Fix: KVM Direct Download URL injection (apache#60)

Co-authored-by: nvazquez <nicovazquez90@gmail.com>

Author: 2 people

core/src/main/java/org/apache/cloudstack/direct/download/DirectTemplateDownloaderImpl.java

@@ -21,6 +21,7 @@
 import com.cloud.utils.UriUtils;
 import com.cloud.utils.exception.CloudRuntimeException;
 import org.apache.cloudstack.utils.security.DigestHelper;
+import org.apache.commons.io.FilenameUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.logging.log4j.Logger;
 import org.apache.logging.log4j.LogManager;
@@ -33,6 +34,7 @@
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
+import java.util.UUID;
 
 public abstract class DirectTemplateDownloaderImpl implements DirectTemplateDownloader {
 
@@ -128,15 +130,14 @@ public void setFollowRedirects(boolean followRedirects) {
      */
     protected File createTemporaryDirectoryAndFile(String downloadDir) {
         createFolder(downloadDir);
-        return new File(downloadDir + File.separator + getFileNameFromUrl());
+        return new File(downloadDir + File.separator + getTemporaryFileName());
     }
 
     /**
-     * Return filename from url
+     * Return filename from the temporary download file
      */
-    public String getFileNameFromUrl() {
-        String[] urlParts = url.split("/");
-        return urlParts[urlParts.length - 1];
+    public String getTemporaryFileName() {
+        return String.format("%s.%s", UUID.randomUUID(), FilenameUtils.getExtension(url));
     }
 
     @Override

core/src/main/java/org/apache/cloudstack/direct/download/MetalinkDirectTemplateDownloader.java

@@ -97,7 +97,7 @@ public Pair<Boolean, String> downloadTemplate() {
             DirectTemplateDownloader urlDownloader = createDownloaderForMetalinks(getUrl(), getTemplateId(), getDestPoolPath(),
                     getChecksum(), headers, connectTimeout, soTimeout, null, temporaryDownloadPath);
             try {
-                setDownloadedFilePath(downloadDir + File.separator + getFileNameFromUrl());
+                setDownloadedFilePath(downloadDir + File.separator + getTemporaryFileName());
                 File f = new File(getDownloadedFilePath());
                 if (f.exists()) {
                     f.delete();

core/src/main/java/org/apache/cloudstack/direct/download/NfsDirectTemplateDownloader.java

@@ -69,7 +69,7 @@ public Pair<Boolean, String> downloadTemplate() {
         String mount = String.format(mountCommand, srcHost + ":" + srcPath, "/mnt/" + mountSrcUuid);
         Script.runSimpleBashScript(mount);
         String downloadDir = getDestPoolPath() + File.separator + getDirectDownloadTempPath(getTemplateId());
-        setDownloadedFilePath(downloadDir + File.separator + getFileNameFromUrl());
+        setDownloadedFilePath(downloadDir + File.separator + getTemporaryFileName());
         Script.runSimpleBashScript("cp /mnt/" + mountSrcUuid + srcPath + " " + getDownloadedFilePath());
         Script.runSimpleBashScript("umount /mnt/" + mountSrcUuid);
         return new Pair<>(true, getDownloadedFilePath());