Validate request parameters against max string and integer limit and return 400 error instead of 500
Bug #1466351 reported by
Pranali Deore
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Cinder |
Fix Released
|
Low
|
Pranali Deore | ||
Bug Description
Below apis returns 500 error if name or description string lengths are greater than string size defined in DB i.e., 255
1. consisgroup-create
2. consisgroup-update
3. cgsnapshot-create
4. quota-class-update
5. quota-update
6. qos-create
| Changed in cinder: | |
| assignee: | nobody → Pranali Deore (pranali-deore) |
| summary: |
- Validate max string length in cinder APIs + Validate request parameters against max string length and return 400 + error instead of 500 |
| Changed in cinder: | |
| status: | New → Confirmed |
| importance: | Undecided → Low |
| summary: |
- Validate request parameters against max string length and return 400 - error instead of 500 + Validate request parameters against max string and integer limit and + return 400 error instead of 500 |
| Changed in cinder: | |
| status: | Confirmed → In Progress |
| Changed in cinder: | |
| assignee: | Pranali Deore (pranali-deore) → Abhijeet Malawade (abhijeet-malawade) |
| Changed in cinder: | |
| assignee: | Abhijeet Malawade (abhijeet-malawade) → Pranali Deore (pranali-deore) |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to cinder (master) | #1 |
| Changed in cinder: | |
| status: | In Progress → Fix Committed |
| Changed in cinder: | |
| milestone: | none → liberty-3 |
| status: | Fix Committed → Fix Released |
| Changed in cinder: | |
| milestone: | liberty-3 → 7.0.0 |
To post a comment you must log in.
Reviewed: https:/
Committed: https:/
Submitter: Jenkins
Branch: master
commit cf67960607844ef
Author: PranaliDeore <email address hidden>
Date: Wed Jun 17 04:49:24 2015 -0700
Validate string, integer limit for input parameter
1. Below apis will return 500 error code on passing name or description
parameters with more than 255 characters:
a. consisgroup-create
b. consisgroup-update
c. cgsnapshot-create
d. quota-class-update
e. quota-update
f. qos-create
g. volume-manage
h. volume-transfer
2. Below apis will return 500 error code on passing 'hard_limit' value
greater than mysql INT type:
a. quota-class-update
b. quota-update
c. encryption-
3. Below apis accept name as string with whitespaces:
a. consisgroup-create
b. cgsnapshot-create
c. qos-create
d. volume-transfer
4. Type-key api will return 500 error code on passing key or value with
more than 255 characters.
Added new method
1. validate_
description and returned 400 if it exceeds the limit and removing
leading or trailing whitespaces and string containing only
whitespaces.
2. validate_
validate length of string and returned 400 if it exceeds the limit.
3. validate_integer() method in cinder.utils to validate integer
limit and returned 400 if limit exceeds.
APIImpact
1. For all above apis 400 response will be returned.
2. Earlier it was possible to pass only whitespaces or leading-trailing
spaces to 'name' parameters and 'key' while updating key-value in
type-key api.
Now it will raise 400 error if only whitespaces are passed and will
remove leading-trailing spaces if present in other cases.
Closes-Bug: 1466351
Closes-Bug: 1463379
Closes-Bug: 1465967
Change-Id: I0c0029d61ba2b2