bad file path but accepted in a container by Horizon after uploading file
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Dashboard (Horizon) |
New
|
Undecided
|
Unassigned |
Bug Description
I uploaded a file with a bad path which contains a double slash (example: '/my/file//path') in an object storage container.
The problem is that Horizon accepted this bad path as if it was a valid path, there was no control or validation on the path made by OpenStack Horizon. In the URL if I put '/containers/
Steps to reproduce :
- use "pkgcloud" module available on GitHub with node.JS to upload a file in a container in Horizon
- upload a file with a bad path
- get all files and you see that the file has been saved in a fake URL
Optionally: put a bad path on URL after '/containers/
Horizon should validate filepath and container name in URL before invoking file related operations.