From 1309dd4487b6337239c37e57381cf49c907e6aab Mon Sep 17 00:00:00 2001
From: Lucian Petrut <lpetrut@cloudbasesolutions.com>
Date: Thu, 4 Jun 2026 08:56:35 +0000
Subject: [PATCH] Reject empty user scripts

Coriolis allows removing user scripts by specifying "None" instead
of a user script.

As mentioned here [1], an empty string is most likely an user error
though and we should reject the request.

[1] https://github.com/cloudbase/coriolis/pull/448#discussion_r3350559746
---
 coriolis/api/v1/utils.py                      |  8 +++++
 .../utils_validate_user_scripts_raises.yml    | 29 ++++++++++++++++++-
 2 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/coriolis/api/v1/utils.py b/coriolis/api/v1/utils.py
index b3ffdfca0..6c77306d2 100644
--- a/coriolis/api/v1/utils.py
+++ b/coriolis/api/v1/utils.py
@@ -104,6 +104,10 @@ def _process_user_scripts(
         payload = user_scripts
         if sanitize_newlines:
             payload = _sanitize_newlines(payload)
+        if not payload.strip("\r\n "):
+            raise exception.InvalidInput(
+                "Empty script received. "
+                "Use 'None' if the script should be removed.")
         return [
             {
                 "phase": constants.PHASE_OSMORPHING_POST_OS_MOUNT,
@@ -141,6 +145,10 @@ def _process_user_scripts(
             if sanitize_newlines:
                 script_item["payload"] = _sanitize_newlines(
                     script_item["payload"])
+            if not script_item["payload"].strip("\r\n "):
+                raise exception.InvalidInput(
+                    "Empty script received. "
+                    "Use 'None' if the script should be removed.")
 
         return user_scripts
     else:
diff --git a/coriolis/tests/api/v1/data/utils_validate_user_scripts_raises.yml b/coriolis/tests/api/v1/data/utils_validate_user_scripts_raises.yml
index 677a4e1e7..4fe4c8e9c 100644
--- a/coriolis/tests/api/v1/data/utils_validate_user_scripts_raises.yml
+++ b/coriolis/tests/api/v1/data/utils_validate_user_scripts_raises.yml
@@ -13,4 +13,31 @@
     global:
       linux: 'mock_scripts_linux'
       windows: 'mock_scripts_windows'
-    instances: "invalid"
\ No newline at end of file
+    instances: "invalid"
+
+- user_scripts:
+    global:
+      linux: ''
+
+- user_scripts:
+    global:
+      instances:
+        some_instance: ''
+
+- user_scripts:
+    global:
+      linux:
+      - phase: osmorphing_post_os_mount
+        payload: ''
+
+- user_scripts:
+    global:
+      instances:
+        some_instance: ''
+
+- user_scripts:
+    global:
+      instances:
+        some_instance:
+        - phase: osmorphing_post_os_mount
+          payload: ''