StarlingX

Debian: system modify command accepts garbage input for latitude and longitude

Bug #2001677 reported by Christopher de Oliveira Souza
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
Low
Christopher de Oliveira Souza

Bug Description

Brief Description
------------------------
System modify command accepts garbage input for latitude and longitude.

Severity
------------------------
Standard.

Steps to Reproduce
------------------------
On a system eg.

one of the subclouds (or system controller)

$ system modify --latitude garbage --longitude 432784389248923478923

Expected Behavior
-----------------------
conditions for valid lat/long values:

    lat/long must be finite number
    latitude should be between -90 to +90 inclusive
    longitude must be between -180 to +180 inclusive

Expect the system modify command to check validity and return appropriate feedback if the value is not acceptable

Actual Behavior
-----------------------
system modify command does not appear to do any checking

$ system modify --latitude garbage --longitude 432784389248923478923
------------------------------------------------------------+
Property Value

------------------------------------------------------------+
contact None
created_at 2022-12-19T13:42:08.635048+00:00
description None
distributed_cloud_role subcloud
https_enabled False
latitude garbage
location None
longitude 432784389248923478923
name dc-subcloud3
region_name subcloud3
sdn_enabled False
security_feature spectre_meltdown_v1
service_project_name services
shared_services []
software_version 22.12
system_mode simplex
system_type All-in-one
timezone UTC
updated_at 2022-12-22T20:36:12.156855+00:00
uuid 6d08f86e-e764-45b7-914a-5f38b28d8d42
vswitch_type none

Reproducibility
---------------------
yes

System Configuration
---------------------
DC system (with subclouds)

Last Pass
---------------------
N/A

Timestamp/Logs
---------------------
N/A

Alarms
---------------------
N/A

Test Activity
---------------------
N/A

Workaround
---------------------
N/A

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to config (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/config/+/869213

Changed in starlingx:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to config (master)

Reviewed: https://review.opendev.org/c/starlingx/config/+/869213
Committed: https://opendev.org/starlingx/config/commit/f3ec64266e9989082f61aa2b3ca27219e6606bf5
Submitter: "Zuul (22348)"
Branch: master

commit f3ec64266e9989082f61aa2b3ca27219e6606bf5
Author: Christopher Souza <email address hidden>
Date: Wed Jan 4 10:23:50 2023 -0300

    Fix validation for latitude and longitude params.

    System modify command accepts garbage input for latitude and longitude.
    The old validation was to check if either latitude or longitude had
    more than 30 characters. It was added a regex for latitude and
    longitude, allowing only numbers between -90 and +90 for
    latitude and numbers between -180 and +180 for longitude.

    Test Plan:
    Pass: AIO-SX full deployment.
    Pass: run system modify with a latitude greater than +90.
    Expected a message for invalid input.
    Pass: run system modify with a latitude between -90 and +90.
    Expected the command to run succesfully.
    Pass: run system modify with a non-numeric string as latitude.
    Expected a message for invalid input.
    Pass: run system modify with a longitude greater than +180.
    Expected a message for invalid input.
    Pass: run system modify with a longitude between -180 and +180.
    Expected the command to run succesfully.
    Pass: run system modify with a non-numeric string as longitude.
    Expected a message for invalid input.

    Closes-Bug: 2001677

    Signed-off-by: Christopher Souza <email address hidden>
    Change-Id: I668f158086397a1d155ad5ded2e7fa75d1e9ffde

Changed in starlingx:
status: In Progress → Fix Released
Ghada Khalil (gkhalil)
Changed in starlingx:
importance: Undecided → Low
tags: added: stx.8.0 stx.config
Changed in starlingx:
assignee: nobody → Christopher de Oliveira Souza (cdeolive)
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.