Bug 1013737
Summary: | No error when inserting a non-ISO image through the REST API | ||
---|---|---|---|
Product: | Red Hat Enterprise Virtualization Manager | Reporter: | Christophe Fergeau <cfergeau> |
Component: | ovirt-engine | Assignee: | Martin Betak <mbetak> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Pavel Novotny <pnovotny> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 3.3.0 | CC: | bazulay, iheim, lpeer, mavital, michal.skrivanek, oramraz, rbalakri, Rhev-m-bugs, yeylon |
Target Milestone: | --- | ||
Target Release: | 3.5.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | virt | ||
Fixed In Version: | ovirt-3.5.0_rc1 | Doc Type: | Bug Fix |
Doc Text: |
Cause: Missing validation for image file suffix.
Consequence: Allowed erroneous insertion of floppy to cdrom.
Fix: Added check do allow only *.iso files to be inserted to cdrom.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2015-02-17 08:26:36 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1142923, 1156165 |
Description
Christophe Fergeau
2013-09-30 16:49:47 UTC
is the suffix check enough? i.e. .iso for cdrom and .vfd for floppy? The 'file' resources have a 'type' attribute as documented in api?schema and in https://access.redhat.com/site/documentation//en-US/Red_Hat_Enterprise_Virtualization/3.2/html/Developer_Guide/sect-Sub-Collections-2.html so I was thinking this could be used. However it's not present when I look at the xml returned by a 3.2 or 3.3 instance. Verified upstream in ovirt-engine-3.5.0-0.0.master.20140804172041.git23b558e.el6.noarch (rc1). Request PUT /ovirt-engine/api/vms/<uuid>/cdroms/00000000-0000-0000-0000-000000000000?current with body <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <cdrom> <file id="virtio-win-1.2.0.vfd"/> </cdrom> returns: <fault> <reason>Operation Failed</reason> <detail>[Cannot edit VM. Invalid CD image format.]</detail> </fault> RHEV-M 3.5.0 has been released |