atuned: add input validation for collection

collection need input validation before exec
Signed-off-by: NZhipeng Xie <xiezhipeng1@huawei.com>

.gitignore

+/pkg/
+*.pyc
+database/atuned.db

common/utils/utils.go

@@ -25,6 +25,7 @@ import (
 	"path"
 	"path/filepath"
 	"plugin"
+	"regexp"
 	"strconv"
 	"strings"
 	"syscall"
@@ -278,3 +279,13 @@ func DiskByName(disk string) error {
 
 	return fmt.Errorf("disk %s is not exist", disk)
 }
+
+// common input string validator
+func IsInputStringValid(input string) bool {
+	if input != "" {
+		if isOk, _ := regexp.MatchString("^[a-zA-Z0-9/.-_]*$", input); isOk {
+			return isOk
+		}
+	}
+	return false
+}

modules/server/profile/profile.go

@@ -691,6 +691,26 @@ func (s *ProfileServer) ProfileRollback(profileInfo *PB.ProfileInfo, stream PB.P
 Collection method call collection script to collect system data.
 */
 func (s *ProfileServer) Collection(message *PB.CollectFlag, stream PB.ProfileMgr_CollectionServer) error {
+	if valid := utils.IsInputStringValid(message.GetWorkload()); !valid {
+		return fmt.Errorf("input:%s is invalid", message.GetWorkload())
+	}
+
+	if valid := utils.IsInputStringValid(message.GetOutputPath()); !valid {
+		return fmt.Errorf("input:%s is invalid", message.GetOutputPath())
+	}
+
+	if valid := utils.IsInputStringValid(message.GetType()); !valid {
+		return fmt.Errorf("input:%s is invalid", message.GetType())
+	}
+
+	if valid := utils.IsInputStringValid(message.GetBlock()); !valid {
+		return fmt.Errorf("input:%s is invalid", message.GetBlock())
+	}
+
+	if valid := utils.IsInputStringValid(message.GetNetwork()); !valid {
+		return fmt.Errorf("input:%s is invalid", message.GetNetwork())
+	}
+
 	classApps := &sqlstore.GetClassApp{Class: message.GetType()}
 	err := sqlstore.GetClassApps(classApps)
 	if err != nil {