OpenStack Compute (nova)

Input validation broken for os-server-groups create method

Bug #1290326 reported by Christopher Yeoh
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Fix Released
High
Christopher Yeoh
OpenStack Compute (nova) 2014.1 "icehouse"

Bug Description

Input validation of the name field for the create method for os-server-groups extension is broken in that it accepts integers, floats, etc as well as strings as the nova internals code quietly converts these to strings. This was not picked up by the unittests because they were correctly all the invalid data passed as the data was also missing the policies parameter which is compulsory.

Also we should be tightening the name field to also fail on trailing and leading spaces as allowing this tends to cause confusing situations for users (this is where we have been headed in other places in the API).

Tags: api
Revision history for this message
Christopher Yeoh (cyeoh-0) wrote :

Setting this to high as we want to fix the input validation issues before the interface is used and programs becoming dependent on the invalid behaviour.

Changed in nova:
importance: Undecided → High
milestone: none → icehouse-rc1
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/79295

Changed in nova:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (master)

Reviewed: https://review.openstack.org/79295
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=d440acf469253c49e705221e350402e4d629d091
Submitter: Jenkins
Branch: master

commit d440acf469253c49e705221e350402e4d629d091
Author: Chris Yeoh <email address hidden>
Date: Mon Mar 10 22:20:45 2014 +1030

    Fix input validation for V2 API server group API extension

    The server group extension create method allows the name
    parameter to not be a string. The unittest which tests that an integer
    passed as the name fails, but this is due to the policies parameter
    missing from the test data, not because the name is invalid.

    The internal nova code silently converts floats, integers, etc to strings
    and so also does not pick up the validation issue.

    The patch adds extra input validation to the API layer to pick up this issue
    and also tightens the acceptable values of the string to reject trailing
    or leading whitespace which if used can cause confusion for users. It uses
    the regexp that the other parts of the API are converging towards to use
    as a common acceptable name across the API rather than having different
    criteria for names for different extensions.

    Also ensures input validation is always properly applied to the policies
    parameter and adds test cases. This part is backported from this
    https://review.openstack.org/#/c/79312/5 patch.

    The patch also fixes the broken unittests and adds new ones to test the
    tightened criteria for the name parameter.

    +DocImpact
    Co-authored-by: Gary Kotton <email address hidden>
    Closes-Bug: 1290326

    Change-Id: I9ddaef8a128ac6a1a448e47d6b3c9abcf719eb76

Changed in nova:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in nova:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in nova:
milestone: icehouse-rc1 → 2014.1
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.