aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRotundo, Al (ar3165) <ar3165@att.com>2019-11-22 15:07:18 +0000
committerRotundo, Al (ar3165) <ar3165@att.com>2019-11-22 15:07:18 +0000
commit6d9e9c449782cbf560a0dd591509c596326b8bf0 (patch)
treede91df55c586e26db0ac16a1acdc995c53629485
parent34f2213be95352e1643bbeaadfe5723fbddf1c35 (diff)
fixing security issues found in onap admportal
changed exec command to spawn command to prevent arbitray code execution Issue-ID: SDNC-978 Signed-off-by: Rotundo, Al (ar3165) <ar3165@att.com> Change-Id: I4487b5c7a14d7a7b1e4985b89e646cf6801845e0 Former-commit-id: 484d74555c481f055a7f33909071962cace85aa0
-rwxr-xr-xadmportal/server/router/routes/admin.js3
-rw-r--r--admportal/server/router/routes/csp.js59
-rw-r--r--admportal/server/router/routes/dbRoutes.js581
-rw-r--r--admportal/server/router/routes/mobility.js21
-rw-r--r--admportal/server/router/routes/sla.js311
-rw-r--r--admportal/views/pages/err.ejs1
6 files changed, 535 insertions, 441 deletions
diff --git a/admportal/server/router/routes/admin.js b/admportal/server/router/routes/admin.js
index 96c7fd85..9a33dc81 100755
--- a/admportal/server/router/routes/admin.js
+++ b/admportal/server/router/routes/admin.js
@@ -19,6 +19,8 @@ router.use(cookieParser());
router.get('/getParameters', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
dbRoutes.getParameters(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
});
+
+/*
router.get('/deleteParameter', csp.checkAuth, dbRoutes.checkDB, csrfProtection, function(req,res) {
var privilegeObj = req.session.loggedInAdmin;
@@ -38,6 +40,7 @@ router.get('/deleteParameter', csp.checkAuth, dbRoutes.checkDB, csrfProtection,
}
});
});
+*/
// POST
diff --git a/admportal/server/router/routes/csp.js b/admportal/server/router/routes/csp.js
index 8828052f..f82edd89 100644
--- a/admportal/server/router/routes/csp.js
+++ b/admportal/server/router/routes/csp.js
@@ -15,50 +15,29 @@ function logout(req,res){
function login (req,res) {
-console.log('login');
-var tkn = req.sanitize(req.body._csrf);
-console.log('login:tkn=' + tkn);
+ var tkn = req.sanitize(req.body._csrf);
var loggedInAdmin={};
var email = req.sanitize(req.body.email);
var pswd = req.sanitize(req.body.password);
- dbRoutes.findAdminUser(email,res,function(adminUser){
- if(adminUser !== null){
-
- // make sure correct password is provided
- if (pswd != adminUser.password) {
- res.render("pages/login",
- {
- result:
- {
- code:'error',
- msg:'Invalid password entered.'
- },
- header:process.env.MAIN_MENU
- });
- return;
- }
-
- var loggedInAdmin = {
+ dbRoutes.findAdminUser(email,res,function(adminUser)
+ {
+ // make sure correct password is provided
+ if (pswd != adminUser.password) {
+ res.render("pages/err", { result: { code:'error', msg:'Invalid password entered.' }, header:process.env.MAIN_MENU });
+ return;
+ }
+ var loggedInAdmin = {
email:adminUser.email,
csrfToken: tkn,
password:adminUser.password,
privilege:adminUser.privilege
- }
- req.session.loggedInAdmin = loggedInAdmin;
- console.log("Login Success"+JSON.stringify(loggedInAdmin));
- res.redirect('sla/listSLA');
- }else{
- res.render("pages/err",
- {
- result:
- {
- code:'error',
- msg:'User ' + attuid + ' is not in the database. Please see an adminstrator to have them added.'
- },
- header:process.env.MAIN_MENU
- });
}
+ req.session.loggedInAdmin = loggedInAdmin;
+
+ console.log("Login Success"+JSON.stringify(loggedInAdmin));
+ res.redirect('sla/listSLA');
+ return;
});
}
@@ -72,17 +51,17 @@ function checkAuth(req,res,next){
var host = req.headers['host'];
console.log('host=' + host);
- console.log("cookie is not null "+JSON.stringify(req.session.loggedInAdmin));
if(req.session == null || req.session == undefined
|| req.session.loggedInAdmin == null || req.session.loggedInAdmin == undefined)
{
- // nothing else to do but log them back in, or they may
- // be coming from the graph tool
console.log("loggedInAdmin not found.session timed out.");
- res.render('pages/login');
- return false;
+ res.redirect('/login');
+ //res.render('pages/login');
+ return;
}
+ console.log("cookie is: " + JSON.stringify(req.session.loggedInAdmin));
next();
+ return;
}
function checkPriv(req,res,next)
diff --git a/admportal/server/router/routes/dbRoutes.js b/admportal/server/router/routes/dbRoutes.js
index c4a09fdc..af3859b5 100644
--- a/admportal/server/router/routes/dbRoutes.js
+++ b/admportal/server/router/routes/dbRoutes.js
@@ -262,48 +262,45 @@ console.log('checkDB');
exports.saveUser = function(req,res){
-console.log('b4 sani');
+ var tkn = req.csrfToken();
var email = req.sanitize(req.body.nf_email);
var pswd = req.sanitize(req.body.nf_password);
-console.log('after sani');
pool.getConnection(function(err,connection)
{
if(err){
console.error( String(err) ); // ALARM
- res.render("pages/signup", {result:{code:'error', msg:"Unable to get database connection. " + String(err)},header:process.env.MAIN_MENU});
+ res.render("pages/signup", {csrfToken:tkn,result:{code:'error', msg:"Unable to get database connection. " + String(err)},header:process.env.MAIN_MENU});
return;
}
- var sql = "SELECT email FROM PORTAL_USERS WHERE email='" + email + "'";
+ var sql = "SELECT email FROM PORTAL_USERS WHERE email=" + connection.escape(email);
connection.query(sql, function(err,result)
{
if(err){
connection.release();
- res.render("pages/signup", {result:{code:'error', msg:"Unable to get database connection. " + String(err)},header:process.env.MAIN_MENU});
+ res.render("pages/signup", {csrfToken:tkn, result:{code:'error', msg:"Unable to get database connection. " + String(err)},header:process.env.MAIN_MENU});
return;
}
if (result.length == 1 || result.length > 1)
{
connection.release();
- res.render("pages/signup", {result:{code:'error', msg:'User Information already exists.'},header:process.env.MAIN_MENU});
+ res.render("pages/signup", {csrfToken:tkn, result:{code:'error', msg:'User Information already exists.'},header:process.env.MAIN_MENU});
return;
}
-
sql = "INSERT INTO PORTAL_USERS (email,password,privilege) VALUES ("
- +"'"+ email + "',"
- + "AES_ENCRYPT('" + pswd + "','" + enckey + "'),"
- +"'A')";
+ + connection.escape(email) + ","
+ + "AES_ENCRYPT(" + connection.escape(pswd) + ",'" + enckey + "'),'A')";
connection.query(sql, function(err,result)
{
connection.release();
if(err){
- res.render("pages/signup", {result:{ code:'error', msg:String(err) },header:process.env.MAIN_MENU});;
+ res.render("pages/signup", {csrfToken:tkn, result:{ code:'error', msg:String(err) },header:process.env.MAIN_MENU});;
return;
}
- res.render('pages/signup', {result:{code:'success', msg:'User created. Please login.'},header:process.env.MAIN_MENU});
+ res.render('pages/signup', {csrfToken:tkn, result:{code:'success', msg:'User created. Please login.'},header:process.env.MAIN_MENU});
return;
});
});
@@ -317,46 +314,48 @@ exports.deleteUser = function(req,res){
var resultObj = { code:'', msg:'' };
var privilegeObj = req.session.loggedInAdmin;
- pool.getConnection(function(err,connection) {
- if(err){
+ pool.getConnection(function(err,connection) {
+
+ if(err){
console.error( String(err) ); // ALARM
- res.render("user/list", {rows: null, result:{code:'error', msg:"Unable to get database connection. Error:" + String(err),
- privilege:privilegeObj },header:process.env.MAIN_MENU});
+ res.render("user/list", {rows: null, result:{code:'error', msg:"Unable to get database connection. Error:" + String(err),
+ privilege:privilegeObj },header:process.env.MAIN_MENU});
return;
- }
-
- var sqlUpdate = "DELETE FROM PORTAL_USERS WHERE email='" + req.query.email + "'";
+ }
+ var sqlUpdate = "DELETE FROM PORTAL_USERS WHERE email=" + connection.escape(req.query.email);
console.log(sqlUpdate);
- connection.query(sqlUpdate,function(err,result){
+ connection.query(sqlUpdate,function(err,result){
- if(err){
- resultObj = {code:'error', msg:'Delete of user failed Error: '+ String(err) };
- }
+ if(err){
+ resultObj = {code:'error', msg:'Delete of user failed Error: '+ String(err) };
+ }
- // Need DB lookup logic here
- connection.query("SELECT email,password,privilege FROM PORTAL_USERS", function(err, rows) {
- connection.release();
- if(!err) {
- if ( rows.length > 0 )
- {
+ // Need DB lookup logic here
+ connection.query("SELECT email,password,privilege FROM PORTAL_USERS", function(err, rows) {
+ connection.release();
+ if(!err)
+ {
+ if ( rows.length > 0 )
+ {
resultObj = {code:'success',msg:'Successfully deleted user.'};
- res.render('user/list', { rows: rows, result:resultObj, privilege:privilegeObj,header:process.env.MAIN_MENU } );
+ res.render('user/list', { rows: rows, result:resultObj, privilege:privilegeObj,header:process.env.MAIN_MENU } );
return;
- }else{
- res.render("user/list", { rows: null, result:{code:'error', msg:'Unexpected no rows returned from database, please try again.',
- privilege:privilegeObj },header:process.env.MAIN_MENU});
+ }else{
+ res.render("user/list", { rows: null, result:{code:'error', msg:'Unexpected no rows returned from database, please try again.',
+ privilege:privilegeObj },header:process.env.MAIN_MENU});
return;
- }
- } else {
- res.render("user/list", { rows: null, result:{code:'error', msg:'Unexpected no rows returned from database. Error: ' + String(err),
- privilege:privilegeObj },header:process.env.MAIN_MENU});
+ }
+ }
+ else {
+ res.render("user/list", { rows: null, result:{code:'error', msg:'Unexpected no rows returned from database. Error: ' + String(err),
+ privilege:privilegeObj },header:process.env.MAIN_MENU});
return;
- }
- }); //end query
- });
- }); // end of getConnection
+ }
+ }); //end query
+ });
+ }); // end of getConnection
}
// add User
@@ -390,9 +389,9 @@ exports.addUser = function(req,res){
//connection.query(sqlRequest, function(err,result)
var sqlUpdate = "INSERT INTO PORTAL_USERS (email, password, privilege) VALUES ("
- +"'"+ email + "',"
- + "AES_ENCRYPT('" + pswd + "','" + enckey + "'),"
- +"'"+ char_priv + "')";
+ + connection.escape(email) + ","
+ + "AES_ENCRYPT(" + connection.escape(pswd) + ",'" + enckey + "'),"
+ + "'" + char_priv + "')";
connection.query(sqlUpdate,function(err,result)
@@ -456,11 +455,12 @@ exports.updateUser= function(req,res){
}
var sqlUpdate = "UPDATE PORTAL_USERS SET "
- + "email = '" + email + "',"
- + "password = " + "AES_ENCRYPT('" + pswd + "','" + enckey + "'), "
- + "privilege = '"+ char_priv + "'"
- + " WHERE email = '" + key_email + "'";
+ + "email = " + connection.escape(email) + ","
+ + "password = " + "AES_ENCRYPT(" + connection.escape(pswd) + ",'" + enckey + "'), "
+ + "privilege = '" + char_priv + "'"
+ + " WHERE email = " + connection.escape(key_email);
+ console.log(sqlUpdate);
connection.query(sqlUpdate,function(err,result)
{
if(err){
@@ -596,57 +596,57 @@ exports.listSLA = function(req,res,resultObj){
exports.executeSQL = function(sql,req,res,callback){
- console.log(sql);
-
- pool.getConnection(function(err,connection) {
-
- if(err){
- console.error( String(err) ); // ALARM
- callback(err, 'Unable to get database connection.' + err);
- return;
- }
+ console.log(sql);
+ pool.getConnection(function(err,connection) {
- connection.query(sql, function(err,result){
- connection.release();
+ if(err){
+ console.error( String(err) ); // ALARM
+ callback(err, 'Unable to get database connection.' + err);
+ return;
+ }
+ connection.query(sql, function(err,result){
+ connection.release();
if (err) {
callback(err,'Database operation failed. ' + err );
+ return;
}
- else
- {
-console.log('affectedRows='+result.affectedRows);
- callback(null, result.affectedRows);
- }
- }); //end query
- }); // end getConnection
+ else
+ {
+ console.log('affectedRows='+result.affectedRows);
+ callback(null, result.affectedRows);
+ return;
+ }
+ }); //end query
+ }); // end getConnection
}
// gamma - deleteParameter
exports.deleteParameter = function(req,res,callback){
- var sql = "DELETE FROM PARAMETERS WHERE name='" + req.query.name + "'";
-
- console.log(sql);
-
- pool.getConnection(function(err,connection) {
+ pool.getConnection(function(err,connection) {
- if(err){
- console.log( String(err) ); // ALARM
- callback(err, 'Unable to get database connection.' + err);
- return;
- }
- connection.query(sql, function(err,result){
- connection.release();
- if(err){
- console.log('Update failed. ' + err );
- callback(err,'Update failed. ' + err );
- }
- else
- {
- callback(null,'');
- }
- }); //end query
- }); // end getConnection
+ if(err){
+ console.log( String(err) ); // ALARM
+ callback(err, 'Unable to get database connection.' + err);
+ return;
+ }
+ var sql = "DELETE FROM PARAMETERS WHERE name=" + connection.escape(req.query.name);
+
+ console.log(sql);
+ connection.query(sql, function(err,result){
+ connection.release();
+ if(err){
+ callback(err,'Update failed. ' + err );
+ return;
+ }
+ else
+ {
+ callback(null,'');
+ return;
+ }
+ }); //end query
+ }); // end getConnection
}
@@ -924,41 +924,41 @@ exports.getVnfData = function(req,res,resultObj,privilegeObj)
exports.findAdminUser = function(email,res,callback) {
-
var adminUser={};
- pool.getConnection(function(err,connection) {
- if(err){
- console.error( String(err) ); // ALARM
- res.render("pages/login", {result:{code:'error', msg:"Unable to get database connection. "+ String(err)},header:process.env.MAIN_MENU});
+ pool.getConnection(function(err,connection)
+ {
+ if(err)
+ {
+ res.render("pages/err", {result:{code:'error', msg:err},header:process.env.MAIN_MENU});
return;
- }
+ }
// Need DB lookup logic here
- connection.query("SELECT email, AES_DECRYPT(password, '" + enckey + "') password, privilege FROM PORTAL_USERS WHERE email='" + email + "'", function(err, rows) {
+ connection.query("SELECT email, AES_DECRYPT(password, '" + enckey + "') password, privilege FROM PORTAL_USERS WHERE email=" + connection.escape(email), function(err, rows) {
connection.release();
- if(!err) {
- if ( rows.length > 0 )
- {
- rows.forEach(function(row){
- adminUser = {
- "email" : row.email,
- "password" : row.password,
- "privilege" : row.privilege };
- });
- callback(adminUser);
- return;
- }else{
- console.log("no rows returned");
- res.render("pages/login", {result:{code:'error', msg:'User is not in database.'},header:process.env.MAIN_MENU});
- return;
- }
- } else {
- res.render("pages/err", {result:{code:'error',msg:'Unexpected no rows returned from database. '+ String(err)},header:process.env.MAIN_MENU});
+ if(err)
+ {
+ res.render("pages/err", {result:{code:'error', msg:err},header:process.env.MAIN_MENU});
+ return;
+ }
+ if ( rows.length > 0 )
+ {
+ rows.forEach(function(row){
+ adminUser = {
+ "email" : row.email,
+ "password" : row.password,
+ "privilege" : row.privilege };
+ });
+ callback(adminUser);
+ return;
+ }
+ else{
+ res.render("pages/err", {result:{code:'error', msg:'User is not in database.'},header:process.env.MAIN_MENU});
return;
}
}); //end query
- }); // end getConnection
+ }); // end getConnection
}
@@ -1029,6 +1029,121 @@ exports.addVnfProfile = function(row,res,callback){
}); // end getConnection
}
+exports.deleteVnfProfile = function(req,res,callback){
+
+ var privilegeObj = req.session.loggedInAdmin;
+ var rows={};
+
+ pool.getConnection(function(err,connection) {
+
+ var sql = 'DELETE FROM VNF_PROFILE WHERE vnf_type = ' + connection.escape(req.sanitize(req.query.vnf_type));
+ console.log(sql);
+ if(err){
+ console.error( String(err) ); // ALARM
+ res.render("pages/err", {result:{code:'error', msg:"Unable to get database connection. "+ String(err)},header:process.env.MAIN_MENU});
+ return;
+ }
+
+ //var vt = req.sanitize(req.query.vnf_type);
+ //var vnf_type = { vnf_type: vt };
+ //var vnf_type = connection.escape(vt);
+ //console.log('type='+vnf_type);
+ //connection.query('DELETE FROM VNF_PROFILE WHERE vnf_type = ?', vnf_type, function(err,result)
+ connection.query(sql, function(err,result)
+ {
+ connection.release();
+ if (err) {
+ callback(err,'Database operation failed. ' + err );
+ return;
+ }
+ else
+ {
+ if (result.affectedRows == 0)
+ {
+ callback('No rows deleted.');
+ return;
+ }
+ console.log('rows deleted: ' + result.affectedRows);
+ callback(null, result.affectedRows);
+ return;
+ }
+ });
+ }); // end of getConnection
+};
+
+exports.deleteVnfData = function(req,res,callback){
+
+ var privilegeObj = req.session.loggedInAdmin;
+ var rows={};
+
+ pool.getConnection(function(err,connection) {
+
+ var sql = 'DELETE FROM PRE_LOAD_VNF_DATA WHERE id =' + connection.escape(req.sanitize(req.query.id));
+ console.log(sql);
+ if(err){
+ console.error( String(err) ); // ALARM
+ res.render("pages/err", {result:{code:'error', msg:"Unable to get database connection. "+ String(err)},header:process.env.MAIN_MENU});
+ return;
+ }
+
+ connection.query(sql, function(err,result)
+ {
+ connection.release();
+ if (err) {
+ callback(err,'Database operation failed. ' + err );
+ return;
+ }
+ else
+ {
+ if (result.affectedRows == 0)
+ {
+ callback('No rows deleted.');
+ return;
+ }
+ console.log('rows deleted: ' + result.affectedRows);
+ callback(null, result.affectedRows);
+ return;
+ }
+ });
+ }); // end of getConnection
+};
+
+exports.deleteVnfNetworkData = function(req,res,callback){
+
+ var privilegeObj = req.session.loggedInAdmin;
+ var rows={};
+
+ pool.getConnection(function(err,connection) {
+
+ var sql = 'DELETE FROM PRE_LOAD_VNF_NETWORK_DATA WHERE id =' + connection.escape(req.sanitize(req.query.id));
+ console.log(sql);
+ if(err){
+ console.error( String(err) ); // ALARM
+ res.render("pages/err", {result:{code:'error', msg:"Unable to get database connection. "+ String(err)},header:process.env.MAIN_MENU});
+ return;
+ }
+
+ connection.query(sql, function(err,result)
+ {
+ connection.release();
+ if (err) {
+ callback(err,'Database operation failed. ' + err );
+ return;
+ }
+ else
+ {
+ if (result.affectedRows == 0)
+ {
+ callback('No rows deleted.');
+ return;
+ }
+ console.log('rows deleted: ' + result.affectedRows);
+ callback(null, result.affectedRows);
+ return;
+ }
+ });
+ }); // end of getConnection
+};
// Add to SVC_LOGIC table
exports.addDG = function(_module, version, rpc, mode, xmlfile, req,res){
@@ -1095,131 +1210,193 @@ exports.addDG = function(_module, version, rpc, mode, xmlfile, req,res){
}); // end of getConnection
};
-exports.activate = function(req,res,_module,rpc,version,mode,callback){
+exports.updatePreloadStatus = function(sql,req,res,_module,rpc,version,mode,callback){
- var sql = "UPDATE SVC_LOGIC SET active=\'Y\' WHERE module=\'"
- + _module + "' AND rpc=\'"
- + rpc + "' AND version=\'"
- + version + "' AND mode=\'"
- + mode + "'";
+ pool.getConnection(function(err,connection) {
+
+ if(err){
+ console.error( String(err) ); // ALARM
+ callback(err, 'Unable to get database connection.' + err);
+ return;
+ }
- console.log('SQL='+sql);
+ var sql = _sql + " WHERE id = " + connection.escape(req.query.id);
- pool.getConnection(function(err,connection) {
+ console.log(sql);
+ connection.query(sql, function(err,result){
+
+ connection.release();
+ if(err){
+ callback(err, 'Unable to get database connection.' + err);
+ return;
+ }
+ else
+ {
+ if (result.affectedRows == 0)
+ {
+ callback('Unable to update preload status.');
+ return;
+ }
+ callback(null, result.affectedRows);
+ return;
+ }
+ }); //end query
+ }); // end getConnection
+}
+
+exports.activate = function(req,res,_module,rpc,version,mode,callback){
+
+ pool.getConnection(function(err,connection) {
- if(err){
+ if(err){
console.error( String(err) ); // ALARM
- callback(err, 'Unable to get database connection.' + err);
+ callback(err, 'Unable to get database connection.' + err);
return;
- }
+ }
- connection.query(sql, function(err,result){
+ var sql = "UPDATE SVC_LOGIC SET active=\'Y\' WHERE "
+ + "module = " + connection.escape(_module) + " AND "
+ + "rpc = " + connection.escape(rpc) + " AND "
+ + "version = " + connection.escape(version) + " AND "
+ + "mode = " + connection.escape(mode);
- connection.release();
+ console.log('SQL='+sql);
+ connection.query(sql, function(err,result){
+
+ connection.release();
if(err){
- callback(err, 'Unable to get database connection.' + err);
- }
- else
- {
- callback(null,'');
- }
- }); //end query
- }); // end getConnection
+ callback(err, 'Unable to get database connection.' + err);
+ return;
+ }
+ else
+ {
+ if (result.affectedRows == 0)
+ {
+ callback('Unable to activate directed graph.');
+ return;
+ }
+ console.log('rows deleted: ' + result.affectedRows);
+ callback(null, result.affectedRows);
+ return;
+ }
+ }); //end query
+ }); // end getConnection
}
exports.deactivate = function(req,res,_module,rpc,version,mode,callback){
- var sql = "UPDATE SVC_LOGIC SET active=\'N\' WHERE module=\'"
- + _module + "' AND rpc=\'"
- + rpc + "' AND version=\'"
- + version + "' AND mode=\'"
- + mode + "'";
-
- console.log('SQL='+sql);
-
- pool.getConnection(function(err,connection) {
+ pool.getConnection(function(err,connection) {
- if(err){
+ if(err){
console.error( String(err) ); // ALARM
- callback(err, 'Unable to get database connection.' + err);
+ callback(err, 'Unable to get database connection.' + err);
return;
- }
+ }
- connection.query(sql, function(err,result){
+ var sql = "UPDATE SVC_LOGIC SET active=\'N\' WHERE "
+ + "module = " + connection.escape(_module) + " AND "
+ + "rpc = " + connection.escape(rpc) + " AND "
+ + "version = " + connection.escape(version) + " AND "
+ + "mode = " + connection.escape(mode);
- connection.release();
- if(err){
- callback(err, 'Unable to get database connection.' + err);
- }
- else
- {
- callback(null,'');
- }
- }); //end query
- }); // end getConnection
+ console.log('SQL='+sql);
+ connection.query(sql, function(err,result){
+
+ connection.release();
+ if(err){
+ callback(err, 'Unable to get database connection.' + err);
+ return;
+ }
+ else
+ {
+ if (result.affectedRows == 0)
+ {
+ callback('Unable to deactivate directed graph.');
+ return;
+ }
+ console.log('rows deleted: ' + result.affectedRows);
+ callback(null, result.affectedRows);
+ return;
+ }
+ }); //end query
+ }); // end getConnection
}
exports.global_deactivate = function(req,res,_module,rpc,mode,callback){
- var sql = "UPDATE SVC_LOGIC SET active=\'N\' WHERE module=\'"
- + _module + "' AND rpc=\'"
- + rpc + "' AND mode=\'"
- + mode + "'";
+ pool.getConnection(function(err,connection) {
+ if(err){
+ callback(err, 'Unable to get database connection.' + err);
+ return;
+ }
- pool.getConnection(function(err,connection) {
+ // deactivate all versions
+ var sql = "UPDATE SVC_LOGIC SET active=\'N\' WHERE "
+ + "module = " + connection.escape(_module) + " AND "
+ + "rpc = " + connection.escape(rpc) + " AND "
+ + "mode = " + connection.escape(mode);
- if(err){
- callback(err, 'Unable to get database connection.' + err);
- return;
- }
-
- connection.query(sql, function(err,result){
+ console.log(sql);
+ connection.query(sql, function(err,result){
- connection.release();
- if(err){
- callback(err, err);
- }
- else
- {
- callback(null,'');
- }
- }); //end query
- }); // end getConnection
+ connection.release();
+ if(err){
+ callback(err, err);
+ return;
+ }
+ else
+ {
+ if (result.affectedRows == 0)
+ {
+ callback('Unable to set all versions to deactivate.');
+ return;
+ }
+ callback(null,result.affectedRows);
+ return;
+ }
+ }); //end query
+ }); // end getConnection
}
exports.deleteDG = function(req,res,_module,rpc,version,mode,callback){
- var sql = "DELETE FROM SVC_LOGIC WHERE module=\'"
- + _module + "' AND rpc=\'"
- + rpc + "' AND version=\'"
- + version + "' AND mode=\'"
- + mode + "'";
-
- console.log('SQL='+sql);
-
- pool.getConnection(function(err,connection) {
+ pool.getConnection(function(err,connection) {
- if(err){
+ if(err){
console.error( String(err) ); // ALARM
- callback(err, 'Unable to get database connection.' + err);
+ callback(err, 'Unable to get database connection.' + err);
return;
- }
+ }
- connection.query(sql, function(err,result){
+ var sql = "DELETE FROM SVC_LOGIC WHERE "
+ + "module = " + connection.escape(_module) + " AND "
+ + "rpc = " + connection.escape(rpc) + " AND "
+ + "version = " + connection.escape(version) + " AND "
+ + "mode = " + connection.escape(mode);
- connection.release();
- if(err){
- callback(err, 'Unable to get database connection.' + err);
- }
- else
- {
- callback(null,'');
- }
- }); //end query
- }); // end getConnection
+ console.log(sql);
+ connection.query(sql, function(err,result){
+
+ connection.release();
+ if(err){
+ callback(err, 'Unable to get database connection.' + err);
+ return;
+ }
+ else
+ {
+ if (result.affectedRows == 0)
+ {
+ callback('No rows deleted.');
+ return;
+ }
+ callback(null,result.affectedRows);
+ return;
+ }
+ }); //end query
+ }); // end getConnection
}
diff --git a/admportal/server/router/routes/mobility.js b/admportal/server/router/routes/mobility.js
index cd798dc8..8b5adabd 100644
--- a/admportal/server/router/routes/mobility.js
+++ b/admportal/server/router/routes/mobility.js
@@ -195,8 +195,7 @@ router.get('/loadVnfNetworkData', csp.checkAuth, csp.checkPriv, function(req,res
// if successful then update the status
tasks.push(function(arg1,callback){
- dbRoutes.executeSQL("UPDATE PRE_LOAD_VNF_NETWORK_DATA SET status='uploaded',svc_request_id='"
- + svc_req_id + "',svc_action='reserve' WHERE id="+req.query.id,req,res,callback);
+ dbRoutes.updatePreloadStatus("UPDATE PRE_LOAD_VNF_NETWORK_DATA SET status='uploaded',svc_request_id='" + svc_req_id + "',svc_action='reserve'",req,res,callback);
});
// use the waterfall method of making calls
@@ -220,7 +219,7 @@ router.get('/loadVnfNetworkData', csp.checkAuth, csp.checkPriv, function(req,res
router.get('/loadVnfData', csp.checkAuth, csp.checkPriv, function(req,res)
{
var privilegeObj = req.session.loggedInAdmin;
- var full_path_file_name = process.cwd() + "/uploads/" + req.query.filename
+ var full_path_file_name = process.cwd() + "/uploads/" + req.sanitize(req.query.filename)
var msgArray = new Array();
if ( req.query.status != 'pending' )
@@ -234,7 +233,7 @@ router.get('/loadVnfData', csp.checkAuth, csp.checkPriv, function(req,res)
var now = new Date();
var df = dateFormat(now,"isoDateTime");
const rnum = crypto.randomBytes(4);
- var svc_req_id = req.query.id + "-" + df + "-" + rnum.toString('hex');
+ var svc_req_id = req.sanitize(req.query.id) + "-" + df + "-" + rnum.toString('hex');
var tasks = [];
// first get the contents of the file from the db
@@ -272,8 +271,7 @@ router.get('/loadVnfData', csp.checkAuth, csp.checkPriv, function(req,res)
// if successful then update the status
tasks.push(function(arg1,callback){
- dbRoutes.executeSQL("UPDATE PRE_LOAD_VNF_DATA SET status='uploaded',svc_request_id='"
- + svc_req_id + "',svc_action='reserve' WHERE id="+req.query.id,req,res,callback);
+ dbRoutes.executeSQL("UPDATE PRE_LOAD_VNF_DATA SET status='uploaded',svc_request_id='" + svc_req_id + "',svc_action='reserve'",req,res,callback);
});
// use the waterfall method of making calls
@@ -298,13 +296,12 @@ router.get('/deleteVnfNetworkData', csp.checkAuth, csp.checkPriv, csrfProtection
var privilegeObj = req.session.loggedInAdmin;
var tasks = [];
- var sql = 'DELETE FROM PRE_LOAD_VNF_NETWORK_DATA WHERE id=' + req.query.id;
// if status is pending, then we do not have to call
// ODL, just remove from db
if (req.query.status == 'pending'){
tasks.push(function(callback) {
- dbRoutes.executeSQL(sql,req,res,callback);
+ dbRoutes.deleteVnfNetworkData(req,res,callback);
});
} else {
// format the request to ODL
@@ -349,17 +346,14 @@ router.get('/deleteVnfNetworkData', csp.checkAuth, csp.checkPriv, csrfProtection
router.get('/deleteVnfData', csp.checkAuth, csp.checkPriv, csrfProtection, function(req,res) {
-console.log('deleteVnfData');
-
var privilegeObj = req.session.loggedInAdmin;
var tasks = [];
- var sql = 'DELETE FROM PRE_LOAD_VNF_DATA WHERE id=' + req.query.id;
// if status is pending, then we do not have to call
// ODL, just remove from db
if (req.query.status == 'pending'){
tasks.push(function(callback) {
- dbRoutes.executeSQL(sql,req,res,callback);
+ dbRoutes.deleteVnfData(req,res,callback);
});
} else {
var inputString = '{"input":{"vnf-topology-information":{"vnf-topology-identifier":{"service-type":"SDN-MOBILITY","vnf-name": "';
@@ -448,10 +442,9 @@ router.get('/deleteVnfProfile', csp.checkAuth, csp.checkPriv, csrfProtection, fu
var tasks = [];
var sql = '';
- sql = "DELETE FROM VNF_PROFILE WHERE vnf_type='" + req.query.vnf_type + "'";
tasks.push(function(callback) {
- dbRoutes.executeSQL(sql,req,res,callback);
+ dbRoutes.deleteVnfProfile(req,res,callback);
});
async.series(tasks, function(err,result)
{
diff --git a/admportal/server/router/routes/sla.js b/admportal/server/router/routes/sla.js
index 098cd66b..beba7add 100644
--- a/admportal/server/router/routes/sla.js
+++ b/admportal/server/router/routes/sla.js
@@ -1,6 +1,8 @@
var express = require('express');
var router = express.Router();
-var exec = require('child_process').exec;
+
+var spawn = require('child_process').spawn;
+
//var util = require('util');
var fs = require('fs');
var dbRoutes = require('./dbRoutes');
@@ -64,141 +66,77 @@ router.get('/listSLA', csp.checkAuth, csrfProtection, function(req,res) {
router.get('/activate', csp.checkAuth, csrfProtection, function(req,res){
- var _module = req.query.module;
- var rpc = req.query.rpc;
- var version = req.query.version;
- var mode = req.query.mode;
+ var _module = req.sanitize(req.query.module);
+ var rpc = req.sanitize(req.query.rpc);
+ var version = req.sanitize(req.query.version);
+ var mode = req.sanitize(req.query.mode);
var tasks = [];
- tasks.push( function(callback) { dbRoutes.global_deactivate(req,res,_module,rpc,mode,callback); } );
- tasks.push( function(callback) { dbRoutes.activate(req,res,_module,rpc,version,mode,callback); } );
+ tasks.push( function(callback) { dbRoutes.global_deactivate(req,res,_module,rpc,mode,callback); } );
+ tasks.push( function(callback) { dbRoutes.activate(req,res,_module,rpc,version,mode,callback); } );
async.series(tasks, function(err,result){
- if ( err ) {
- dbRoutes.listSLA(req,res,{code:'failure', msg:'Failed to activate, '+ String(err) });
- }
- else {
- dbRoutes.listSLA(req,res,{ code:'success', msg:'Successfully activated directed graph.'});
- }
+ if ( err ) {
+ dbRoutes.listSLA(req,res,{code:'failure', msg:err });
+ }
+ else {
+ dbRoutes.listSLA(req,res,{ code:'success', msg:'Successfully activated directed graph.'});
+ }
});
});
router.get('/deactivate', csp.checkAuth, csrfProtection, function(req,res){
- var _module = req.query.module;
- var rpc = req.query.rpc;
- var version = req.query.version;
- var mode = req.query.mode;
+ var _module = req.sanitize(req.query.module);
+ var rpc = req.sanitize(req.query.rpc);
+ var version = req.sanitize(req.query.version);
+ var mode = req.sanitize(req.query.mode);
var tasks = [];
- tasks.push( function(callback) { dbRoutes.deactivate(req,res,_module,rpc,version,mode,callback); } );
- async.series(tasks, function(err,result){
-
- if ( err ) {
- dbRoutes.listSLA(req,res,{code:'failure', msg:'There was an error uploading the file. '+ err });
- }
- else {
- dbRoutes.listSLA(req,res,{ code:'success', msg:'Successfully deactivated directed graph.'});
- }
- });
+ tasks.push( function(callback) { dbRoutes.deactivate(req,res,_module,rpc,version,mode,callback); } );
+ async.series(tasks, function(err,result){
+
+ if ( err ) {
+ dbRoutes.listSLA(req,res,{code:'failure', msg:err });
+ }
+ else {
+ dbRoutes.listSLA(req,res,{code:'success', msg:'Successfully deactivated directed graph.'});
+ }
+ });
});
router.get('/deleteDG', csp.checkAuth, csrfProtection, function(req,res){
- var _module = req.query.module;
- var rpc = req.query.rpc;
- var version = req.query.version;
- var mode = req.query.mode;
+ var _module = req.sanitize(req.query.module);
+ var rpc = req.sanitize(req.query.rpc);
+ var version = req.sanitize(req.query.version);
+ var mode = req.sanitize(req.query.mode);
var tasks = [];
- tasks.push( function(callback) { dbRoutes.deleteDG(req,res,_module,rpc,version,mode,callback); } );
- async.series(tasks, function(err,result){
-
- if ( err ) {
- dbRoutes.listSLA(req,res,{ code:'failure', msg:'There was an error uploading the file. '+ err });
- }
- else {
- dbRoutes.listSLA(req,res,{ code:'success', msg:'Successfully deleted directed graph.'});
- }
- });
-});
+ tasks.push( function(callback) { dbRoutes.deleteDG(req,res,_module,rpc,version,mode,callback); } );
+ async.series(tasks, function(err,result){
-router.post('/dgUpload', upload.single('filename'), csrfProtection, function(req, res, next){
-
- if(req.file.originalname){
- if (req.file.originalname == 0) {
-
- dbRoutes.listSLA(req,res,{ code:'danger', msg:'There was an error uploading the file, please try again.'});
- }
- fs.exists(req.file.path, function(exists) {
- if(exists) {
-
- // parse xml
- try {
- //dbRoutes.checkSvcLogic(req,res);
-
- var file_buf = fs.readFileSync(req.file.path, "utf8");
-
- // call Dan's svclogic shell script from here
- var currentDB = dbRoutes.getCurrentDB();
- var commandToExec = process.cwd()
- + "/shell/svclogic.sh load "
- + req.file.path + " "
- + process.env.SDNC_CONFIG_DIR + "/svclogic.properties." + currentDB;
-
- console.log("commandToExec:" + commandToExec);
- child = exec(commandToExec ,function (error,stdout,stderr){
- if(error){
- console.error("error:" + error);
- //res.type('text/html').status(400).send( error);
- //return;
- }
- if(stderr){
- res.status(400).send(stderr);
- return;
- }
- if(stdout){
- res.status(200).send( new Buffer('Success'));
- return;
- }
-
- // remove the grave accents, the sax parser does not like them
- //parser.write(file_buf.replace(/\`/g,'').toString('utf8')).close();
- //dbRoutes.addDG(_module,version,rpc,mode,file_buf,req,res);
- //dbRoutes.listSLA(req,res, resultObj);
- });
- } catch(ex) {
- // keep 'em silent
- console.error('sax error:'+ex);
- res.status(400).send(ex);
- return;
- }
-
- } else {
- res.status(400).send(new Buffer('Cannot find file.'));
- return;
-
- }
- });
- }
- else {
- res.status(400).send(new Buffer('file does not exist\n'));
- }
- return;
+ if ( err ) {
+ dbRoutes.listSLA(req,res,{code:'failure', msg:'There was an deleting the directed graph. '+ err });
+ }
+ else {
+ dbRoutes.listSLA(req,res,{code:'success', msg:'Successfully deleted directed graph.'});
+ }
+ });
});
-
// POST
router.post('/upload', csp.checkAuth, upload.single('filename'), csrfProtection, function(req, res, next){
-console.log('file:'+ JSON.stringify(req.file));
+ var _lstdout = "";
+ var _lstderr = "";
+ console.log('file:'+ JSON.stringify(req.file));
if(req.file.originalname)
{
if (req.file.originalname.size == 0)
{
- dbRoutes.listSLA(req,res,
- { code:'danger', msg:'There was an error uploading the file, please try again.'});
+ dbRoutes.listSLA(req,res, {code:'danger', msg:'There was an error uploading the file, please try again.'});
}
fs.exists(req.file.path, function(exists)
{
@@ -207,68 +145,67 @@ console.log('file:'+ JSON.stringify(req.file));
// parse xml
try
{
- //dbRoutes.checkSvcLogic(req,res);
-
var currentDB = dbRoutes.getCurrentDB();
var file_buf = fs.readFileSync(req.file.path, "utf8");
// call svclogic shell script from here
- var commandToExec = process.cwd() + "/shell/svclogic.sh load "
- + req.file.path + " "
- + process.env.SDNC_CONFIG_DIR + "/svclogic.properties." + currentDB;
+ var commandToExec = process.cwd() + "/shell/svclogic.sh";
+ console.log('filepath: ' + req.file.path);
+ console.log('prop: ' + process.env.SDNC_CONFIG_DIR + "/svclogic.properties." + currentDB);
console.log("commandToExec:" + commandToExec);
- child = exec(commandToExec ,function (error,stdout,stderr)
- {
- if(error)
+
+ child = spawn(commandToExec, ['load', req.file.path, process.env.SDNC_CONFIG_DIR + "/svclogic.properties." + currentDB]);
+ child.on('error', function(error){
+ console.log('error: '+error);
+ dbRoutes.listSLA(req,res,{code:'failure', msg:error});
+ return;
+ });
+ child.stdout.on('data', function(data) {
+ console.log('stdout: ' + data);
+ _lstdout = _lstdout.concat(data);
+ });
+ child.stderr.on('data', function(data) {
+ console.log("stderr:" + data);
+ _lstderr = _lstderr.concat(data);
+ });
+ child.on('exit', function(code,signal){
+ console.log('code: ' + code);
+ console.log('stdout: [[' + _lstdout + ']]');
+ console.log('stderr: [[' + _lstderr + ']]');
+ if ( _lstderr.indexOf("Saving") > -1 )
{
- console.error("error:" + error);
- dbRoutes.listSLA(req,res,{code:'failure',msg:error} );
- return;
- }
- if(stderr){
- console.error("stderr:" + JSON.stringify(stderr,null,2));
- var s_stderr = JSON.stringify(stderr);
- if ( s_stderr.indexOf("Saving") > -1 )
- {
- dbRoutes.listSLA(req,res,{code:'success', msg:'File sucessfully uploaded.'});
- }else {
- dbRoutes.listSLA(req,res,{code:'failure', msg:stderr});
- }
- return;
- }
- if(stdout){
- console.log("stderr:" + stdout);
dbRoutes.listSLA(req,res,{code:'success', msg:'File sucessfully uploaded.'});
- return;
}
-
- // remove the grave accents, the sax parser does not like them
- //parser.write(file_buf.replace(/\`/g,'').toString('utf8')).close();
- //dbRoutes.addDG(_module,version,rpc,mode,file_buf,req,res);
- //dbRoutes.listSLA(req,res, resultObj);
- });
- } catch(ex) {
- // keep 'em silent
- console.error("error:" + ex);
- dbRoutes.listSLA(req,res,{code:'failure',msg:ex} );
+ else
+ {
+ dbRoutes.listSLA(req,res,{code:'failure', msg:_lstderr} );
+ }
+ return;
+ });
+ } catch(ex) {
+ console.log("error: " + ex);
+ dbRoutes.listSLA(req,res,{code:'failure',msg:ex} );
+ return;
+ }
+ }
+ else {
+ dbRoutes.listSLA(req,res,{code:'danger', msg:'There was an error uploading the file, please try again.'});
+ return;
}
- }
- else {
- dbRoutes.listSLA(req,res,{ code:'danger', msg:'There was an error uploading the file, please try again.'});
- }
});
}
else {
- dbRoutes.listSLA(req,res,{ code:'danger', msg:'There was an error uploading the file, please try again.'});
+ dbRoutes.listSLA(req,res,{code:'danger', msg:'There was an error uploading the file, please try again.'});
+ return;
}
});
router.get('/printAsXml', csp.checkAuth, csrfProtection, function(req,res){
try {
- //dbRoutes.checkSvcLogic(req,res);
-
+ var _lstdout = "";
+ var _lstderr = "";
var _module = req.query.module;
var rpc = req.query.rpc;
var version = req.query.version;
@@ -276,44 +213,50 @@ router.get('/printAsXml', csp.checkAuth, csrfProtection, function(req,res){
var currentDB = dbRoutes.getCurrentDB();
// call Dan's svclogic shell script from here
- var commandToExec = process.cwd()
- + "/shell/svclogic.sh get-source "
- + _module + " "
- + rpc + " "
- + mode + " "
- + version + " "
- + process.env.SDNC_CONFIG_DIR + "/svclogic.properties." + currentDB;
-
+ var commandToExec = process.cwd() + "/shell/svclogic.sh";
console.log("commandToExec:" + commandToExec);
+ console.log("_mode: " + _module);
+ console.log("rpc: " + rpc);
+ console.log("version: " + version);
+ console.log("currentDB: " + process.env.SDNC_CONFIG_DIR + "/svclogic.properties." + currentDB);
+
+ child = spawn(commandToExec, ['get-source', _module, rpc, mode, version, process.env.SDNC_CONFIG_DIR + "/svclogic.properties." + currentDB], {maxBuffer: 1024*5000});
+ child.on('error', function(error){
+ console.log("error: " + error);
+ dbRoutes.listSLA(req,res,{code:'failure',msg:error} );
+ return;
+ });
+ child.stderr.on('data', function(data){
+ console.log('stderr: ' + data);
+ _lstderr = _lstderr.concat(data);
+ });
+ child.stdout.on('data', function(data){
+ console.log("OUTPUT:" + data);
+ _lstdout = _lstdout.concat(data);
+ });
+ child.on('exit', function(code,signal){
- child = exec(commandToExec , {maxBuffer: 1024*5000}, function (error,stdout,stderr){
- if(error){
- console.error("error:" + error);
- dbRoutes.listSLA(req,res,{code:'failure',msg:error} );
- return;
- }
- //if(stderr){
- //logger.info("stderr:" + stderr);
- //}
- if(stdout){
- console.log("OUTPUT:" + stdout);
- res.render('sla/printasxml', {result:{code:'success',
- msg:'Module : ' + _module + '\n' +
- 'RPC : ' + rpc + '\n' +
- 'Mode : ' + mode + '\n' +
- 'Version: ' + version + '\n\n' + stdout}, header:process.env.MAIN_MENU});
- }
-
- // remove the grave accents, the sax parser does not like them
- //parser.write(file_buf.replace(/\`/g,'').toString('utf8')).close();
- //dbRoutes.addDG(_module,version,rpc,mode,file_buf,req,res);
- //dbRoutes.listSLA(req,res, resultObj);
- });
- } catch(ex) {
+ console.log('code: ' + code);
+ console.log('close:stdout: ' + _lstdout);
+ console.log('close:stderr: ' + _lstderr);
+
+ if ( code != 0 ){
+ dbRoutes.listSLA(req,res,{code:'failure',msg:_lstderr} );
+ }
+ else {
+ res.render('sla/printasxml', {result:{code:'success',
+ msg:'Module : ' + _module + '\n' +
+ 'RPC : ' + rpc + '\n' +
+ 'Mode : ' + mode + '\n' +
+ 'Version: ' + version + '\n\n' + _lstdout}, header:process.env.MAIN_MENU});
+ }
+ return;
+ });
+ } catch(ex) {
console.error("error:" + ex);
dbRoutes.listSLA(req,res,{code:'failure',msg:ex} );
+ return;
}
});
-
module.exports = router;
diff --git a/admportal/views/pages/err.ejs b/admportal/views/pages/err.ejs
index 8ed51c6c..cf5c3004 100644
--- a/admportal/views/pages/err.ejs
+++ b/admportal/views/pages/err.ejs
@@ -5,7 +5,6 @@
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<% include ../partials/head %>
- <% include ../partials/header %>
</head>
<body class="container">