action name check

Signed-off-by: Abhishek Kumar <[email protected]>

Author: shwstppr

framework/extensions/src/main/java/org/apache/cloudstack/framework/extensions/manager/ExtensionsManagerImpl.java

@@ -404,6 +404,7 @@ protected Map<String, String> getFilteredExternalDetails(Map<String, String> det
                         Map.Entry::getValue
                 ));
     }
+
     protected void sendExtensionEntryPointOutOfSyncAlert(Extension extension) {
         String msg = String.format("Entry-point for %s are out of sync across management servers",
                 extension);
@@ -927,6 +928,10 @@ public ExtensionCustomAction addCustomAction(AddCustomActionCmd cmd) {
         final String successMessage = cmd.getSuccessMessage();
         final String errorMessage = cmd.getErrorMessage();
         Map<String, String> details = cmd.getDetails();
+        if (name == null || !name.matches("^[a-zA-Z0-9 _-]+$")) {
+            throw new InvalidParameterValueException(String.format("Invalid action name: %s. It can contain " +
+                    "only alphabets, numbers, hyphen, underscore and space", name));
+        }
         ExtensionCustomActionVO existingCustomAction = extensionCustomActionDao.findByNameAndExtensionId(extensionId, name);
         if (existingCustomAction != null) {
             throw new CloudRuntimeException("Action by name already exists");

framework/extensions/src/test/java/org/apache/cloudstack/framework/extensions/manager/ExtensionsManagerImplTest.java

@@ -1211,6 +1211,13 @@ public void testAddCustomAction_InvalidResourceType() {
         extensionsManager.addCustomAction(cmd);
     }
 
+    @Test(expected = InvalidParameterValueException.class)
+    public void testAddCustomAction_InvalidName() {
+        AddCustomActionCmd cmd = mock(AddCustomActionCmd.class);
+        when(cmd.getName()).thenReturn("action;1");
+        extensionsManager.addCustomAction(cmd);
+    }
+
     @Test
     public void deleteCustomAction_RemovesActionAndDetails_ReturnsTrue() {
         long actionId = 10L;