← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #81884

[Bug 1865040] Re: Able to show update and delete aggregate with invalid id

  Thread PreviousDate PreviousThread Next 
Reviewed:  https://review.opendev.org/710214
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=2e70a1717f25652912886cbefa3f40e6df908c00
Submitter: Zuul
Branch:    master

commit 2e70a1717f25652912886cbefa3f40e6df908c00
Author: Johannes Kulik <johannes.kulik@xxxxxxx>
Date:   Thu Feb 27 08:08:32 2020 +0100

    Validate id as integer for os-aggregates
    
    According to the api-ref, the id passed to calls in os-aggregates is
    supposed to be an integer. No function validated this, so any value
    passed to these functions would directly reach the DB. While this is
    fine for SQLite, making a query with a string for an integer column on
    other databases like PostgreSQL results in a DBError exception and thus
    a HTTP 500 instead of 400 or 404.
    
    This commit adds validation for the id parameter the same way it's
    already done for other endpoints.
    
    Closes-Bug: 1865040
    
    Change-Id: I83817f7301680801beaee375825f02eda526eda1


** Changed in: nova
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1865040

Title:
  Able to show update and delete aggregate with invalid id

Status in OpenStack Compute (nova):
  Fix Released

Bug description:
  Description
  ===========
  Able to show, update and delete the aggregate with invalid id. Invalid id means it will start with the same id but appended with some alphanumeric string(ex - actual_id: 5 invalid_id: 5abcd or invalid_id: 5abcd123).

  This issue is only with actual_id appended with alphanumeric value
  started with alphabets not with numbers.

  The aggregate id which is being received on routes is not converting
  to integer anywhere in the code and later it gets transfer to db ,
  which truncates the appended string with original id -

  ex below warning -

  /usr/local/lib/python2.7/dist-packages/pymysql/cursors.py:166:
  Warning: (1292, u"Truncated incorrect DOUBLE value: '6abcd123'")

  There are ways to change the setting and convert the warning into
  error but the code should handle such situation and raise an exception
  with proper error message.

  Steps to reproduce
  ==================

  1. Create an aggregate -

  +----+----------+-------------------+
  | ID | Name     | Availability Zone |
  +----+----------+-------------------+
  |  5 | new_name | None              |
  +----+----------+-------------------+

  2. Get the above created aggregate with a wrong id Ex - 5abcd (started
  with correct id but appended with some alphabets)

  curl -g -i -X GET http://192.168.56.5:8774/v2.1/os-aggregates/5abcd -H "User-Agent: python-novaclient" -H "Accept: application/json" -H "X-Auth-Token: $TOKEN"HTTP/1.1 200 OK
  Content-Length: 226
  Content-Type: application/json
  Openstack-Api-Version: compute 2.1
  X-Openstack-Nova-Api-Version: 2.1
  Vary: OpenStack-API-Version
  Vary: X-OpenStack-Nova-API-Version
  X-Compute-Request-Id: req-c76d66ad-c4ce-430a-bcd5-a5ec5e962d2e
  Date: Thu, 27 Feb 2020 13:44:07 GMT

  {"aggregate": {"name": "new_name", "availability_zone": null,
  "deleted": false, "created_at": "2020-02-27T13:34:00.000000",
  "updated_at": "2020-02-27T13:41:14.000000", "hosts": [], "deleted_at":
  null, "id": 5, "metadata":
  {}}}stack@a:~/nova/nova/api/openstack/compute$

  3. Update the above created aggregate with a wrong id Ex - 5abcd
  (started with correct id but appended with some alphabets) -

  Response (0.169s) - http://192.168.56.5:8774/v2.1/os-aggregates/5abcd
  200 OK

  {
    "aggregate": {
      "name": "new_updated",
      "availability_zone": null,
      "deleted": false,
      "created_at": "2020-02-27T13:34:00.000000",
      "updated_at": "2020-02-27T13:45:17.542075",
      "hosts": [],
      "deleted_at": null,
      "id": 5,
      "metadata": {}
    }
  }

  4. Delete the above created aggregate with a wrong id Ex - 5abcd
  (started with correct id but appended with some alphabets) -

  curl -g -i -X DELETE http://192.168.56.5:8774/v2.1/os-aggregates/5abcd -H "User-Agent: python-novaclient" -H "Accept: application/json" -H "X-Auth-Token: $TOKEN"
  HTTP/1.1 200 OK
  Content-Length: 0
  Content-Type: application/json
  Openstack-Api-Version: compute 2.1
  X-Openstack-Nova-Api-Version: 2.1
  Vary: OpenStack-API-Version
  Vary: X-OpenStack-Nova-API-Version
  X-Compute-Request-Id: req-8d4a2d57-934b-4c66-9a48-9e114b1b4e9f
  Date: Thu, 27 Feb 2020 13:46:10 GMT

  Expected result
  ===============
  Show, update and delete should not work for invalid id (mentioned in summary).

  Actual result
  =============
  Show, update and delete is working for invalid id (mentioned in summary).

  Environment
  ===========
  1. Openstack Release - Ocata
  2. Hypervisor - QEMU

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1865040/+subscriptions

References

  Thread PreviousDate PreviousThread Next