yahoo-eng-team team mailing list archive

[Puneet Arora <apuneet@xxxxxxxxxx>]

Public bug reported:

Neutron is allowing to update qos-bandwidth-limit-rule with some special characters.
I can update "qos-bandwidth-limit-rule-update " with some of the special characters. This should be restricted. I have used "$!", "$@", "$#, in --max-kbps value.

Steps:
$ neutron qos-policy-create qos-policy7

$ neutron qos-bandwidth-limit-rule-create  <qos-policy-id>  --max-kbps
10000 --max-burst-kbps 30000

$ neutron qos-bandwidth-limit-rule-update <qos-bandwidth-rule-id> <qos-
policy-id> --max-kbps 1$!0 --max-burst-kbps 30000

In above command qos-bandwidth-limit-rule-update updated with "1$!0"
this should be restricted.

Detailed commands pasted here:-
http://paste.openstack.org/show/600207/

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1667285

Title:
  Neutron: Updation of  qos-bandwidth-limit-rule-update with some
  special characters should be restricted

Status in neutron:
  New

Bug description:
  Neutron is allowing to update qos-bandwidth-limit-rule with some special characters.
  I can update "qos-bandwidth-limit-rule-update " with some of the special characters. This should be restricted. I have used "$!", "$@", "$#, in --max-kbps value.

  Steps:
  $ neutron qos-policy-create qos-policy7

  $ neutron qos-bandwidth-limit-rule-create  <qos-policy-id>  --max-kbps
  10000 --max-burst-kbps 30000

  $ neutron qos-bandwidth-limit-rule-update <qos-bandwidth-rule-id>
  <qos-policy-id> --max-kbps 1$!0 --max-burst-kbps 30000

  In above command qos-bandwidth-limit-rule-update updated with "1$!0"
  this should be restricted.

  Detailed commands pasted here:-
  http://paste.openstack.org/show/600207/

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1667285/+subscriptions