yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #63764
[Bug 1688024] [NEW] quota API missing input validation
Public bug reported:
As seen with the following curl command, neutron accepts float values
for quotas that should require ints. It coverts them to an int, but it
should have returned HTTP 400 instead. The conversion it's doing may or
may not have the same results in python3 as it does here in python2, so
that's another potential concern.
curl -s -X PUT http://localhost:9696/v2.0/quotas/c4d15a1adc0a4cd89006d4db0a2bdfed -H "Accept: application/json" -H "X-Auth-Token: <my_token>" -H "Content-Type: application/json" -d '{"quota": {"floatingip": 2.9}}' | python -m json.tool
{
"quota": {
"floatingip": 2,
"network": -1,
"port": -1,
"rbac_policy": 10,
"router": 10,
"security_group": 10,
"security_group_rule": 100,
"subnet": -1,
"subnetpool": -1
}
}
** Affects: neutron
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1688024
Title:
quota API missing input validation
Status in neutron:
New
Bug description:
As seen with the following curl command, neutron accepts float values
for quotas that should require ints. It coverts them to an int, but it
should have returned HTTP 400 instead. The conversion it's doing may
or may not have the same results in python3 as it does here in
python2, so that's another potential concern.
curl -s -X PUT http://localhost:9696/v2.0/quotas/c4d15a1adc0a4cd89006d4db0a2bdfed -H "Accept: application/json" -H "X-Auth-Token: <my_token>" -H "Content-Type: application/json" -d '{"quota": {"floatingip": 2.9}}' | python -m json.tool
{
"quota": {
"floatingip": 2,
"network": -1,
"port": -1,
"rbac_policy": 10,
"router": 10,
"security_group": 10,
"security_group_rule": 100,
"subnet": -1,
"subnetpool": -1
}
}
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1688024/+subscriptions
