zaqar

Client UUID not validated

Bug #1233420 reported by Kurt Griffiths on 2013-09-30

This bug affects 1 person

Affects

Status

Importance

Assigned to

Milestone

zaqar

Fix Released

Medium

Zhihao Yuan

zaqar 2014.1 "icehouse"

You need to log in to change this bug's status.

Affecting:	zaqar
Filed here by:	Kurt Griffiths
When:	2013-09-30
Confirmed:	2013-10-02
Assigned:	2013-10-01
Started work:	2013-10-02
Completed:	2013-12-19

Target

Distribution
Package	(Find…)
Project	(Find…)

Status	Importance	Milestone
	Medium	zaqar 2014.1

Assigned to

	Me
	Zhihao Yuan (zyuan)

Comment on this change (optional)

Email me about changes to this bug report

(?)

Bug Description

We need to validate all input. Client UUID is currently never looked at; we should verify that it is of a sane length and has expected characters. In fact, due to the confusion user's have had with client UUID, I propose defining it more strictly to either be an integer or a true UUID.

Add tags Tag help

Zhihao Yuan (zyuan) wrote on 2013-10-01:

Benefit: store UUID in bytes form in DB

Changed in marconi:
assignee:	nobody → Zhihao Yuan (zyuan)

OpenStack Infra (hudson-openstack) wrote on 2013-10-02: Fix proposed to marconi (master)

Fix proposed to branch: master
Review: https://review.openstack.org/49378

Changed in marconi:
status:	New → In Progress

OpenStack Infra (hudson-openstack) wrote on 2013-10-07: Fix merged to marconi (master)

Reviewed: https://review.openstack.org/49378
Committed: http://github.com/openstack/marconi/commit/cef47c68e50ef791f5e2a3db341d26bed814bdb5
Submitter: Jenkins
Branch: master

commit cef47c68e50ef791f5e2a3db341d26bed814bdb5
Author: Zhihao Yuan <email address hidden>
Date: Wed Oct 2 10:33:41 2013 -0400

feat(api): Client-ID as a real UUID

    We store the UUID in binary form in DBs, and perform checking
    on user inputs. Compared with the hex form we currently using,
    the binary form saves half space to store. In addition, by
    enforcing UUID on the server side, we can minimize the chance of
    client ID collision.

Change-Id: Ic3048a0d2aa21bd201e2d2d9cd8a562662cf8f8e
Closes-Bug: 1233420

Changed in marconi:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2013-12-19

Changed in marconi:
milestone:	none → icehouse-1
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2014-04-17

Changed in marconi:
milestone:	icehouse-1 → 2014.1

Report a bug

This report contains Public information Edit

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers