Validate request parameters against max string and integer limit and return 400 error instead of 500
Bug #1466351 reported by
Pranali Deore
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
Fix Released
|
Low
|
Pranali Deore |
Bug Description
Below apis returns 500 error if name or description string lengths are greater than string size defined in DB i.e., 255
1. consisgroup-create
2. consisgroup-update
3. cgsnapshot-create
4. quota-class-update
5. quota-update
6. qos-create
Changed in cinder: | |
assignee: | nobody → Pranali Deore (pranali-deore) |
summary: |
- Validate max string length in cinder APIs + Validate request parameters against max string length and return 400 + error instead of 500 |
Changed in cinder: | |
status: | New → Confirmed |
importance: | Undecided → Low |
summary: |
- Validate request parameters against max string length and return 400 - error instead of 500 + Validate request parameters against max string and integer limit and + return 400 error instead of 500 |
Changed in cinder: | |
status: | Confirmed → In Progress |
Changed in cinder: | |
assignee: | Pranali Deore (pranali-deore) → Abhijeet Malawade (abhijeet-malawade) |
Changed in cinder: | |
assignee: | Abhijeet Malawade (abhijeet-malawade) → Pranali Deore (pranali-deore) |
Changed in cinder: | |
milestone: | none → liberty-3 |
status: | Fix Committed → Fix Released |
Changed in cinder: | |
milestone: | liberty-3 → 7.0.0 |
To post a comment you must log in.
Reviewed: https:/ /review. openstack. org/194968 /git.openstack. org/cgit/ openstack/ cinder/ commit/ ?id=cf679606078 44ef3426cae4d6e 2ab96f16187b99
Committed: https:/
Submitter: Jenkins
Branch: master
commit cf67960607844ef 3426cae4d6e2ab9 6f16187b99
Author: PranaliDeore <email address hidden>
Date: Wed Jun 17 04:49:24 2015 -0700
Validate string, integer limit for input parameter
1. Below apis will return 500 error code on passing name or description
parameters with more than 255 characters:
a. consisgroup-create
b. consisgroup-update
c. cgsnapshot-create
d. quota-class-update
e. quota-update
f. qos-create
g. volume-manage
h. volume-transfer
2. Below apis will return 500 error code on passing 'hard_limit' value type-create
greater than mysql INT type:
a. quota-class-update
b. quota-update
c. encryption-
3. Below apis accept name as string with whitespaces:
a. consisgroup-create
b. cgsnapshot-create
c. qos-create
d. volume-transfer
4. Type-key api will return 500 error code on passing key or value with
more than 255 characters.
Added new method name_and_ description( ) in
cinder. api.openstack. wsgi.Controller to validate length of name and string_ length( ) in cinder. api.openstack. wsgi.Controller to
1. validate_
description and returned 400 if it exceeds the limit and removing
leading or trailing whitespaces and string containing only
whitespaces.
2. validate_
validate length of string and returned 400 if it exceeds the limit.
3. validate_integer() method in cinder.utils to validate integer
limit and returned 400 if limit exceeds.
APIImpact
1. For all above apis 400 response will be returned.
2. Earlier it was possible to pass only whitespaces or leading-trailing
spaces to 'name' parameters and 'key' while updating key-value in
type-key api.
Now it will raise 400 error if only whitespaces are passed and will
remove leading-trailing spaces if present in other cases.
Closes-Bug: 1466351 93b579d1afffec0 bdf062b22a8
Closes-Bug: 1463379
Closes-Bug: 1465967
Change-Id: I0c0029d61ba2b2