From c8b0a9a3be7ca276d91d470a629fdd0209812993 Mon Sep 17 00:00:00 2001
From: Justin Shepherd <jshepher@rackspace.com>
Date: Sun, 26 Feb 2012 22:23:30 -0600
Subject: [PATCH] Ensures that keypair names are only AlphaNumeric.

Throws a 400 error if keypair contains any unsafe characters.

Safe characters are '_-', digits, and ascii_leters.

Added test_keypair_create_with_non_alphanumeric_name.

Fixes bug 937408.

Change-Id: If9b1393ee8f36113d2fa8a3b97ca526cc2e6ccf1
---
 nova/api/openstack/compute/contrib/keypairs.py     | 10 ++++++++++
 .../api/openstack/compute/contrib/test_keypairs.py | 14 ++++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/nova/api/openstack/compute/contrib/keypairs.py b/nova/api/openstack/compute/contrib/keypairs.py
index 0e8a4bb060af..5f6f56e158ac 100644
--- a/nova/api/openstack/compute/contrib/keypairs.py
+++ b/nova/api/openstack/compute/contrib/keypairs.py
@@ -17,6 +17,8 @@
 
 """ Keypair management extension"""
 
+import string
+
 import webob
 import webob.exc
 
@@ -61,6 +63,13 @@ class KeypairController(object):
                 'public_key': public_key,
                 'fingerprint': fingerprint}
 
+    def _validate_keypair_name(self, value):
+        safechars = "_-" + string.digits + string.ascii_letters
+        clean_value = "".join(x for x in value if x in safechars)
+        if clean_value != value:
+            msg = _("Keypair name contains unsafe characters")
+            raise webob.exc.HTTPBadRequest(explanation=msg)
+
     @wsgi.serializers(xml=KeypairTemplate)
     def create(self, req, body):
         """
@@ -80,6 +89,7 @@ class KeypairController(object):
         authorize(context)
         params = body['keypair']
         name = params['name']
+        self._validate_keypair_name(name)
 
         if not 0 < len(name) < 256:
             msg = _('Keypair name must be between 1 and 255 characters long')
diff --git a/nova/tests/api/openstack/compute/contrib/test_keypairs.py b/nova/tests/api/openstack/compute/contrib/test_keypairs.py
index fa04e5efbf1e..7ec5a5d6f73b 100644
--- a/nova/tests/api/openstack/compute/contrib/test_keypairs.py
+++ b/nova/tests/api/openstack/compute/contrib/test_keypairs.py
@@ -107,6 +107,20 @@ class KeypairsTest(test.TestCase):
         res = req.get_response(fakes.wsgi_app())
         self.assertEqual(res.status_int, 400)
 
+    def test_keypair_create_with_non_alphanumeric_name(self):
+        body = {
+            'keypair': {
+                'name': 'test/keypair'
+            }
+        }
+        req = webob.Request.blank('/v2/fake/os-keypairs')
+        req.method = 'POST'
+        req.body = json.dumps(body)
+        req.headers['Content-Type'] = 'application/json'
+        res = req.get_response(fakes.wsgi_app())
+        res_dict = json.loads(res.body)
+        self.assertEqual(res.status_int, 400)
+
     def test_keypair_import(self):
         body = {
             'keypair': {