No proper validation for url path in curl-request.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Kingbird |
Fix Released
|
Undecided
|
Goutham Pratapa |
Bug Description
In the present implementation of kingbird there is no proper validation for the url path of the Curl request.
If we change first part of any request's url path
i.e <admin_
with
<dummy/
It produces output.
Eg:
Here i used curl request which gives default quotas.
http://
http://
Curl- Request :
export TOKEN=`curl -si -d @/home/
curl -H "Content-Type: application/json" -H "X-Auth-Token: $TOKEN" http://<kb-ip>
Token_request.json:
{
"auth": {
},
}
}
}
Generated Output:
$bash default-
{"quota_set": {"metadata_items": 128, "subnet": 10, "network": 10, "floatingip": 50, "gigabytes": 1000, "backup_gigabytes": 1000, "ram": 51200, "floating_ips": 10, "snapshots": 10, "security_
Expected-Result:
400 Bad Request
Invalid request URL
Changed in kingbird: | |
status: | New → Confirmed |
Changed in kingbird: | |
status: | Confirmed → In Progress |
assignee: | nobody → Goutham Pratapa (pratapagoutham) |
Fix proposed to branch: master /review. openstack. org/418317
Review: https:/