Invalid XML request is returning 500 ERROR instead of Bad Request 400 exception

Bug #1032092 reported by Rajalakshmi Ganesan
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Cinder
Invalid
Undecided
Unassigned
OpenStack Compute (nova)
Fix Released
Medium
Vijaya Erukala

Bug Description

Description:

When Request body is sent as "Invalid XML" request, HTTP 500 ERROR is returned instead of Bad Request exception(code :400).

LOG :
-----------------------
1. Server Creation with invalid XML

REQ: curl -i http://15.184.83.251:8774/v2/5e8e6e11adf74ee5b9141d4c6c5fad94/servers -X POST -H "X-Auth-Project-Id: nova_auto_project" -H "User-Agent: python-novaclient" -H "Content-Type: application/xml" -H "Accept: application/xml" -H "X-Auth-Token: 9d956c15a34e40d0bb877a54de771764"

novaclient.client: DEBUG: REQ BODY: <xml version="1.0" encoding="UTF-8"?> <server xmlns="http://15.184.83.251:5000/v2.0" imageRef="5509c976-a040-467b-88a8-6a6566202bb0" flavorRef="1" name="auto_test_server_active"> </server>

novaclient.client: DEBUG: RESP:{'date': 'Thu, 02 Aug 2012 08:11:31 GMT', 'status': '500', 'content-length': '192', 'content-type': 'application/xml; charset=UTF-8', 'x-compute-request-id': 'req-683ad7b0-5363-4fdc-8a68-e47309c0178c'} <computeFault code="500" xmlns="http://docs.openstack.org/compute/api/v1.1"><message>The server has either erred or is incapable of performing the requested operation.</message></computeFault>

2. Set Image Metadata with invalid XML

REQ: curl -i http://15.184.83.251:8774/v2/5e8e6e11adf74ee5b9141d4c6c5fad94/images/bf88d99f-a17f-4515-9a0d-969006939470/metadata/Label PUT -H "X-Auth-Project-Id: nova_auto_project" -H "User-Agent: python-novaclient" -H "Content-Type: application/xml" -H "Accept: application/xml" -H "X-Auth-Token: a7a97182bbec44d19d578b997818de88"

novaclient.client: DEBUG: REQ BODY: <?xml version="1.0" encoding="UTF-8"?> <metadata xmlns="http://docs.openstack.org/compute/api/v1.1" key="Label">>Web</meta>

novaclient.client: DEBUG: RESP:{'date': 'Thu, 02 Aug 2012 08:37:07 GMT', 'status': '500', 'content-length': '192', 'content-type': 'application/xml; charset=UTF-8', 'x-compute-request-id': 'req-50f195f5-ba68-49f7-9e2a-30fb499ce633'} <computeFault code="500" xmlns="http://docs.openstack.org/compute/api/v1.1"><message>The server has either erred or is incapable of performing the requested operation.</message></computeFault>

3. Add Security Group Rule with invalid XML

REQ: curl -i http://15.184.83.251:8774/v2/5e8e6e11adf74ee5b9141d4c6c5fad94/os-security-group-rules -X POST -H "X-Auth-Project-Id: nova_auto_project" -H "User-Agent: python-novaclient" -H "Content-Type: application/xml" -H "Accept: application/xml" -H "X-Auth-Token: f1ff74fac1144ded8e830d1bda7ff8c4"

novaclient.client: DEBUG: REQ BODY: <security_group_rule><ip_protocol>tcp</ip_protocol> <from_port>22</from_port><to_port>23</to_port> <parent_group_id>159</parnt_group_id> </security_group_rule>

novaclient.client: DEBUG: RESP:{'date': 'Thu, 02 Aug 2012 08:40:46 GMT', 'status': '500', 'content-length': '192', 'content-type': 'application/xml; charset=UTF-8', 'x-compute-request-id': 'req-bca76a87-c176-4b65-8ec3-28f06afa1412'} <computeFault code="500" xmlns="http://docs.openstack.org/compute/api/v1.1"><message>The server has either erred or is incapable of performing the requested operation.</message></computeFault>

4. Create Security Group with invalid XML

REQ: curl -i http://15.184.83.251:8774/v2/5e8e6e11adf74ee5b9141d4c6c5fad94/os-security-groups -X POST -H "X-Auth-Project-Id: nova_auto_project" -H "User-Agent: python-novaclient" -H "Content-Type: application/xml" -H "Accept: application/xml" -H "X-Auth-Token: f1ff74fac1144ded8e830d1bda7ff8c4"

novaclient.client: DEBUG: REQ BODY: <security_group name="test_auto_security_group_xml"> <description>test_auto_security_group_xml<descption></security_group>

novaclient.client: DEBUG: RESP:{'date': 'Thu, 02 Aug 2012 08:40:47 GMT', 'status': '500', 'content-length': '192', 'content-type': 'application/xml; charset=UTF-8', 'x-compute-request-id': 'req-319ef63e-f086-4313-b073-1ee2c20052b3'} <computeFault code="500" xmlns="http://docs.openstack.org/compute/api/v1.1"><message>The server has either erred or is incapable of performing the requested operation.</message></computeFault>

5. Reboot Server using invalid XML

REQ: curl -i http://15.184.83.251:8774/v2/5e8e6e11adf74ee5b9141d4c6c5fad94/servers/c999a7fd-8c2a-4dc5-970b-ff13daa1d3e9/action -X POST -H "X-Auth-Project-Id: nova_auto_project" -H "User-Agent: python-novaclient" -H "Content-Type: application/xml" -H "Accept: application/xml" -H "X-Auth-Token: 7675bb82ff514780873e5ff296137628"

novaclient.client: DEBUG: REQ BODY: <?xml version="1.0" encoding="UTF-8"?> xns="http://15.184.83.251:5000/v2.0" type"HARD"/>

novaclient.client: DEBUG: RESP:{'date': 'Thu, 02 Aug 2012 08:51:36 GMT', 'status': '500', 'content-length': '192', 'content-type': 'application/xml; charset=UTF-8', 'x-compute-request-id': 'req-f1373577-8f7b-4c00-919e-57b8ff48dbbf'} <computeFault code="500" xmlns="http://docs.openstack.org/compute/api/v1.1"><message>The server has either erred or is incapable of performing the requested operation.</message></computeFault>

6. Rebuild Server using invalid XML

novaclient.client: DEBUG:
REQ: curl -i http://15.184.83.251:8774/v2/5e8e6e11adf74ee5b9141d4c6c5fad94/servers/b281dd7e-2104-4553-8f8a-7a018cd9a427/action -X POST -H "X-Auth-Project-Id: nova_auto_project" -H "User-Agent: python-novaclient" -H "Content-Type: application/xml" -H "Accept: application/xml" -H "X-Auth-Token: 7675bb82ff514780873e5ff296137628"

novaclient.client: DEBUG: REQ BODY: <xml version="1.0" encoding="UTF-8"?> <rebuild xmlns="http://15.184.83.251:5000/v2.0" imageRef="5509c976-a040-467b-88a8-6a6566202bb0"/>

novaclient.client: DEBUG: RESP:{'date': 'Thu, 02 Aug 2012 08:51:36 GMT', 'status': '500', 'content-length': '192', 'content-type': 'application/xml; charset=UTF-8', 'x-compute-request-id': 'req-365a3796-15c0-4fb9-8467-6d110f0e582a'} <computeFault code="500" xmlns="http://docs.openstack.org/compute/api/v1.1"><message>The server has either erred or is incapable of performing the requested operation.</message></computeFault>

description: updated
description: updated
Revision history for this message
Thierry Carrez (ttx) wrote :

Which version of Nova are you testing this against ?

Changed in nova:
status: New → Incomplete
Revision history for this message
Rajalakshmi Ganesan (rajalakshmi-ganesan) wrote :

Hi Carrez,

My nova version was "nova==2012.2".

Thierry Carrez (ttx)
Changed in nova:
importance: Undecided → Low
status: Incomplete → Confirmed
Changed in nova:
assignee: nobody → Vijaya Erukala (vijaya-erukala)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/13446

Changed in nova:
status: Confirmed → In Progress
Sean Dague (sdague)
Changed in nova:
importance: Low → Medium
milestone: none → grizzly-1
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (master)

Reviewed: https://review.openstack.org/13446
Committed: http://github.com/openstack/nova/commit/7a70bc33aca8428f38c70c6b85bba29977a41aaf
Submitter: Jenkins
Branch: master

commit 7a70bc33aca8428f38c70c6b85bba29977a41aaf
Author: vijaya-erukala <email address hidden>
Date: Thu Sep 20 12:08:57 2012 +0530

    Handle invalid xml request to return BadRequest

    Handled ExpatError,LookupError to return BadRequest
    if the user inputs the invalid xml

    fixes bug 1032092

    Change-Id: I7374532d91e3d7675bc80730031a195f50bb2abc

Changed in nova:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in nova:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in nova:
milestone: grizzly-1 → 2013.1
Revision history for this message
Shingo Tanino (tanino-shingo) wrote :

There is a similar bug also in cinder.
There is a similar code to the source corrected with nova also in cinder/api/openstack/wsgi.py of cinder.
When Request body is sent as "Invalid XML" request, HTTP 500 ERROR is returned instead of Bad Request exception(code :400).

Changed in cinder:
assignee: nobody → Shingo Tanino (tanino-shingo)
Revision history for this message
Sean McGinnis (sean-mcginnis) wrote : Owner Expired

Unassigning due to no activity.

Changed in cinder:
assignee: Shingo Tanino (tanino-shingo) → nobody
Revision history for this message
Sheel Rana (ranasheel2000) wrote :

This issue does not seem exist in cinder. Proper 400 error is shown on terminal for xml bad requests

root@sheel:/opt/stack/cinder# curl -H "X-Auth-Token:7edb9429407d473d91ce310907b64e66" -H "User-Agent: python-cinderclient" -H "Content-Type: application/xml" -H "Accept: application/xml" http://10.0.2.15:8776/v2/f270b245cb11498ca4031deb7e141cfa/types/898016e6-038e-4ae7-baad-2f07b4404567/encryption -X POST -d '{"encryption": {}}'
<badRequest code="400" xmlns="http://docs.openstack.org/api/openstack-block-storage/2.0/content"><message>Malformed request body</message></badRequest>

Changed in cinder:
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.