Bug 1689429

Summary: incorrect error reported for invalid rich rule priority
Product: Red Hat Enterprise Linux 8 Reporter: Tomas Dolezal <todoleza>
Component: firewalldAssignee: Phil Sutter <psutter>
Status: CLOSED ERRATA QA Contact: Tomas Dolezal <todoleza>
Severity: medium Docs Contact:
Priority: medium    
Version: 8.0CC: egarver, psutter, rkhan, todoleza
Target Milestone: pre-dev-freezeKeywords: Upstream
Target Release: 8.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: firewalld-0.8.2-2.el8 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-11-04 01:39:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Tomas Dolezal 2019-03-15 21:41:09 UTC 
Description of problem:
general UNKNOWN error reported instead of INVALID_RULE or INVALID_PRIORITY if rich rule priority is not valid

Version-Release number of selected component (if applicable):
firewalld-0.6.3-7.el8.noarch

How reproducible:
always

Steps to Reproduce:
:: [ 17:22:17 ] :: [   INFO   ] :: try invalid rules
:: [ 17:22:17 ] :: [  BEGIN   ] :: Running 'firewall-cmd --add-rich-rule 'rule priority=ab     service name=dns accept''
Error: invalid literal for int() with base 10: 'ab'
:: [ 17:22:17 ] :: [   PASS   ] :: Command 'firewall-cmd --add-rich-rule 'rule priority=ab     service name=dns accept'' (Expected 139,254, got 254)
:: [ 17:22:17 ] :: [  BEGIN   ] :: Running 'firewall-cmd --add-rich-rule 'rule priority=2ab    service name=dns accept''
Error: invalid literal for int() with base 10: '2ab'
:: [ 17:22:18 ] :: [   PASS   ] :: Command 'firewall-cmd --add-rich-rule 'rule priority=2ab    service name=dns accept'' (Expected 139,254, got 254)
:: [ 17:22:18 ] :: [  BEGIN   ] :: Running 'firewall-cmd --add-rich-rule 'rule priority=.4     service name=dns accept''
Error: invalid literal for int() with base 10: '.4'
:: [ 17:22:18 ] :: [   PASS   ] :: Command 'firewall-cmd --add-rich-rule 'rule priority=.4     service name=dns accept'' (Expected 139,254, got 254)
:: [ 17:22:18 ] :: [  BEGIN   ] :: Running 'firewall-cmd --add-rich-rule 'rule priority=-c     service name=dns accept''
Error: invalid literal for int() with base 10: '-c'
:: [ 17:22:18 ] :: [   PASS   ] :: Command 'firewall-cmd --add-rich-rule 'rule priority=-c     service name=dns accept'' (Expected 139,254, got 254)
:: [ 17:22:18 ] :: [  BEGIN   ] :: Running 'firewall-cmd --add-rich-rule 'rule priority=-c     service name=dns accept''
Error: invalid literal for int() with base 10: '-c'
:: [ 17:22:19 ] :: [   PASS   ] :: Command 'firewall-cmd --add-rich-rule 'rule priority=-c     service name=dns accept'' (Expected 139,254, got 254)
:: [ 17:22:19 ] :: [  BEGIN   ] :: Running 'firewall-cmd --add-rich-rule 'rule priority=-32769 service name=dns accept''
Error: INVALID_PRIORITY: 'priority' attribute must be between -32768 and 32767.
:: [ 17:22:19 ] :: [   PASS   ] :: Command 'firewall-cmd --add-rich-rule 'rule priority=-32769 service name=dns accept'' (Expected 139,254, got 139)
:: [ 17:22:19 ] :: [  BEGIN   ] :: Running 'firewall-cmd --add-rich-rule 'rule priority=32768  service name=dns accept''
Error: INVALID_PRIORITY: 'priority' attribute must be between -32768 and 32767.
:: [ 17:22:19 ] :: [   PASS   ] :: Command 'firewall-cmd --add-rich-rule 'rule priority=32768  service name=dns accept'' (Expected 139,254, got 139)


Expected results:
descriptive error message and correct code

Additional info:
Comment 2 Phil Sutter 2020-06-25 15:15:36 UTC 
PR opened upstream: https://github.com/firewalld/firewalld/pull/658
Comment 3 Phil Sutter 2020-06-29 13:52:04 UTC 
Upstream commit to backport:

commit 3a0e79b1cfe4344d21d30eb47c038252d728cc44
Author: Phil Sutter <psutter>
Date:   Thu Jun 25 16:42:36 2020 +0200

    fix: core: rich: Catch ValueError on non-numeric priority values
    
    Be a bit more user-friendly by printing:
    
    | Error: INVALID_RULE: invalid 'priority' attribute value 'ab'.
    
    instead of Python's default, which is:
    
    | Error: invalid literal for int() with base 10: 'ab'
    
    Fixes: rhbz 1689429
Comment 10 errata-xmlrpc 2020-11-04 01:39:57 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (firewalld bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4461