zaqar

Redis driver doesn't explicitly validate UUIDs

Bug #1367024 reported by Kurt Griffiths on 2014-09-08

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	zaqar	Fix Released	Low	Masaki Matsushita	zaqar 1.0.0 "liberty"

Bug Description

For claim and message IDs, as well as as client_uuids, the driver does not always validate that they are real UUIDs. This should not pose a problem, assuming redis-py sanitizes key names, but it would be good to do our own checking just to be certain.

Tags:

Victoria Martinez de la Cruz (vkmc) on 2014-10-02

Changed in zaqar:
status:	New → Confirmed
importance:	Undecided → Low

Revision history for this message

Flavio Percoco (flaper87) wrote on 2014-11-14:

Should this be done as a falcon hook?

tags:

added: low-hanging-fruit

Doraly Navarro (doralynavarro) on 2014-12-01

Changed in zaqar:
assignee:	nobody → Doraly Navarro (doralynavarro)

Akanksha Srivastava (akanksha-dlf) on 2015-03-10

Changed in zaqar:
assignee:	Doraly Navarro (doralynavarro) → aknksha (akanksha-dlf)

Akanksha Srivastava (akanksha-dlf) on 2015-03-11

Changed in zaqar:
assignee:	Akanksha Srivastava (akanksha-dlf) → nobody

Victoria Martinez de la Cruz (vkmc) on 2015-03-11

Changed in zaqar:
assignee:	nobody → Doraly Navarro (doralynavarro)

Masaki Matsushita (mmasaki) on 2015-03-16

Changed in zaqar:
assignee:	Doraly Navarro (doralynavarro) → Masaki Matsushita (glass-saga)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-03-16: Fix proposed to zaqar (master)

Fix proposed to branch: master
Review: https://review.openstack.org/164671

Changed in zaqar:
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-03-22: Change abandoned on zaqar (master)

Change abandoned by Akanksha Srivastava (<email address hidden>) on branch: master
Review: https://review.openstack.org/166565
Reason: Uploaded by mistake. Dont review.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-07-09: Fix merged to zaqar (master)

Reviewed: https://review.openstack.org/164671
Committed: https://git.openstack.org/cgit/openstack/zaqar/commit/?id=6c4bb628bee66c131150d696a61eb1f6e793a84a
Submitter: Jenkins
Branch: master

commit 6c4bb628bee66c131150d696a61eb1f6e793a84a
Author: Masaki Matsushita <email address hidden>
Date: Mon Mar 16 21:22:17 2015 +0900

Validate UUIDs before the driver sends them

    Redis driver does not always validate UUIDs (claim ID, message ID
    and client_uuid). This commit introduces validation of them before the
    driver sends them.

Closes-Bug: #1367024
Change-Id: I08eaa7df1f6887224edd0a3324ee4e5db3f6c229

Changed in zaqar:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2015-07-30

Changed in zaqar:
milestone:	none → liberty-2
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2015-10-15

Changed in zaqar:
milestone:	liberty-2 → 1.0.0

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.