OpenStack Dashboard (Horizon)

bad file path but accepted in a container by Horizon after uploading file

Bug #1734154 reported by Besbiss on 2017-11-23

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Dashboard (Horizon)	New	Undecided	Unassigned

Bug Description

I uploaded a file with a bad path which contains a double slash (example: '/my/file//path') in an object storage container.
The problem is that Horizon accepted this bad path as if it was a valid path, there was no control or validation on the path made by OpenStack Horizon. In the URL if I put '/containers/container/my-container/A/b/12/s' which doesn't exist, Horizon still open the container with the following path.

Steps to reproduce :
- use "pkgcloud" module available on GitHub with node.JS to upload a file in a container in Horizon
- upload a file with a bad path
- get all files and you see that the file has been saved in a fake URL

Optionally: put a bad path on URL after '/containers/container/' and Horizon will open this false container with false file

Tags:

Revision history for this message

Mithun (mithunsunku) wrote on 2020-05-11:

Horizon should validate filepath and container name in URL before invoking file related operations.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.