Aggregate ID validation
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
In Progress
|
Undecided
|
Mykola Yakovliev |
Bug Description
Description
===========
Nova API's aggregate ID lookup does not require an exact match. Alphanumeric strings can possibly be truncated and converted to integers incorrectly.
Steps to reproduce
==================
Determine the ID of an existing aggregate.
Take the aggregate ID, and append junk data to it, ensuring that the digit following the actual ID is an alphabetic character.e.g. aggregate id = '13', the test string would be something like '13a2g152asdf'Send a PUT request to '<NOVA API>/os_
Check for whether or not the server returns an error (aggregate ID not found), or a 200 OK indicating the change was successful.
Successful change indicates the issue still exists.
Expected result
===============
Nova should return error.
Actual result
=============
Nova returns 200.
Fix proposed to branch: master /review. opendev. org/698094
Review: https:/