Designate

Designate DNS – it’s possible to create blacklist using invalid patterns

Bug #1934252 reported by Arkady Shtempler
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Designate
Fix Released
Medium
Unassigned

Bug Description

Scenario:
Create blacklist using string that cannot be used either as a regex or as a zone name, for example:
patterns = ['', '#(*&^%$%$#@$']

Empty pattern console result:
2021-07-01 10:36:29,649 770881 INFO [tempest.lib.common.rest_client] Request (BlacklistsAdminTest:test_create_blacklist_invalid_pattern): 201 POST http://10.35.64.8/dns/v2/blacklists 0.216s
2021-07-01 10:36:29,650 770881 DEBUG [tempest.lib.common.rest_client] Request - Headers: {'Content-Type': 'application/json', 'Accept': 'application/json', 'X-Auth-Token': '<omitted>'}
        Body: {"pattern": "", "description": "tempest-2122752535"}
    Response - Headers: {'date': 'Thu, 01 Jul 2021 07:36:29 GMT', 'server': 'Apache/2.4.41 (Ubuntu)', 'location': 'http://10.35.64.8/dns/v2/blacklists/81759d14-1aa4-4395-b4da-0e9f8e024044', 'content-length': '257', 'x-openstack-request-id': 'req-5bbf9f42-6903-4bbe-b670-92860217864d', 'connection': 'close', 'content-type': 'application/json', 'status': '201', 'content-location': 'http://10.35.64.8/dns/v2/blacklists'}
        Body: b'{"id": "81759d14-1aa4-4395-b4da-0e9f8e024044", "pattern": "", "description": "tempest-2122752535", "created_at": "2021-07-01T07:36:30.000000", "updated_at": null, "links": {"self": "http://10.35.64.8/dns/v2/blacklists/81759d14-1aa4-4395-b4da-0e9f8e024044"}}'
}}}

Invalid string (#(*&^%$%$#@$") console result:
2021-07-01 10:32:32,316 770535 INFO [tempest.lib.common.rest_client] Request (BlacklistsAdminTest:test_create_blacklist_invalid_pattern): 201 POST http://10.35.64.8/dns/v2/blacklists 0.037s
2021-07-01 10:32:32,317 770535 DEBUG [tempest.lib.common.rest_client] Request - Headers: {'Content-Type': 'application/json', 'Accept': 'application/json', 'X-Auth-Token': '<omitted>'}
        Body: {"pattern": "#(*&^%$%$#@$", "description": "tempest-374346852"}
    Response - Headers: {'date': 'Thu, 01 Jul 2021 07:32:32 GMT', 'server': 'Apache/2.4.41 (Ubuntu)', 'location': 'http://10.35.64.8/dns/v2/blacklists/4527e92e-f6f9-438a-917b-7478a2c02e0c', 'content-length': '268', 'x-openstack-request-id': 'req-2f6969a4-5cce-417b-80f2-509e42128499', 'connection': 'close', 'content-type': 'application/json', 'status': '201', 'content-location': 'http://10.35.64.8/dns/v2/blacklists'}
        Body: b'{"id": "4527e92e-f6f9-438a-917b-7478a2c02e0c", "pattern": "#(*&^%$%$#@$", "description": "tempest-374346852", "created_at": "2021-07-01T07:32:32.000000", "updated_at": null, "links": {"self": "http://10.35.64.8/dns/v2/blacklists/4527e92e-f6f9-438a-917b-7478a2c02e0c"}}'

Actual Result:
Blacklist is successfully created

Expected result:
400 BadRequest

Michael Johnson (johnsom)
Changed in designate:
importance: Undecided → Medium
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to designate (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/designate/+/825682

Changed in designate:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to designate (stable/xena)

Fix proposed to branch: stable/xena
Review: https://review.opendev.org/c/openstack/designate/+/827246

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to designate (stable/wallaby)

Fix proposed to branch: stable/wallaby
Review: https://review.opendev.org/c/openstack/designate/+/827248

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to designate (stable/victoria)

Fix proposed to branch: stable/victoria
Review: https://review.opendev.org/c/openstack/designate/+/827249

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to designate (stable/ussuri)

Fix proposed to branch: stable/ussuri
Review: https://review.opendev.org/c/openstack/designate/+/827735

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to designate (master)

Reviewed: https://review.opendev.org/c/openstack/designate/+/825682
Committed: https://opendev.org/openstack/designate/commit/f44395870dcbe08e2f8142ec6d96a0004ba3300f
Submitter: "Zuul (22348)"
Branch: master

commit f44395870dcbe08e2f8142ec6d96a0004ba3300f
Author: dekehn <email address hidden>
Date: Thu Jan 20 20:38:06 2022 +0000

    Checks for invalid denylist regex patterns

    Adds new field check method DenyListFields to validate
    the pattern string. in addition, check for a zero
    length string as well.

    Closes-Bug: #1934252
    Change-Id: I2b69025fc11125bb73a4e0f8c0dedad951399cbf

Changed in designate:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/designate 14.0.0.0rc1

This issue was fixed in the openstack/designate 14.0.0.0rc1 release candidate.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to designate (stable/victoria)

Reviewed: https://review.opendev.org/c/openstack/designate/+/827249
Committed: https://opendev.org/openstack/designate/commit/eee0fcbee357c7f09b16de31cc68f23b765f4462
Submitter: "Zuul (22348)"
Branch: stable/victoria

commit eee0fcbee357c7f09b16de31cc68f23b765f4462
Author: dekehn <email address hidden>
Date: Thu Jan 20 20:38:06 2022 +0000

    Checks for invalid denylist regex patterns

    Adds new field check method DenyListFields to validate
    the pattern string. in addition, check for a zero
    length string as well.

    Closes-Bug: #1934252
    Change-Id: I2b69025fc11125bb73a4e0f8c0dedad951399cbf

tags: added: in-stable-victoria
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/designate 11.0.2

This issue was fixed in the openstack/designate 11.0.2 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to designate (stable/xena)

Reviewed: https://review.opendev.org/c/openstack/designate/+/827246
Committed: https://opendev.org/openstack/designate/commit/b55afb5991589cf43bce56ee70517610251f3cc9
Submitter: "Zuul (22348)"
Branch: stable/xena

commit b55afb5991589cf43bce56ee70517610251f3cc9
Author: dekehn <email address hidden>
Date: Thu Jan 20 20:38:06 2022 +0000

    Checks for invalid denylist regex patterns

    Adds new field check method DenyListFields to validate
    the pattern string. in addition, check for a zero
    length string as well.

    Closes-Bug: #1934252
    Change-Id: I2b69025fc11125bb73a4e0f8c0dedad951399cbf

tags: added: in-stable-xena
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to designate (stable/ussuri)

Reviewed: https://review.opendev.org/c/openstack/designate/+/827735
Committed: https://opendev.org/openstack/designate/commit/ee678b69c4e320846c9f49913e16e5a161225b23
Submitter: "Zuul (22348)"
Branch: stable/ussuri

commit ee678b69c4e320846c9f49913e16e5a161225b23
Author: dekehn <email address hidden>
Date: Thu Jan 20 20:38:06 2022 +0000

    Checks for invalid denylist regex patterns

    Adds new field check method DenyListFields to validate
    the pattern string. in addition, check for a zero
    length string as well.

    Closes-Bug: #1934252
    Change-Id: I2b69025fc11125bb73a4e0f8c0dedad951399cbf

tags: added: in-stable-ussuri
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to designate (stable/wallaby)

Reviewed: https://review.opendev.org/c/openstack/designate/+/827248
Committed: https://opendev.org/openstack/designate/commit/a2ff328cd7c47dd53d02bcecf3e16473bdb8ba67
Submitter: "Zuul (22348)"
Branch: stable/wallaby

commit a2ff328cd7c47dd53d02bcecf3e16473bdb8ba67
Author: dekehn <email address hidden>
Date: Thu Jan 20 20:38:06 2022 +0000

    Checks for invalid denylist regex patterns

    Adds new field check method DenyListFields to validate
    the pattern string. in addition, check for a zero
    length string as well.

    Closes-Bug: #1934252
    Change-Id: I2b69025fc11125bb73a4e0f8c0dedad951399cbf

tags: added: in-stable-wallaby
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/designate 13.0.1

This issue was fixed in the openstack/designate 13.0.1 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/designate 12.1.0

This issue was fixed in the openstack/designate 12.1.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/designate ussuri-eol

This issue was fixed in the openstack/designate ussuri-eol release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.