coverity 1116612: update network cidrs firewall rules and acls Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/49cb56bb Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/49cb56bb Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/49cb56bb
Branch: refs/heads/master Commit: 49cb56bbca4ea40b5da0225bc10adff3499f0024 Parents: 0290f3e Author: Daan Hoogland <daan.hoogl...@gmail.com> Authored: Tue Jul 28 17:12:28 2015 +0200 Committer: Daan Hoogland <daan.hoogl...@gmail.com> Committed: Tue Jul 28 17:12:28 2015 +0200 ---------------------------------------------------------------------- .../com/cloud/upgrade/dao/Upgrade410to420.java | 243 +++++++++---------- 1 file changed, 114 insertions(+), 129 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/49cb56bb/engine/schema/src/com/cloud/upgrade/dao/Upgrade410to420.java ---------------------------------------------------------------------- diff --git a/engine/schema/src/com/cloud/upgrade/dao/Upgrade410to420.java b/engine/schema/src/com/cloud/upgrade/dao/Upgrade410to420.java index 2e1c25f..3993ca8 100644 --- a/engine/schema/src/com/cloud/upgrade/dao/Upgrade410to420.java +++ b/engine/schema/src/com/cloud/upgrade/dao/Upgrade410to420.java @@ -1040,129 +1040,131 @@ public class Upgrade410to420 implements DbUpgrade { s_logger.debug("Updating network ACLs"); - PreparedStatement pstmt = null; - PreparedStatement pstmtDelete = null; - ResultSet rs = null; - ResultSet rsAcls = null; - ResultSet rsCidr = null; - //1,2 are default acl Ids, start acl Ids from 3 long nextAclId = 3; + String sqlSelectNetworkIds = "SELECT id, vpc_id, uuid FROM `cloud`.`networks` where vpc_id is not null and removed is null"; + String sqlSelectFirewallRules = "SELECT id, uuid, start_port, end_port, state, protocol, icmp_code, icmp_type, created, traffic_type FROM `cloud`.`firewall_rules` where network_id = ? and purpose = 'NetworkACL'"; + String sqlInsertNetworkAcl = "INSERT INTO `cloud`.`network_acl` (id, uuid, vpc_id, description, name) values (?, UUID(), ? , ?, ?)"; + String sqlSelectFirewallCidrs = "SELECT id, source_cidr FROM `cloud`.`firewall_rules_cidrs` where firewall_rule_id = ?"; + String sqlDeleteFirewallCidr = "DELETE FROM `cloud`.`firewall_rules_cidrs` where id = ?"; + String sqlInsertNetworkAclItem = "INSERT INTO `cloud`.`network_acl_item` (uuid, acl_id, start_port, end_port, state, protocol, icmp_code, icmp_type, created, traffic_type, cidr, number, action) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? )"; + String sqlDeleteFirewallRules = "DELETE FROM `cloud`.`firewall_rules` where id = ?"; + String sqlUpdateNetworks = "UPDATE `cloud`.`networks` set network_acl_id=? where id=?"; - try { + try ( + PreparedStatement pstmtSelectNetworkIds = conn.prepareStatement(sqlSelectNetworkIds); + PreparedStatement pstmtUpdate = conn.prepareStatement(sqlUpdateNetworks); + PreparedStatement pstmtInsertNetworkAclItem = conn.prepareStatement(sqlInsertNetworkAclItem); + PreparedStatement pstmtSelectFirewallRules = conn.prepareStatement(sqlSelectFirewallRules); + PreparedStatement pstmtInsertNetworkAcl = conn.prepareStatement(sqlInsertNetworkAcl); + PreparedStatement pstmtSelectFirewallCidrs = conn.prepareStatement(sqlSelectFirewallCidrs); + PreparedStatement pstmtDeleteFirewallCidr = conn.prepareStatement(sqlDeleteFirewallCidr); + PreparedStatement pstmtDeleteFirewallRules = conn.prepareStatement(sqlDeleteFirewallRules); + ResultSet rsNetworkIds = pstmtSelectNetworkIds.executeQuery();) { //Get all VPC tiers - pstmt = conn.prepareStatement("SELECT id, vpc_id, uuid FROM `cloud`.`networks` where vpc_id is not null and removed is null"); - rs = pstmt.executeQuery(); - while (rs.next()) { - Long networkId = rs.getLong(1); + while (rsNetworkIds.next()) { + Long networkId = rsNetworkIds.getLong(1); s_logger.debug("Updating network ACLs for network: " + networkId); - Long vpcId = rs.getLong(2); - String tierUuid = rs.getString(3); - pstmt = - conn.prepareStatement("SELECT id, uuid, start_port, end_port, state, protocol, icmp_code, icmp_type, created, traffic_type FROM `cloud`.`firewall_rules` where network_id = ? and purpose = 'NetworkACL'"); - pstmt.setLong(1, networkId); - rsAcls = pstmt.executeQuery(); + Long vpcId = rsNetworkIds.getLong(2); + String tierUuid = rsNetworkIds.getString(3); + pstmtSelectFirewallRules.setLong(1, networkId); boolean hasAcls = false; Long aclId = null; int number = 1; - while (rsAcls.next()) { - if (!hasAcls) { - hasAcls = true; - aclId = nextAclId++; - //create ACL for the tier - s_logger.debug("Creating network ACL for tier: " + tierUuid); - pstmt = conn.prepareStatement("INSERT INTO `cloud`.`network_acl` (id, uuid, vpc_id, description, name) values (?, UUID(), ? , ?, ?)"); - pstmt.setLong(1, aclId); - pstmt.setLong(2, vpcId); - pstmt.setString(3, "ACL for tier " + tierUuid); - pstmt.setString(4, "tier_" + tierUuid); - pstmt.executeUpdate(); - } + try (ResultSet rsAcls = pstmtSelectFirewallRules.executeQuery();) { + while (rsAcls.next()) { + if (!hasAcls) { + hasAcls = true; + aclId = nextAclId++; + //create ACL for the tier + s_logger.debug("Creating network ACL for tier: " + tierUuid); + pstmtInsertNetworkAcl.setLong(1, aclId); + pstmtInsertNetworkAcl.setLong(2, vpcId); + pstmtInsertNetworkAcl.setString(3, "ACL for tier " + tierUuid); + pstmtInsertNetworkAcl.setString(4, "tier_" + tierUuid); + pstmtInsertNetworkAcl.executeUpdate(); + } - Long fwRuleId = rsAcls.getLong(1); - String cidr = null; - //get cidr from firewall_rules_cidrs - pstmt = conn.prepareStatement("SELECT id, source_cidr FROM `cloud`.`firewall_rules_cidrs` where firewall_rule_id = ?"); - pstmt.setLong(1, fwRuleId); - rsCidr = pstmt.executeQuery(); - while (rsCidr.next()) { - Long cidrId = rsCidr.getLong(1); - String sourceCidr = rsCidr.getString(2); - if (cidr == null) { - cidr = sourceCidr; + Long fwRuleId = rsAcls.getLong(1); + String cidr = null; + //get cidr from firewall_rules_cidrs + pstmtSelectFirewallCidrs.setLong(1, fwRuleId); + try (ResultSet rsCidr = pstmtSelectFirewallCidrs.executeQuery();) { + while (rsCidr.next()) { + Long cidrId = rsCidr.getLong(1); + String sourceCidr = rsCidr.getString(2); + if (cidr == null) { + cidr = sourceCidr; + } else { + cidr += "," + sourceCidr; + } + //Delete cidr entry + pstmtDeleteFirewallCidr.setLong(1, cidrId); + pstmtDeleteFirewallCidr.executeUpdate(); + } + } + String aclItemUuid = rsAcls.getString(2); + //Move acl to network_acl_item table + s_logger.debug("Moving firewall rule: " + aclItemUuid); + //uuid + pstmtInsertNetworkAclItem.setString(1, aclItemUuid); + //aclId + pstmtInsertNetworkAclItem.setLong(2, aclId); + //Start port + Integer startPort = rsAcls.getInt(3); + if (rsAcls.wasNull()) { + pstmtInsertNetworkAclItem.setNull(3, Types.INTEGER); } else { - cidr += "," + sourceCidr; + pstmtInsertNetworkAclItem.setLong(3, startPort); + } + //End port + Integer endPort = rsAcls.getInt(4); + if (rsAcls.wasNull()) { + pstmtInsertNetworkAclItem.setNull(4, Types.INTEGER); + } else { + pstmtInsertNetworkAclItem.setLong(4, endPort); + } + //State + String state = rsAcls.getString(5); + pstmtInsertNetworkAclItem.setString(5, state); + //protocol + String protocol = rsAcls.getString(6); + pstmtInsertNetworkAclItem.setString(6, protocol); + //icmp_code + Integer icmpCode = rsAcls.getInt(7); + if (rsAcls.wasNull()) { + pstmtInsertNetworkAclItem.setNull(7, Types.INTEGER); + } else { + pstmtInsertNetworkAclItem.setLong(7, icmpCode); } - //Delete cidr entry - pstmtDelete = conn.prepareStatement("DELETE FROM `cloud`.`firewall_rules_cidrs` where id = ?"); - pstmtDelete.setLong(1, cidrId); - pstmtDelete.executeUpdate(); - } - String aclItemUuid = rsAcls.getString(2); - //Move acl to network_acl_item table - s_logger.debug("Moving firewall rule: " + aclItemUuid); - pstmt = - conn.prepareStatement("INSERT INTO `cloud`.`network_acl_item` (uuid, acl_id, start_port, end_port, state, protocol, icmp_code, icmp_type, created, traffic_type, cidr, number, action) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? )"); - //uuid - pstmt.setString(1, aclItemUuid); - //aclId - pstmt.setLong(2, aclId); - //Start port - Integer startPort = rsAcls.getInt(3); - if (rsAcls.wasNull()) { - pstmt.setNull(3, Types.INTEGER); - } else { - pstmt.setLong(3, startPort); - } - //End port - Integer endPort = rsAcls.getInt(4); - if (rsAcls.wasNull()) { - pstmt.setNull(4, Types.INTEGER); - } else { - pstmt.setLong(4, endPort); - } - //State - String state = rsAcls.getString(5); - pstmt.setString(5, state); - //protocol - String protocol = rsAcls.getString(6); - pstmt.setString(6, protocol); - //icmp_code - Integer icmpCode = rsAcls.getInt(7); - if (rsAcls.wasNull()) { - pstmt.setNull(7, Types.INTEGER); - } else { - pstmt.setLong(7, icmpCode); - } + //icmp_type + Integer icmpType = rsAcls.getInt(8); + if (rsAcls.wasNull()) { + pstmtInsertNetworkAclItem.setNull(8, Types.INTEGER); + } else { + pstmtInsertNetworkAclItem.setLong(8, icmpType); + } - //icmp_type - Integer icmpType = rsAcls.getInt(8); - if (rsAcls.wasNull()) { - pstmt.setNull(8, Types.INTEGER); - } else { - pstmt.setLong(8, icmpType); + //created + Date created = rsAcls.getDate(9); + pstmtInsertNetworkAclItem.setDate(9, created); + //traffic type + String trafficType = rsAcls.getString(10); + pstmtInsertNetworkAclItem.setString(10, trafficType); + + //cidr + pstmtInsertNetworkAclItem.setString(11, cidr); + //number + pstmtInsertNetworkAclItem.setInt(12, number++); + //action + pstmtInsertNetworkAclItem.setString(13, "Allow"); + pstmtInsertNetworkAclItem.executeUpdate(); + + //Delete firewall rule + pstmtDeleteFirewallRules.setLong(1, fwRuleId); + pstmtDeleteFirewallRules.executeUpdate(); } - - //created - Date created = rsAcls.getDate(9); - pstmt.setDate(9, created); - //traffic type - String trafficType = rsAcls.getString(10); - pstmt.setString(10, trafficType); - - //cidr - pstmt.setString(11, cidr); - //number - pstmt.setInt(12, number++); - //action - pstmt.setString(13, "Allow"); - pstmt.executeUpdate(); - - //Delete firewall rule - pstmtDelete = conn.prepareStatement("DELETE FROM `cloud`.`firewall_rules` where id = ?"); - pstmtDelete.setLong(1, fwRuleId); - pstmtDelete.executeUpdate(); } if (!hasAcls) { //no network ACls for this network. @@ -1170,30 +1172,13 @@ public class Upgrade410to420 implements DbUpgrade { aclId = NetworkACL.DEFAULT_DENY; } //Assign acl to network - pstmt = conn.prepareStatement("UPDATE `cloud`.`networks` set network_acl_id=? where id=?"); - pstmt.setLong(1, aclId); - pstmt.setLong(2, networkId); - pstmt.executeUpdate(); + pstmtUpdate.setLong(1, aclId); + pstmtUpdate.setLong(2, networkId); + pstmtUpdate.executeUpdate(); } s_logger.debug("Done updating network ACLs "); } catch (SQLException e) { throw new CloudRuntimeException("Unable to move network acls from firewall rules table to network_acl_item table", e); - } finally { - try { - if (rs != null) { - rs.close(); - } - if (rsAcls != null) { - rsAcls.close(); - } - if (rsCidr != null) { - rsCidr.close(); - } - if (pstmt != null) { - pstmt.close(); - } - } catch (SQLException e) { - } } }
