostPortSpec); - if (whiteList.size() == 0) { + if (allowList.size() == 0) { attempts++; try { Thread.sleep(250); @@ -88,12 +88,12 @@ public JdbcConnection pickConnection(InvocationHandler proxy, List confi } // start fresh - whiteListMap = new HashMap(numHosts); - whiteList.addAll(configuredHosts); + allowListMap = new HashMap(numHosts); + allowList.addAll(configuredHosts); denylist = ((LoadBalancedConnectionProxy) proxy).getGlobalDenylist(); - whiteList.removeAll(denylist.keySet()); - whiteListMap = this.getArrayIndexMap(whiteList); + allowList.removeAll(denylist.keySet()); + allowListMap = this.getArrayIndexMap(allowList); } continue; diff --git a/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java b/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java index b7630f83d669..2b93ebb50a76 100644 --- a/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java +++ b/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java @@ -3740,10 +3740,10 @@ public DetailOptionsResponse listDetailOptions(final ListDetailOptionsCmd cmd) { throw new CloudRuntimeException("Resource type not supported."); } if (CallContext.current().getCallingAccount().getType() != Account.ACCOUNT_TYPE_ADMIN) { - final List userDenylistedSettings = Stream.of(QueryService.UserVMDenylistedDetails.value().split(",")) + final List userDenyListedSettings = Stream.of(QueryService.UserVMDenyListedDetails.value().split(",")) .map(item -> (item).trim()) .collect(Collectors.toList()); - for (final String detail : userDenylistedSettings) { + for (final String detail : userDenyListedSettings) { if (options.containsKey(detail)) { options.remove(detail); } @@ -4143,6 +4143,6 @@ public String getConfigComponentName() { @Override public ConfigKey[] getConfigKeys() { - return new ConfigKey[] {AllowUserViewDestroyedVM, UserVMDenylistedDetails, UserVMReadOnlyDetails, SortKeyAscending, AllowUserViewAllDomainAccounts}; + return new ConfigKey[] {AllowUserViewDestroyedVM, UserVMDenyListedDetails, UserVMReadOnlyDetails, SortKeyAscending, AllowUserViewAllDomainAccounts}; } } diff --git a/server/src/main/java/com/cloud/api/query/dao/UserVmJoinDaoImpl.java b/server/src/main/java/com/cloud/api/query/dao/UserVmJoinDaoImpl.java index 928377cffe45..be4e60dcdea3 100644 --- a/server/src/main/java/com/cloud/api/query/dao/UserVmJoinDaoImpl.java +++ b/server/src/main/java/com/cloud/api/query/dao/UserVmJoinDaoImpl.java @@ -344,9 +344,9 @@ public UserVmResponse newUserVmResponse(ResponseView view, String objectName, Us userVmResponse.setPoolType(userVm.getPoolType().toString()); } - // Remove denylisted settings if user is not admin + // Remove deny listed settings if user is not admin if (caller.getType() != Account.ACCOUNT_TYPE_ADMIN) { - String[] userVmSettingsToHide = QueryService.UserVMDenylistedDetails.value().split(","); + String[] userVmSettingsToHide = QueryService.UserVMDenyListedDetails.value().split(","); for (String key : userVmSettingsToHide) { resourceDetails.remove(key.trim()); } diff --git a/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java b/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java index 14e43824d6fc..dbc5a07bccea 100644 --- a/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java +++ b/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java @@ -2563,7 +2563,7 @@ public UserVm updateVirtualMachine(UpdateVMCmd cmd) throws ResourceUnavailableEx updateDisplayVmFlag(isDisplayVm, id, vmInstance); } final Account caller = CallContext.current().getCallingAccount(); - final List userDenyListedSettings = Stream.of(QueryService.UserVMdenylistedDetails.value().split(",")) + final List userDenyListedSettings = Stream.of(QueryService.UserVMDenylistedDetails.value().split(",")) .map(item -> (item).trim()) .collect(Collectors.toList()); final List userReadOnlySettings = Stream.of(QueryService.UserVMReadOnlyDetails.value().split(",")) diff --git a/tools/ngui/static/js/lib/angular.js b/tools/ngui/static/js/lib/angular.js index a860c8594f4d..e3ab8842893d 100644 --- a/tools/ngui/static/js/lib/angular.js +++ b/tools/ngui/static/js/lib/angular.js @@ -3687,7 +3687,7 @@ function $CompileProvider($provide) { COMMENT_DIRECTIVE_REGEXP = /^\s*directive\:\s*([\d\w\-_]+)\s+(.*)$/, CLASS_DIRECTIVE_REGEXP = /(([\d\w\-_]+)(?:\:([^;]+))?;?)/, MULTI_ROOT_TEMPLATE_ERROR = 'Template must have exactly one root element. was: ', - urlSanitizationWhitelist = /^\s*(https?|ftp|mailto|file):/; + urlSanitizationAllowlist = /^\s*(https?|ftp|mailto|file):/; /** @@ -3743,31 +3743,31 @@ function $CompileProvider($provide) { /** * @ngdoc function - * @name ng.$compileProvider#urlSanitizationWhitelist + * @name ng.$compileProvider#urlSanitizationAllowlist * @methodOf ng.$compileProvider * @function * * @description - * Retrieves or overrides the default regular expression that is used for whitelisting of safe + * Retrieves or overrides the default regular expression that is used for allow listing of safe * urls during a[href] sanitization. * * The sanitization is a security measure aimed at prevent XSS attacks via html links. * * Any url about to be assigned to a[href] via data-binding is first normalized and turned into an - * absolute url. Afterwards the url is matched against the `urlSanitizationWhitelist` regular + * absolute url. Afterwards the url is matched against the `urlSanitizationAllowlist` regular * expression. If a match is found the original url is written into the dom. Otherwise the * absolute url is prefixed with `'unsafe:'` string and only then it is written into the DOM. * - * @param {RegExp=} regexp New regexp to whitelist urls with. + * @param {RegExp=} regexp New regexp to allow list urls with. * @returns {RegExp|ng.$compileProvider} Current RegExp if called without value or self for * chaining otherwise. */ - this.urlSanitizationWhitelist = function(regexp) { + this.urlSanitizationAllowlist = function(regexp) { if (isDefined(regexp)) { - urlSanitizationWhitelist = regexp; + urlSanitizationAllowlist = regexp; return this; } - return urlSanitizationWhitelist; + return urlSanitizationAllowlist; }; @@ -3824,7 +3824,7 @@ function $CompileProvider($provide) { // href property always returns normalized absolute url, so we can match against that normalizedVal = urlSanitizationNode.href; - if (!normalizedVal.match(urlSanitizationWhitelist)) { + if (!normalizedVal.match(urlSanitizationAllowlist)) { this[key] = value = 'unsafe:' + normalizedVal; } } From d3f53e5f672559b46fc924ee01bd854115f88976 Mon Sep 17 00:00:00 2001 From: PaulAngus Date: Mon, 8 Jun 2020 21:08:06 +0100 Subject: [PATCH 3/8] remove a few last phrases --- .../resources/META-INF/db/schema-410to420.sql | 2 +- .../agent/noVNC/vendor/pako/lib/zlib/trees.js | 18 +++++++++--------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/engine/schema/src/main/resources/META-INF/db/schema-410to420.sql b/engine/schema/src/main/resources/META-INF/db/schema-410to420.sql index 50f3fa9b2906..a57895f86366 100644 --- a/engine/schema/src/main/resources/META-INF/db/schema-410to420.sql +++ b/engine/schema/src/main/resources/META-INF/db/schema-410to420.sql @@ -2065,7 +2065,7 @@ alter table `cloud`.`vpc_gateways` add column network_acl_id bigint unsigned def update `cloud`.`vpc_gateways` set network_acl_id = 2; -INSERT IGNORE INTO `cloud`.`configuration` VALUES ('Advanced', 'DEFAULT', 'VpcManager', 'blacklisted.routes', NULL, 'Routes that are blacklisted, can not be used for Static Routes creation for the VPC Private Gateway'); +INSERT IGNORE INTO `cloud`.`configuration` VALUES ('Advanced', 'DEFAULT', 'VpcManager', 'blacklisted.routes', NULL, 'Routes that are denied, can not be used for Static Routes creation for the VPC Private Gateway'); INSERT IGNORE INTO `cloud`.`configuration` VALUES ('Advanced', 'DEFAULT', 'management-server', 'enable.dynamic.scale.vm', 'false', 'Enables/Diables dynamically scaling a vm'); diff --git a/systemvm/agent/noVNC/vendor/pako/lib/zlib/trees.js b/systemvm/agent/noVNC/vendor/pako/lib/zlib/trees.js index a69b8a592fe0..be5d0a9675b9 100644 --- a/systemvm/agent/noVNC/vendor/pako/lib/zlib/trees.js +++ b/systemvm/agent/noVNC/vendor/pako/lib/zlib/trees.js @@ -951,9 +951,9 @@ function send_all_trees(s, lcodes, dcodes, blcodes) * Check if the data type is TEXT or BINARY, using the following algorithm: * - TEXT if the two conditions below are satisfied: * a) There are no non-portable control characters belonging to the - * "black list" (0..6, 14..25, 28..31). + * "deny list" (0..6, 14..25, 28..31). * b) There is at least one printable character belonging to the - * "white list" (9 {TAB}, 10 {LF}, 13 {CR}, 32..255). + * "allow list" (9 {TAB}, 10 {LF}, 13 {CR}, 32..255). * - BINARY otherwise. * - The following partially-portable control characters form a * "gray list" that is ignored in this detection algorithm: @@ -961,21 +961,21 @@ function send_all_trees(s, lcodes, dcodes, blcodes) * IN assertion: the fields Freq of dyn_ltree are set. */ function detect_data_type(s) { - /* black_mask is the bit mask of black-listed bytes + /* deny_mask is the bit mask of deny-listed bytes * set bits 0..6, 14..25, and 28..31 * 0xf3ffc07f = binary 11110011111111111100000001111111 */ - var black_mask = 0xf3ffc07f; + var deny_mask = 0xf3ffc07f; var n; - /* Check for non-textual ("black-listed") bytes. */ - for (n = 0; n <= 31; n++, black_mask >>>= 1) { - if ((black_mask & 1) && (s.dyn_ltree[n * 2]/*.Freq*/ !== 0)) { + /* Check for non-textual ("deny-listed") bytes. */ + for (n = 0; n <= 31; n++, deny_mask >>>= 1) { + if ((deny_mask & 1) && (s.dyn_ltree[n * 2]/*.Freq*/ !== 0)) { return Z_BINARY; } } - /* Check for textual ("white-listed") bytes. */ + /* Check for textual ("allow-listed") bytes. */ if (s.dyn_ltree[9 * 2]/*.Freq*/ !== 0 || s.dyn_ltree[10 * 2]/*.Freq*/ !== 0 || s.dyn_ltree[13 * 2]/*.Freq*/ !== 0) { return Z_TEXT; @@ -986,7 +986,7 @@ function detect_data_type(s) { } } - /* There are no "black-listed" or "white-listed" bytes: + /* There are no "deny-listed" or "allow-listed" bytes: * this stream either is empty or has tolerated ("gray-listed") bytes only. */ return Z_BINARY; From 06a965df31a906871f92e65d6585945efcdd593a Mon Sep 17 00:00:00 2001 From: Paul Angus Date: Mon, 8 Jun 2020 21:48:06 +0100 Subject: [PATCH 4/8] fix inadvertent case change --- api/src/main/java/org/apache/cloudstack/query/QueryService.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/src/main/java/org/apache/cloudstack/query/QueryService.java b/api/src/main/java/org/apache/cloudstack/query/QueryService.java index 7a41e159ec38..0cdf7d29a776 100644 --- a/api/src/main/java/org/apache/cloudstack/query/QueryService.java +++ b/api/src/main/java/org/apache/cloudstack/query/QueryService.java @@ -93,7 +93,7 @@ public interface QueryService { "Determines whether users can view their destroyed or expunging vm ", true, ConfigKey.Scope.Account); static final ConfigKey UserVMDenyListedDetails = new ConfigKey("Advanced", String.class, - "user.vm.DenyListed.details", "rootdisksize, cpuOvercommitRatio, memoryOvercommitRatio, Message.ReservedCapacityFreed.Flag", + "user.vm.denylisted.details", "rootdisksize, cpuOvercommitRatio, memoryOvercommitRatio, Message.ReservedCapacityFreed.Flag", "Determines whether users can view certain VM settings. When set to empty, default value used is: rootdisksize, cpuOvercommitRatio, memoryOvercommitRatio, Message.ReservedCapacityFreed.Flag.", true); static final ConfigKey UserVMReadOnlyDetails = new ConfigKey("Advanced", String.class, From 3b5f9669520b42ce6c19ca2461708735b70d0740 Mon Sep 17 00:00:00 2001 From: PaulAngus Date: Tue, 9 Jun 2020 08:48:34 +0100 Subject: [PATCH 5/8] wrong case --- server/src/main/java/com/cloud/vm/UserVmManagerImpl.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java b/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java index dbc5a07bccea..5ad9c1c71e50 100644 --- a/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java +++ b/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java @@ -2563,7 +2563,7 @@ public UserVm updateVirtualMachine(UpdateVMCmd cmd) throws ResourceUnavailableEx updateDisplayVmFlag(isDisplayVm, id, vmInstance); } final Account caller = CallContext.current().getCallingAccount(); - final List userDenyListedSettings = Stream.of(QueryService.UserVMDenylistedDetails.value().split(",")) + final List userDenyListedSettings = Stream.of(QueryService.UserVMDenyListedDetails.value().split(",")) .map(item -> (item).trim()) .collect(Collectors.toList()); final List userReadOnlySettings = Stream.of(QueryService.UserVMReadOnlyDetails.value().split(",")) From cd635aa3217fc015c05bf3f60dd7bd5cf057e2cc Mon Sep 17 00:00:00 2001 From: PaulAngus Date: Tue, 9 Jun 2020 14:37:25 +0100 Subject: [PATCH 6/8] revert change which is actually in mysql --- .../src/main/java/com/cloud/utils/db/StaticStrategy.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/plugins/database/mysql-ha/src/main/java/com/cloud/utils/db/StaticStrategy.java b/plugins/database/mysql-ha/src/main/java/com/cloud/utils/db/StaticStrategy.java index 945e118d631f..c46ebdfc2bf1 100644 --- a/plugins/database/mysql-ha/src/main/java/com/cloud/utils/db/StaticStrategy.java +++ b/plugins/database/mysql-ha/src/main/java/com/cloud/utils/db/StaticStrategy.java @@ -47,7 +47,7 @@ public JdbcConnection pickConnection(InvocationHandler proxy, List confi List allowList = new ArrayList(numHosts); allowList.addAll(configuredHosts); - Map denylist = ((LoadBalancedConnectionProxy) proxy).getGlobalDenylist(); + Map denylist = ((LoadBalancedConnectionProxy) proxy).getGlobalBlackist(); allowList.removeAll(denylist.keySet()); @@ -77,7 +77,7 @@ public JdbcConnection pickConnection(InvocationHandler proxy, List confi allowList.remove(allowListIndex.intValue()); allowListMap = this.getArrayIndexMap(allowList); } - ((LoadBalancedConnectionProxy) proxy).addToGlobalDenylist(hostPortSpec); + ((LoadBalancedConnectionProxy) proxy).addToGlobalBlacklist(hostPortSpec); if (allowList.size() == 0) { attempts++; @@ -90,7 +90,7 @@ public JdbcConnection pickConnection(InvocationHandler proxy, List confi // start fresh allowListMap = new HashMap(numHosts); allowList.addAll(configuredHosts); - denylist = ((LoadBalancedConnectionProxy) proxy).getGlobalDenylist(); + denylist = ((LoadBalancedConnectionProxy) proxy).getGlobalBlacklist(); allowList.removeAll(denylist.keySet()); allowListMap = this.getArrayIndexMap(allowList); From 7ea0a96084001fe9c263c1356a3256c66fccc6ee Mon Sep 17 00:00:00 2001 From: PaulAngus Date: Tue, 9 Jun 2020 20:48:44 +0100 Subject: [PATCH 7/8] fix typo --- .../src/main/java/com/cloud/utils/db/StaticStrategy.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/database/mysql-ha/src/main/java/com/cloud/utils/db/StaticStrategy.java b/plugins/database/mysql-ha/src/main/java/com/cloud/utils/db/StaticStrategy.java index c46ebdfc2bf1..90a6dad16740 100644 --- a/plugins/database/mysql-ha/src/main/java/com/cloud/utils/db/StaticStrategy.java +++ b/plugins/database/mysql-ha/src/main/java/com/cloud/utils/db/StaticStrategy.java @@ -47,7 +47,7 @@ public JdbcConnection pickConnection(InvocationHandler proxy, List confi List allowList = new ArrayList(numHosts); allowList.addAll(configuredHosts); - Map denylist = ((LoadBalancedConnectionProxy) proxy).getGlobalBlackist(); + Map denylist = ((LoadBalancedConnectionProxy) proxy).getGlobalBlacklist(); allowList.removeAll(denylist.keySet()); From 2d735bf31ce79d7e2d9cf7289e4fced7fd5d770f Mon Sep 17 00:00:00 2001 From: Suresh Kumar Anaparti Date: Thu, 25 Mar 2021 17:53:45 +0530 Subject: [PATCH 8/8] Updated changes to remove black/whitelist phrasing --- .../src/main/resources/META-INF/db/schema-410to420.sql | 2 +- .../src/main/resources/META-INF/db/schema-41510to41600.sql | 6 ++++++ .../cloudstack/acl/DynamicRoleBasedAPIAccessChecker.java | 2 +- .../cloudstack/acl/ProjectRoleBasedApiAccessChecker.java | 2 +- .../cloudstack/acl/StaticRoleBasedAPIAccessChecker.java | 2 +- .../com/cloud/configuration/ConfigurationManagerImpl.java | 2 +- .../main/java/com/cloud/network/vpc/VpcManagerImpl.java | 4 ++-- server/src/main/java/com/cloud/vm/UserVmManagerImpl.java | 7 +++---- ui/src/permission.js | 4 ++-- 9 files changed, 18 insertions(+), 13 deletions(-) diff --git a/engine/schema/src/main/resources/META-INF/db/schema-410to420.sql b/engine/schema/src/main/resources/META-INF/db/schema-410to420.sql index a57895f86366..50f3fa9b2906 100644 --- a/engine/schema/src/main/resources/META-INF/db/schema-410to420.sql +++ b/engine/schema/src/main/resources/META-INF/db/schema-410to420.sql @@ -2065,7 +2065,7 @@ alter table `cloud`.`vpc_gateways` add column network_acl_id bigint unsigned def update `cloud`.`vpc_gateways` set network_acl_id = 2; -INSERT IGNORE INTO `cloud`.`configuration` VALUES ('Advanced', 'DEFAULT', 'VpcManager', 'blacklisted.routes', NULL, 'Routes that are denied, can not be used for Static Routes creation for the VPC Private Gateway'); +INSERT IGNORE INTO `cloud`.`configuration` VALUES ('Advanced', 'DEFAULT', 'VpcManager', 'blacklisted.routes', NULL, 'Routes that are blacklisted, can not be used for Static Routes creation for the VPC Private Gateway'); INSERT IGNORE INTO `cloud`.`configuration` VALUES ('Advanced', 'DEFAULT', 'management-server', 'enable.dynamic.scale.vm', 'false', 'Enables/Diables dynamically scaling a vm'); diff --git a/engine/schema/src/main/resources/META-INF/db/schema-41510to41600.sql b/engine/schema/src/main/resources/META-INF/db/schema-41510to41600.sql index eec9bcd671b3..d687de0dc9c3 100644 --- a/engine/schema/src/main/resources/META-INF/db/schema-41510to41600.sql +++ b/engine/schema/src/main/resources/META-INF/db/schema-41510to41600.sql @@ -303,3 +303,9 @@ from -- Update name for global configuration user.vm.readonly.ui.details Update configuration set name='user.vm.readonly.details' where name='user.vm.readonly.ui.details'; + +-- Update name for global configuration 'user.vm.readonly.ui.details' to 'user.vm.denied.details' +UPDATE `cloud`.`configuration` SET name='user.vm.denied.details' WHERE name='user.vm.blacklisted.details'; + +-- Update name for global configuration 'blacklisted.routes' to 'denied.routes' +UPDATE `cloud`.`configuration` SET name='denied.routes', description='Routes that are denied, can not be used for Static Routes creation for the VPC Private Gateway' WHERE name='blacklisted.routes'; diff --git a/plugins/acl/dynamic-role-based/src/main/java/org/apache/cloudstack/acl/DynamicRoleBasedAPIAccessChecker.java b/plugins/acl/dynamic-role-based/src/main/java/org/apache/cloudstack/acl/DynamicRoleBasedAPIAccessChecker.java index e4593120f5a5..f693bae8c33c 100644 --- a/plugins/acl/dynamic-role-based/src/main/java/org/apache/cloudstack/acl/DynamicRoleBasedAPIAccessChecker.java +++ b/plugins/acl/dynamic-role-based/src/main/java/org/apache/cloudstack/acl/DynamicRoleBasedAPIAccessChecker.java @@ -58,7 +58,7 @@ protected DynamicRoleBasedAPIAccessChecker() { } private void denyApiAccess(final String commandName) throws PermissionDeniedException { - throw new PermissionDeniedException("The API " + commandName + " is deny listed for the account's role."); + throw new PermissionDeniedException("The API " + commandName + " is denied for the account's role."); } public boolean isDisabled() { diff --git a/plugins/acl/project-role-based/src/main/java/org/apache/cloudstack/acl/ProjectRoleBasedApiAccessChecker.java b/plugins/acl/project-role-based/src/main/java/org/apache/cloudstack/acl/ProjectRoleBasedApiAccessChecker.java index 5a17bb993eb3..5648a96ea666 100644 --- a/plugins/acl/project-role-based/src/main/java/org/apache/cloudstack/acl/ProjectRoleBasedApiAccessChecker.java +++ b/plugins/acl/project-role-based/src/main/java/org/apache/cloudstack/acl/ProjectRoleBasedApiAccessChecker.java @@ -55,7 +55,7 @@ protected ProjectRoleBasedApiAccessChecker() { } private void denyApiAccess(final String commandName) throws PermissionDeniedException { - throw new PermissionDeniedException("The API " + commandName + " is blacklisted for the user's/account's project role."); + throw new PermissionDeniedException("The API " + commandName + " is denied for the user's/account's project role."); } diff --git a/plugins/acl/static-role-based/src/main/java/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java b/plugins/acl/static-role-based/src/main/java/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java index 3f26f1ddba2a..7550483b2306 100644 --- a/plugins/acl/static-role-based/src/main/java/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java +++ b/plugins/acl/static-role-based/src/main/java/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java @@ -90,7 +90,7 @@ public boolean checkAccess(User user, String commandName) throws PermissionDenie } if (commandNames.contains(commandName)) { - throw new PermissionDeniedException("The API is deny listed. Role type=" + roleType.toString() + " is not allowed to request the api: " + commandName); + throw new PermissionDeniedException("The API is denied. Role type=" + roleType.toString() + " is not allowed to request the api: " + commandName); } else { throw new UnavailableCommandException("The API " + commandName + " does not exist or is not available for this account."); } diff --git a/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java index 6f838e5ef8c9..3a1654f2099c 100755 --- a/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java +++ b/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java @@ -1021,7 +1021,7 @@ private String validateConfigurationValue(final String name, String value, final if (route != null) { final String routeToVerify = route.trim(); if (!NetUtils.isValidIp4Cidr(routeToVerify)) { - throw new InvalidParameterValueException("Invalid value for deny listed route: " + route + ". Valid format is list" + throw new InvalidParameterValueException("Invalid value for route: " + route + " in deny list. Valid format is list" + " of cidrs separated by coma. Example: 10.1.1.0/24,192.168.0.0/24"); } } diff --git a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java index fe17138b277e..469196802fce 100644 --- a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java +++ b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java @@ -2293,9 +2293,9 @@ public StaticRoute createStaticRoute(final long gatewayId, final String cidr) th throw new InvalidParameterValueException("CIDR should be outside of link local cidr " + NetUtils.getLinkLocalCIDR()); } - // 3) Verify against deny listed routes + // 3) Verify against denied routes if (isCidrDenylisted(cidr, vpc.getZoneId())) { - throw new InvalidParameterValueException("The static gateway cidr overlaps with one of the deny listed routes of the zone the VPC belongs to"); + throw new InvalidParameterValueException("The static gateway cidr overlaps with one of the denied routes of the zone the VPC belongs to"); } return Transaction.execute(new TransactionCallbackWithException() { diff --git a/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java b/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java index 5ad9c1c71e50..520690642417 100644 --- a/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java +++ b/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java @@ -2534,7 +2534,6 @@ protected void runInContext() { scanLock.releaseRef(); } } - } @Override @@ -2587,7 +2586,7 @@ public UserVm updateVirtualMachine(UpdateVMCmd cmd) throws ResourceUnavailableEx } if (caller != null && caller.getType() != Account.ACCOUNT_TYPE_ADMIN) { - // Ensure deny listed or read-only detail is not passed by non-root-admin user + // Ensure denied or read-only detail is not passed by non-root-admin user for (final String detailName : details.keySet()) { if (userDenyListedSettings.contains(detailName)) { throw new InvalidParameterValueException("You're not allowed to add or edit the restricted setting: " + detailName); @@ -2596,7 +2595,7 @@ public UserVm updateVirtualMachine(UpdateVMCmd cmd) throws ResourceUnavailableEx throw new InvalidParameterValueException("You're not allowed to add or edit the read-only setting: " + detailName); } } - // Add any hidden/denylisted or read-only detail + // Add any hidden/denied or read-only detail for (final UserVmDetailVO detail : userVmDetailsDao.listDetails(id)) { if (userDenyListedSettings.contains(detail.getName()) || userReadOnlySettings.contains(detail.getName())) { details.put(detail.getName(), detail.getValue()); @@ -5553,7 +5552,7 @@ protected boolean isValidXenOrVmwareConfiguration(String cfg, String[] allowedKe * @param vm */ protected void persistExtraConfigKvm(String decodedUrl, UserVm vm) { - // validate config against denylisted cfg commands + // validate config against denied cfg commands validateKvmExtraConfig(decodedUrl); String[] extraConfigs = decodedUrl.split("\n\n"); for (String cfg : extraConfigs) { diff --git a/ui/src/permission.js b/ui/src/permission.js index 8e975118611e..3e866382c9e0 100644 --- a/ui/src/permission.js +++ b/ui/src/permission.js @@ -30,7 +30,7 @@ import { ACCESS_TOKEN, APIS } from '@/store/mutation-types' NProgress.configure({ showSpinner: false }) // NProgress Configuration -const whiteList = ['login'] // no redirect whitelist +const allowList = ['login'] // no redirect allowlist router.beforeEach((to, from, next) => { // start progress bar @@ -78,7 +78,7 @@ router.beforeEach((to, from, next) => { } } } else { - if (whiteList.includes(to.name)) { + if (allowList.includes(to.name)) { next() } else { next({ path: '/user/login', query: { redirect: to.fullPath } })