Change in ovirt-engine[ovirt-engine-4.0]: image upload: don't expose resource ID to entity updates.

3 Nov 2016

      ...
From Tal Nisan <tnisan@redhat.com>:
Tal Nisan has submitted this change and it was merged.

Change subject: image upload: don't expose resource ID to entity updates.
......................................................................

image upload: don't expose resource ID to entity updates.

Resource ID is used for identifying the upload tickets. once the
ability of clearing it is exposed for the frontend/REST, it can
potentially cause loss of a transfer session, opening up security risks.

Remove this member from the image transfer updates entity, and set it as
a parameter for the backend ImageTransferUpdater class.

Change-Id: Iee39b43faea82a4737919de0c39acba4b2b60b26
Signed-off-by: Amit Aviram <aaviram@redhat.com>
---
M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/storage/disk/image/ImageTransferUpdater.java
M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/storage/disk/image/UploadImageCommand.java
M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/storage/disk/image/UploadImageStatusCommand.java
M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/UploadImageStatusParameters.java
D backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/storage/ImageTransferUpdates.java
M frontend/webadmin/modules/gwt-common/src/main/resources/org/ovirt/engine/core/Common.gwt.xml
M frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/storage/UploadImageModel.java
7 files changed, 24 insertions(+), 79 deletions(-)

Approvals:
  Jenkins CI: Passed CI tests
  Allon Mureinik: Looks good to me, approved
  Amit Aviram: Verified

-- 
To view, visit https://gerrit.ovirt.org/65958
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Iee39b43faea82a4737919de0c39acba4b2b60b26
Gerrit-PatchSet: 3
Gerrit-Project: ovirt-engine
Gerrit-Branch: ovirt-engine-4.0
Gerrit-Owner: Amit Aviram <aaviram@redhat.com>
Gerrit-Reviewer: Allon Mureinik <amureini@redhat.com>
Gerrit-Reviewer: Amit Aviram <aaviram@redhat.com>
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Tal Nisan <tnisan@redhat.com>
Gerrit-Reviewer: gerrit-hooks <automation@ovirt.org>

Code Review

tags

participants (1)