Glance allows to sort images by private fields
Bug #1400366 reported by
Mike Fedosin
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Glance |
Fix Released
|
Medium
|
Mike Fedosin |
Bug Description
Glance api supports sorting only by 'name', 'status', 'container_format', 'disk_format', 'size', 'id', 'created_at', 'updated_at'
But now it's possible to make sorting by private fields like checksum or min_ram (/images?
It's possible because there is no key validation on the api layer in v2.
There is a check on the db in pagination, but it covers all the fields (not only api), which causes a problem.
Changed in glance: | |
assignee: | nobody → Mike Fedosin (mfedosin) |
Changed in glance: | |
status: | New → In Progress |
Changed in glance: | |
status: | Opinion → In Progress |
Changed in glance: | |
milestone: | none → kilo-1 |
Changed in glance: | |
importance: | Undecided → Medium |
Changed in glance: | |
milestone: | kilo-1 → none |
Changed in glance: | |
milestone: | none → kilo-2 |
status: | Fix Committed → Fix Released |
Changed in glance: | |
milestone: | kilo-2 → 2015.1.0 |
To post a comment you must log in.
hi Mike, what did you mean 'violates api'? I'm trying to understand the impact of this. Thanks.