Invalid parameters in list image requests return inconsistent responses
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Glance |
Invalid
|
High
|
Vishakha Agarwal | ||
Bug Description
Using glance v2, most recent commit is 6dc5477a12b9b90
I see that GET(list image) requests with different invalid parameters return different response codes. I would expect that invalid parameters would be treated consistently. In other words I would expect invalid parameters to always return a 400 or ignore invalid parameters and return a 200.
Examples:
An invalid parameter of 'id=invalid' returns a 200
------------
REQUEST SENT
------------
request method..: GET
request url.....: <ENDPOINT>
request params..: id=invalid
request headers.: {'Accept-Encoding': 'gzip, deflate', 'Accept': 'application/json', 'User-Agent': 'python-
request body....: None
-----------------
RESPONSE RECEIVED
-----------------
response status..: <Response [200]>
response time....: 0.236920833588
response headers.: {'content-length': '80', 'via': '1.1 Repose (Repose/2.12)', 'server': 'Jetty(
response body....: {"images": [], "schema": "/v2/schemas/
-------
An invalid parameter of 'limit=invalid' returns a 400
------------
REQUEST SENT
------------
request method..: GET
request url....
request params..: limit=invalid
request headers.: {'Accept-Encoding': 'gzip, deflate', 'Accept': 'application/json', 'User-Agent': 'python-
request body....: None
-----------------
RESPONSE RECEIVED
-----------------
response status..: <Response [400]>
response time....: 0.143214941025
response headers.: {'content-length': '52', 'via': '1.1 Repose (Repose/2.12)', 'server': 'Jetty(
response body....: 400 Bad Request
limit param must be an integer
Here are the different invalid params I have attempted and their results:
Returns a 200:
request params..: auto_disk_
request params..: checksum=invalid
request params..: container_
request params..: created_at=invalid
request params..: disk_format=invalid
request params..: id=invalid
request params..: image_type=invalid
request params..: min_disk=invalid
request params..: min_ram=invalid
request params..: name=invalid
request params..: os_type=invalid
request params..: owner=invalid
request params..: protected=invalid
request params..: size=invalid
request params..: status=invalid
request params..: tag=invalid
request params..: updated_at=invalid
Returns a 400:
request params..: limit=invalid
request params..: marker=invalid
request params..: member_
request params..: size_max=invalid
request params..: size_min=invalid
request params..: sort_dir=invalid
request params..: sort_key=invalid
request params..: visibility=invalid
| Nikhil Komawar (nikhil-komawar) wrote | #1 |
| Changed in glance: | |
| status: | New → Triaged |
| importance: | Undecided → High |
| Changed in glance: | |
| assignee: | nobody → Hemanth Makkapati (hemanth-makkapati) |
| Changed in glance: | |
| assignee: | Hemanth Makkapati (hemanth-makkapati) → Neha Pandey (nehapandey) |
| Vishakha Agarwal (vishakha.agarwal) wrote | #2 |
| Changed in glance: | |
| assignee: | Neha Pandey (nehapandey) → Vishakha Agarwal (vishakha.agarwal) |
| Vishakha Agarwal (vishakha.agarwal) wrote | #3 |
| Changed in glance: | |
| status: | Triaged → Invalid |
I think we need to validate at least the filtering on base properties, not all filters can be validated on value so we should check the type of the request param for that key to validate the request. 400 should be returned on incorrect type of request param key(s).