No validation for FQDNs in Racks

Bug #1567117 reported by Igor Shishkin on 2016-04-06
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Fuel for OpenStack
Alexander Lomski

Bug Description


While inventory object is gonna be created through form in WebUI we have no validation for it's name(i.e. FQDN).
Please add such validation(according to on both of fronted and backend sides.

New inventory object(error 404)
Actual result: error 404
But the entry was created

High since it could potentially cause SQL inj.

Thanks in advance.

Alexander Charykov (acharykov) wrote :

It would not execute "SQL inj". Mark as low, because it is name, not hostname. But we really need to rename field and add validation.

Changed in fuel:
importance: High → Low
status: New → Confirmed
Igor Shishkin (teran) wrote :

@Alexander, why do you think it wouldn't execute SQL Inj?

Fix proposed to branch: master
Change author: Alexander Lomski <email address hidden>

Changed in fuel:
status: Confirmed → In Progress
Changed in fuel:
assignee: Fuel Infra Apps (fuel-infra-apps) → Alexander Lomski (aliaksandr-lomski)

Submitter: Alexander Charykov <email address hidden>
Branch: master

Commit: 2c0d4f831d9712a1098099ec8918f63f38818fbf
Author: Alexander Lomski <email address hidden>
Date: Wed Jul 6 11:04:51 2016

Validate inventory object name as FQDN

Inventory object name has been renamed to "Hostname" in forms and is now
validated to be a FQDN (fully qualified domain name) if present.

UI and API tests updated.

Closes-Bug: #1567117
Change-Id: I85904094c4e7b522518e30f746eb13daae42debf

Changed in fuel:
status: In Progress → Fix Committed
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers