OpenStack Dashboard (Horizon)

glance image-create --location doesn't fail with bad URLs

Bug #1261893 reported by Matt Ray
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Glance Client
Won't Fix
Undecided
Unassigned
OpenStack Dashboard (Horizon)
Won't Fix
Low
Unassigned

Bug Description

I ran the command below, then realized that the URL is bad, there's no server there. Instead of throwing an error, it blindly created another image of size ''. Didn't see anything in the recent commits for it, this is on Ubuntu 12.04.

 python-glanceclient 1:0.11.0-0ubuntu1~cloud0 Client library for Openstack glance server.

root@larry:~# glance image-create --name cirros --is-public true --container-format bare --disk-format qcow2 --location http://10.0.0.1:9630/isos/cirros-0.3.0-x86_64-disk.img
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum | None |
| container_format | bare |
| created_at | 2013-12-17T19:20:57 |
| deleted | False |
| deleted_at | None |
| disk_format | qcow2 |
| id | 93ca9d12-f9c9-4ef1-a12a-192cc2251da3 |
| is_public | True |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | 9db5a2b06743410eb506384f19ae7db7 |
| protected | False |
| size | 0 |
| status | active |
| updated_at | 2013-12-17T19:20:57 |
+------------------+--------------------------------------+
root@larry:~# glance image-list
+--------------------------------------+--------+-------------+------------------+------+--------+
| ID | Name | Disk Format | Container Format | Size | Status |
+--------------------------------------+--------+-------------+------------------+------+--------+
| 93ca9d12-f9c9-4ef1-a12a-192cc2251da3 | cirros | qcow2 | bare | | active |
+--------------------------------------+--------+-------------+------------------+------+--------+

Victor Morales (electrocucaracha)
Changed in python-glanceclient:
assignee: nobody → Victor Morales (electrocucaracha)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to python-glanceclient (master)

Fix proposed to branch: master
Review: https://review.openstack.org/64295

Changed in python-glanceclient:
status: New → In Progress
Victor Morales (electrocucaracha)
Changed in horizon:
assignee: nobody → Victor Morales (electrocucaracha)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to horizon (master)

Fix proposed to branch: master
Review: https://review.openstack.org/64312

Changed in horizon:
status: New → In Progress
Revision history for this message
kennychu (kenny-chu123) wrote :

Does any update for this patch?

Timur Sufiev (tsufiev-x)
Changed in horizon:
assignee: Victor Morales (electrocucaracha) → nobody
status: In Progress → Confirmed
importance: Undecided → Low
valw (valw)
Changed in horizon:
assignee: nobody → valw (valw)
valw (valw)
Changed in horizon:
assignee: valw (valw) → nobody
Revision history for this message
Ian Cordasco (icordasc) wrote :

Image creation with locations was asynchronous in v1. Given that locations are disabled by default in v2 and no longer as ergonomic, I'm marking this as won't fix.

Changed in python-glanceclient:
assignee: Victor Morales (electrocucaracha) → nobody
status: In Progress → Won't Fix
Revision history for this message
Akihiro Motoki (amotoki) wrote :

Marking it as Won't Fix in horizon too.
The horizon patch was marked as -2 three years ago and it was abandoned.
The reason of -2 clearly describes the reason. I quoted it for clarification.
----
Keieran is absolutely right in pointing out the CVE that led to us outright removing this from Django.

I responded to the thread on the ML as well, but for posterity let me add my reply here as well:

Adding this to Horizon is a no-go.

Django removed the “verify_exists” option from URLField in Django 1.5 for very good reasons. Here’s the release notes summary:

“django.db.models.fields.URLField.verify_exists will be removed. The feature was deprecated in 1.3.1 due to intractable security and performance issues and will follow a slightly accelerated deprecation timeframe.”

Note that “intractable security issues” bit. Doing this type of validation server-side opens you up to some nasty DoS attacks and simply shouldn’t be done.

If you have further questions, I recommend talking to Paul McMillan, who was the original reporter of the security issues with “verify_exists” in Django.

FWIW, I say let Glance deal with the security problems associated with fetching arbitrary URLs. Horizon can still provide a good user experience just with some improved wording in the user-facing messages.

----

Changed in horizon:
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.