Bug 969112
Summary: | Deleting an alias with just one or two dots as its name ends up deleting the application | ||
---|---|---|---|
Product: | OpenShift Online | Reporter: | Abhishek Gupta <abhgupta> |
Component: | Master | Assignee: | Lili Nader <lnader> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | libra bugs <libra-bugs> |
Severity: | low | Docs Contact: | |
Priority: | medium | ||
Version: | 2.x | CC: | gpei, jliggitt, mfisher, rmillner, zzhao |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | 968952 | Environment: | |
Last Closed: | 2013-06-24 14:49:45 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Abhishek Gupta
2013-05-30 16:44:52 UTC
The broker is constructing the href links incorrectly for an alias named .. Create an app with the alias .., and view the rest api response for it: ... "DELETE": { "href": "https://ec2-54-226-151-3.compute-1.amazonaws.com/broker/rest/domains/test1/applications/foo/", "method": "DELETE", "optional_params": [ ], "rel": "Delete alias", "required_params": [ ] } The ".." gets normalized to point to the parent directory. RHC is simply calling DELETE on the provided href, which ends up deleting the app. This is a concern for anything where we embed the name into the URL without escaping it. Search for URI::join in the broker to check for other places where embedding .. could be problematic "." could also be an issue in other places If we fix Bug 968952 and fix our alias validations, then this bug would not exist except for existing aliases that have this issue. RFC 1123 (sect 2.1) specifies that a host name must start with a letter or number. Adding that check would eliminate this problem. I'll add it at the host level and but going forward it would be good if the broker also did this check. Lowering severity since the bug 968952 is being fixed with the pull request --> https://github.com/openshift/origin-server/pull/2697 The broker is fixing its validation for the alias. Commit pushed to master at https://github.com/openshift/origin-server https://github.com/openshift/origin-server/commit/dfac49170367101e4887b7e7d9c774e77fe615ad Bug 969112 - RFC 1121 (sect 2.1) specifies that a host name must start with a letter or number. Tested this bug on devenv_3368, it has fixed. [zqzhao@dhcp-13-222 zqpy27]$ rhc alias add zqruby18 .. Invalid Server Alias '..' specified |