This bug is a year and a half old and was made before XML support was dropped from Keystone.(Kilo 2015.1.0). Thus you can't reproduce it unless you are on an older version of keystone.
________________________________________
From: <email address hidden> <email address hidden> on behalf of Kent Wang <email address hidden>
Sent: Wednesday, November 4, 2015 10:21 AM
To: Nathan Buckner
Subject: [Bug 1289590] Re: SQL Error during update tenant and possibly other calls
{
"error": {
"code": 400,
"message": "Expecting to find application/json in Content-Type header - the server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error.",
"title": "Bad Request"
}
}
HTTP/1.1 500 Internal Server Error
Vary: X-Auth-Token
Content-Type: application/xml
Content-Length: 536
Date: Fri, 07 Mar 2014 21:16:52 GMT
<?xml version="1.0" encoding="UTF-8"?>
<error xmlns="http://docs.openstack.org/identity/api/v2.0" message="An unexpected error prevented the server from fulfilling your request. (ProgrammingError) (1064, 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near \': "\'\'"} WHERE project.id = \'1234556\'\' at line 1') 'UPDATE project SET description=%s WHERE project.id = %s' ({u'test': u''}, '1234556')" code="500" title="Internal Server Error"/>
This bug is a year and a half old and was made before XML support was dropped from Keystone.(Kilo 2015.1.0). Thus you can't reproduce it unless you are on an older version of keystone. _______ _______ _______ _______ _____
_______
From: <email address hidden> <email address hidden> on behalf of Kent Wang <email address hidden>
Sent: Wednesday, November 4, 2015 10:21 AM
To: Nathan Buckner
Subject: [Bug 1289590] Re: SQL Error during update tenant and possibly other calls
Hi I'm having trouble reproducing this bug
When I try:
$ curl $TOKEN -X PUT localhost: 35357/v2. 0/tenants/ bd90b83b1d5642c 49c0f329160ffc4 d3 -H 'Content- Type:applicatio n/xml' -d '<tenant enabled="false" name="ACME corp" id="1234556"> ></description>
<description test=""
</tenant>'
The error response I get:
{
"error": {
"code": 400,
"message": "Expecting to find application/json in Content-Type header - the server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error.",
"title": "Bad Request"
}
}
-- /bugs.launchpad .net/bugs/ 1289590
You received this bug notification because you are subscribed to the bug
report.
https:/
Title:
SQL Error during update tenant and possibly other calls
Status in OpenStack Identity (keystone):
Triaged
Bug description: 1234556 HTTP/1.1 requests/ 2.2.1 CPython/2.7.4 Linux/3. 11.0-17- generic
Attributes in the description cause sql error and 500. Possible injection.
PUT /v2.0/tenants/
Host: <not shown>:35357
X-Auth-Token: <not shown>
Content-Type: application/xml
Accept-Encoding: gzip, deflate, compress
Accept: application/xml
User-Agent: python-
Content-Length: 245
<tenant enabled="false" name="ACME corp" id="1234556"> ></description>
<description test=""
</tenant>
Response
HTTP/1.1 500 Internal Server Error
Vary: X-Auth-Token
Content-Type: application/xml
Content-Length: 536
Date: Fri, 07 Mar 2014 21:16:52 GMT
<?xml version="1.0" encoding="UTF-8"?> docs.openstack. org/identity/ api/v2. 0" message="An unexpected error prevented the server from fulfilling your request. (ProgrammingError) (1064, 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near \': "\'\'"} WHERE project.id = \'1234556\'\' at line 1') 'UPDATE project SET description=%s WHERE project.id = %s' ({u'test': u''}, '1234556')" code="500" title="Internal Server Error"/>
<error xmlns="http://
To manage notifications about this bug go to: /bugs.launchpad .net/keystone/ +bug/1289590/ +subscriptions
https:/