Bug 1510755

Summary: Possible exceptions in collection input validation
Product: [oVirt] ovirt-engine Reporter: Ori Liel <oliel>
Component: RestAPIAssignee: Ori Liel <oliel>
Status: CLOSED CURRENTRELEASE QA Contact: Radim Hrazdil <rhrazdil>
Severity: medium Docs Contact:
Priority: unspecified    
Version: futureCC: bugs, lsvaty, mperina
Target Milestone: ovirt-4.2.0Flags: rule-engine: ovirt-4.2+
Target Release: 4.2.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-12-20 11:26:58 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ori Liel 2017-11-08 07:27:26 UTC 
Auto-generated code from 'live-documentation', which validates input, may fail with NPE or IndexOutOfBoundsException when validating collections. 

Pasting comment from JaxrsHelperGenerator.getAttributePath():

TODO: !=null and .isEmpty() checks for collections missing at this point due to complexity in adding them. Only the full check is added, e.g:               

disk.getTarget().getLogicalUnits().getLogicalUnits().get(0).getLunStorage()!=null

this means the NullPointer or InderOutOfBound exceptions are possible for bad collection input


How Reproducible (always, 100%):

Add disk: POST .../api/disks

<disk>
  <format>cow</format>
  <interface>ide</interface>
   <lun_storage/>
</disk>

This will result in NPE (disk.getLunStorage.getLogicalUnits().getLogicalUnits())


Add disk: POST .../api/disks

<disk>
  <format>cow</format>
  <interface>ide</interface>
   <lun_storage>
      <type>nfs</type>
      <logical_units/>
    </lun_storage>
</disk>
   
This will result in IndexOutOfBoundException
(disk.getLunStorage.getLogicalUnits().getLogicalUnits().get(0))
Comment 1 Ori Liel 2017-11-20 12:50:05 UTC 
patch posted: 

  https://gerrit.ovirt.org/#/c/84375/
Comment 2 Radim Hrazdil 2017-12-13 16:12:06 UTC 
Verified that POST requests in format suggested in the description don't yield NPE or IndexOutOfBoundException, but error message in following format is returned:
<fault>
    <detail>LogicalUnit  required for add</detail>
    <reason>Incomplete parameters</reason>
</fault>

Version 4.2.0-0.6
Comment 3 Ori Liel 2017-12-14 06:02:35 UTC 
That's fine
Comment 4 Sandro Bonazzola 2017-12-20 11:26:58 UTC 
This bugzilla is included in oVirt 4.2.0 release, published on Dec 20th 2017.

Since the problem described in this bug report should be
resolved in oVirt 4.2.0 release, published on Dec 20th 2017, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.