catch TypeError exception,performing "pass" operation

Bug #1872033 reported by Qiu Fossen on 2020-04-10
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Undecided
Qiu Fossen

Bug Description

catch TypeError exception,performing "pass" operation,this should be a code vulnerability.

like this:nova/nova/api/validation/validators.py

def _validate_name(instance):
    regex = parameter_types.valid_name_regex
    try:
        if re.search(regex.regex, instance):
            return True
    except TypeError:
        # The name must be string type. If instance isn't string type, the
        # TypeError will be raised at here.
        pass
    raise exception.InvalidName(reason=regex.reason)

Qiu Fossen (fossen123) on 2020-04-10
Changed in nova:
assignee: nobody → Qiu Fossen (fossen123)
Balazs Gibizer (balazs-gibizer) wrote :

I'm not sure what is the bug you report. The validator only passes if the re.search operation returns true otherwise we raise InvalidName exception. Also if TypeError is raised (and ignored) we raise InvalidName.

Changed in nova:
status: New → Incomplete
Qiu Fossen (fossen123) on 2020-04-27
Changed in nova:
status: Incomplete → In Progress
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers