Skip to content

Improve network name validation #16068

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
tomponline merged 4 commits into from
Aug 4, 2025
Merged

Improve network name validation #16068

tomponline merged 4 commits into from
Aug 4, 2025

Conversation

@simondeziel
Copy link
Member

@simondeziel simondeziel commented Jul 21, 2025

No description provided.

@simondeziel simondeziel requested a review from Copilot July 21, 2025 16:06

This comment was marked as outdated.

Sign in to view

@simondeziel simondeziel requested a review from Copilot July 21, 2025 16:09
Copilot AI reviewed Jul 21, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR improves network name validation by centralizing validation logic and adding path traversal protection. The changes strengthen security by preventing directory traversal attacks through malicious network names.

  • Adds centralized validation using shared.IsFileName() to prevent path traversal attacks
  • Replaces inline string checks with calls to the centralized ValidateName() method
  • Refactors path handling to use variables for better readability and maintainability

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
lxd/network/driver_common.go Adds path traversal protection to ValidateName() and improves path handling in rename()
lxd/network/driver_bridge.go Replaces inline validation with centralized ValidateName() calls and fixes variable reuse

github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 21, 2025
View reviewed changes
lxd/network/driver_common.go
if shared.PathExists(shared.VarPath("networks", n.name)) {
err := os.Rename(shared.VarPath("networks", n.name), shared.VarPath("networks", newName))
if shared.PathExists(oldNamePath) {
err := os.Rename(oldNamePath, newNamePath)

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.
lxd/network/driver_common.go
if shared.PathExists(shared.VarPath("networks", n.name)) {
err := os.Rename(shared.VarPath("networks", n.name), shared.VarPath("networks", newName))
if shared.PathExists(oldNamePath) {
err := os.Rename(oldNamePath, newNamePath)

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.
@simondeziel simondeziel force-pushed the network-name-validation branch from deae3e5 to ef6ce13 Compare July 21, 2025 16:54
@simondeziel simondeziel marked this pull request as ready for review July 21, 2025 19:01
@simondeziel simondeziel requested a review from tomponline July 21, 2025 19:02
@tomponline tomponline merged commit 8383902 into canonical:main Aug 4, 2025
30 of 31 checks passed
@simondeziel simondeziel deleted the network-name-validation branch August 4, 2025 14:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@tomponline tomponline tomponline approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@simondeziel @tomponline