Bug 1558618

Summary: CustomAttributeMixin#miq_custom_set should prevent setting attributes with spaces, colons or any other invalid column characters
Product: Red Hat CloudForms Management Engine Reporter: Joe Rafaniello <jrafanie>
Component: ApplianceAssignee: Gregg Tanzillo <gtanzill>
Status: CLOSED CANTFIX QA Contact: Dave Johnson <dajohnso>
Severity: medium Docs Contact:
Priority: medium    
Version: 5.9.0CC: abellott, bdunne, cpelland, dmetzger, jdeubel, jrafanie, obarenbo
Target Milestone: GA   
Target Release: 5.9.5   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-09-14 13:00:42 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1595269    

Description Joe Rafaniello 2018-03-20 15:51:22 UTC 
Description of problem: miq_custom_set allows you to name a custom attribute with a space, colon, etc.

It should have a validation that fails.
Found in:  https://bugzilla.redhat.com/show_bug.cgi?id=1553750#c15

Note, this change needs to allow our existing provider/ems refreshes/scans to properly set the custom attribute as they currently already do.  We cannot break existing code for refreshes and vm scans in order to fix this bug.



Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
from: https://www.postgresql.org/docs/current/static/sql-syntax-lexical.html#SQL-SYNTAX-IDENTIFIERS

SQL identifiers and key words must begin with a letter (a-z, but also letters with diacritical marks and non-Latin letters) or an underscore (_). Subsequent characters in an identifier or key word can be letters, underscores, digits (0-9), or dollar signs ($). Note that dollar signs are not allowed in identifiers according to the letter of the SQL standard, so their use might render applications less portable. The SQL standard will not define a key word that contains digits or starts or ends with an underscore, so identifiers of this form are safe against possible conflict with future extensions of the standard.
Comment 2 Dave Johnson 2018-03-20 16:04:34 UTC 
Please assess the impact of this issue and update the severity accordingly.  Please refer to https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity for a reminder on each severity's definition.

If it's something like a tracker bug where it doesn't matter, please set the severity to Low.
Comment 3 CFME Bot 2018-05-01 20:47:11 UTC 
https://github.com/ManageIQ/manageiq/pull/17372