Returns 500 if a body is included where not expected

Bug #1475647 reported by Niall Bunting on 2015-07-17
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Glance
Medium
Niall Bunting

Bug Description

Overview:
If a user attaches a body to a HTTP message, where the API does not expect there to be a body the server returns a 500. This therefore affects a large part of the API.

Steps to reproduce (One example):
(1) The curl command, which includes a body:
curl -v -X GET http://16.49.137.85:9292/v2/images/5619cf1f-5c43-4a1d-a90b-aa7354e453e7 -H "X-Auth-Token: 3ee83196ecbb4a559b945ac849c1520e" -d '[]'

(2) Sends the following:
GET http://16.49.137.85:9292/v2/images/5619cf1f-5c43-4a1d-a90b-aa7354e453e7 HTTP/1.1.
User-Agent: curl/7.35.0.
Host: 16.49.137.85:9292.
Accept: */*.
Proxy-Connection: Keep-Alive.
X-Auth-Token: 3ee83196ecbb4a559b945ac849c1520e.
Content-Length: 2.
Content-Type: application/x-www-form-urlencoded.
.
[]

Actual:
The response in a 500 error.

Expected:
It may be nice if it caught the fact that a body was not expected and returned a error early, to stop the whole body being uploaded. I would like some input into what people think the expected behavior should be?

Changed in glance:
assignee: nobody → Niall Bunting (niall-bunting)
description: updated
summary: - Get image API returns 500 if a body is included
+ Returns 500 if a body is included where not expected
description: updated
description: updated
Changed in glance:
status: New → In Progress
Changed in glance:
importance: Undecided → Medium

Reviewed: https://review.openstack.org/207150
Committed: https://git.openstack.org/cgit/openstack/glance/commit/?id=9b430f99518e10ae263bedec3062408af332068c
Submitter: Jenkins
Branch: master

commit 9b430f99518e10ae263bedec3062408af332068c
Author: Niall Bunting <email address hidden>
Date: Tue Jul 28 15:05:10 2015 +0000

    Add functionality to define requests without body

    This allows functions that do not accept bodies to define this in the
    router file. As currently many requests will cause a 500 if a body is
    supplied when the API request does not expect it.

    This currently only affects the core parts of the v2 api, that is,
    calls to v2/images and v2/schemas. It does not cover the "tasks" API
    or the metadefs api as I was keeping this patch concise. As this
    does not affect the behaviour if not included this makes no change to
    the metadefs api behaviour.

    DocImpact

    Partial-Bug: 1475647

    Change-Id: Ieb510e5516128078d40d39fd9b4f339ce64e10e7

Reviewed: https://review.openstack.org/283190
Committed: https://git.openstack.org/cgit/openstack/glance/commit/?id=a22f0744a5e89e653de9772e9b2b3aaa10c74f64
Submitter: Jenkins
Branch: master

commit a22f0744a5e89e653de9772e9b2b3aaa10c74f64
Author: Niall Bunting <email address hidden>
Date: Mon Feb 22 17:13:06 2016 +0000

    Reject bodies for metadef commands

    The inital commit missed the metadef commands. This now adds them in
    using http://developer.openstack.org/api-ref-image-v2.html as the source
    for this information.

    Closes-Bug: 1475647

    Change-Id: I764e09d9d0e3f2dd2d815b9eca2212075598303c

Changed in glance:
status: In Progress → Fix Released

This issue was fixed in the openstack/glance 12.0.0.0rc1 release candidate.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers