quota API missing input validation
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
New
|
Undecided
|
Yan Songming |
Bug Description
As seen with the following curl command, neutron accepts float values for quotas that should require ints. It coverts them to an int, but it should have returned HTTP 400 instead. The conversion it's doing may or may not have the same results in python3 as it does here in python2, so that's another potential concern.
curl -s -X PUT http://
{
"quota": {
"network": -1,
"port": -1,
"router": 10,
"subnet": -1,
}
}
Changed in neutron: | |
assignee: | nobody → Yan Songming (songmingyan) |
probably requires a fix similar to https:/ /review. openstack. org/#/c/ 451316/ that was made for cinder.