From 105dccfaa99a1fa58632a8194be513ff6d78bdc2 Mon Sep 17 00:00:00 2001 From: centra Date: Thu, 2 Apr 2026 13:35:08 +0900 Subject: [PATCH] tighten plasmavmc vm and volume id validation --- .../crates/plasmavmc-server/src/vm_service.rs | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/plasmavmc/crates/plasmavmc-server/src/vm_service.rs b/plasmavmc/crates/plasmavmc-server/src/vm_service.rs index 6e55ae7..5daaff1 100644 --- a/plasmavmc/crates/plasmavmc-server/src/vm_service.rs +++ b/plasmavmc/crates/plasmavmc-server/src/vm_service.rs @@ -2473,6 +2473,7 @@ impl VmService for VmServiceImpl { let mut req = request.into_inner(); req.org_id = org_id; req.project_id = project_id; + Self::require_uuid(&req.vm_id, "vm_id")?; tracing::info!( vm_id = %req.vm_id, org_id = %req.org_id, @@ -2595,6 +2596,7 @@ impl VmService for VmServiceImpl { let mut req = request.into_inner(); req.org_id = org_id; req.project_id = project_id; + Self::require_uuid(&req.vm_id, "vm_id")?; tracing::info!( vm_id = %req.vm_id, org_id = %req.org_id, @@ -2619,7 +2621,9 @@ impl VmService for VmServiceImpl { // Update spec if provided if req.spec.is_some() { - vm.spec = Self::proto_spec_to_types(req.spec); + let updated_spec = Self::proto_spec_to_types(req.spec); + Self::validate_vm_disk_references(&updated_spec)?; + vm.spec = updated_spec; tracing::info!( vm_id = %req.vm_id, vcpus = vm.spec.cpu.vcpus, @@ -2672,6 +2676,7 @@ impl VmService for VmServiceImpl { let mut req = request.into_inner(); req.org_id = org_id; req.project_id = project_id; + Self::require_uuid(&req.vm_id, "vm_id")?; tracing::info!( vm_id = %req.vm_id, org_id = %req.org_id, @@ -2779,6 +2784,7 @@ impl VmService for VmServiceImpl { let mut req = request.into_inner(); req.org_id = org_id; req.project_id = project_id; + Self::require_uuid(&req.vm_id, "vm_id")?; tracing::info!( vm_id = %req.vm_id, org_id = %req.org_id, @@ -2878,6 +2884,7 @@ impl VmService for VmServiceImpl { let mut req = request.into_inner(); req.org_id = org_id; req.project_id = project_id; + Self::require_uuid(&req.vm_id, "vm_id")?; tracing::info!( vm_id = %req.vm_id, org_id = %req.org_id, @@ -2968,6 +2975,7 @@ impl VmService for VmServiceImpl { let mut req = request.into_inner(); req.org_id = org_id; req.project_id = project_id; + Self::require_uuid(&req.vm_id, "vm_id")?; tracing::info!( vm_id = %req.vm_id, org_id = %req.org_id, @@ -3049,6 +3057,7 @@ impl VmService for VmServiceImpl { let mut req = request.into_inner(); req.org_id = org_id; req.project_id = project_id; + Self::require_uuid(&req.vm_id, "vm_id")?; tracing::info!( vm_id = %req.vm_id, org_id = %req.org_id, @@ -3132,6 +3141,7 @@ impl VmService for VmServiceImpl { let mut req = request.into_inner(); req.org_id = org_id; req.project_id = project_id; + Self::require_uuid(&req.vm_id, "vm_id")?; tracing::info!( vm_id = %req.vm_id, org_id = %req.org_id, @@ -3478,6 +3488,7 @@ impl VmService for VmServiceImpl { let mut req = request.into_inner(); req.org_id = org_id; req.project_id = project_id; + Self::require_uuid(&req.vm_id, "vm_id")?; tracing::info!( vm_id = %req.vm_id, org_id = %req.org_id, @@ -3675,6 +3686,7 @@ impl VmService for VmServiceImpl { let mut req = request.into_inner(); req.org_id = org_id; req.project_id = project_id; + Self::require_uuid(&req.vm_id, "vm_id")?; tracing::info!( vm_id = %req.vm_id, org_id = %req.org_id, @@ -3765,6 +3777,7 @@ impl VmService for VmServiceImpl { let mut req = request.into_inner(); req.org_id = org_id; req.project_id = project_id; + Self::require_uuid(&req.vm_id, "vm_id")?; tracing::info!( vm_id = %req.vm_id, org_id = %req.org_id, @@ -3843,6 +3856,7 @@ impl VmService for VmServiceImpl { let mut req = request.into_inner(); req.org_id = org_id; req.project_id = project_id; + Self::require_uuid(&req.vm_id, "vm_id")?; tracing::info!( vm_id = %req.vm_id, org_id = %req.org_id, @@ -3907,6 +3921,7 @@ impl VmService for VmServiceImpl { let mut req = request.into_inner(); req.org_id = org_id; req.project_id = project_id; + Self::require_uuid(&req.vm_id, "vm_id")?; tracing::info!( vm_id = %req.vm_id, org_id = %req.org_id,