Bug 1034647 – Unable to list and add env variable any more after user try to add env variable with an invalid UTF-8 value by RESTAPI for app

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1034647 - Unable to list and add env variable any more after user try to add env variable with an invalid UTF-8 value by RESTAPI for app

Summary:	Unable to list and add env variable any more after user try to add env variab...

Status:	CLOSED ERRATA

Aliases:	None

Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Master (Show other bugs)
Sub Component:
Version:	2.0.0
Hardware:	Unspecified Unspecified

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Luke Meyer
QA Contact:	libra bugs
Docs Contact:

URL:
Whiteboard:
Keywords:	UpcomingRelease

Depends On:	1032436
Blocks:
	Show dependency tree / graph

Reported:	2013-11-26 04:39 EST by Nan Wei
Modified:	2017-03-08 12 EST (History)
CC List:	7 users (show)

See Also:
Fixed In Version:	rubygem-openshift-origin-controller-1.17.11-1.el6op openshift-origin-broker-1.15.3-1.el6op
Doc Type:	Bug Fix
Doc Text:	Invalid UTF-8 characters were accepted as values for environment variables, causing errors during operations that utilized those variables. The input validation for environment variables that are configured by users now includes UTF-8 encoding, and as a result invalid UTF-8 characters are now rejected.
Story Points:	---
Clone Of:	1032436
Environment:
Last Closed:	2014-01-28 11:39:06 EST
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2014:0102	normal	SHIPPED_LIVE	Red Hat OpenShift Enterprise 2.0.2 bug fix and enhancement update	2014-01-28 16:38:01 EST

Groups: None (edit)

Description Nan Wei 2013-11-26 04:39:26 EST

+++ This bug was initially created as a clone of Bug #1032436 +++

Description of problem:
User try to add env variable with an invalid UTF-8 value like "bar%B3" by RESTAPI, restapi retrun success, then try to list and add env var, it throws some error messages as follows: "Unable to complete the requested operation due to: invalid byte sequence in UTF-8". 
Version-Release number of selected component (if applicable):
devenv_4051
How reproducible:
100%
Steps to Reproduce:
1. The second time to add new env variable and its value is special characters by rest api
curl -k -H 'Accept: application/xml' --user nwei@redhat.com https://ec2-54-227-44-71.compute-1.amazonaws.com/broker/rest/domain/nweid/application/ptest/environment-variables -X POST -d name=foo1 -d value='bar%B3'
Enter host password for user 'nwei@redhat.com':
<message>
      <severity>info</severity>
      <text>Added environment variable 'foo1' to application ptest</text>
      <exit-code>0</exit-code>
      <field nil="true"></field>
      <index nil="true"></index>
    </message>
2. Check env variable output
[weinan@dhcp-65-25 test]$ rhc env list -a ptest
Unable to complete the requested operation due to: invalid byte sequence in
UTF-8.
Reference ID: 5cd86030999c4664a7b288302f65ad18
3.  Add one valid env variable by rhc
[weinan@dhcp-65-25 test]$ rhc env set name=value -a ptest 
Setting environment variable(s) ... 
Unable to complete the requested operation due to: invalid byte sequence in
UTF-8.
Reference ID: 8cc1d531ed9f6459fc3df38264243437
Actual results:
It throws some error message: "Unable to complete the requested operation due to: invalid byte sequence in UTF-8.
Reference ID: 2183148205576bb4af231690e8909bed" all the time.
Expected results:
User should not be allowed to add an invalid UTF value for a user env var, and it should not break the following list and add env var operation.
Additional info:

--- Additional comment from Lili Nader on 2013-11-21 19:55:39 EST ---

Here's the findings from the debugging

1. curl encodes the data (-d or --data) as ascii.  The ascii encoded version of "bar%B3" is "bar\xB3". FYI, it works fine if  --data-urlencode is used instead.

2. rails expects everything to be encoded in UTF-8 and "bar\xB3" contains an invalid UTF-8 byte sequence.

3. The value is passed on to node without ever calling any methods on it so rails/ruby does not barf until user tries to read back the value from node at which point "invalid byte sequence in UTF-8" is raised.

4. This issue it not unique to env vars.  All other APIs have the same issue although the exception is raised earlier it the process.

Finally the fix.  Check all inputs for valid UTF-8 encoding.  See commit 

https://github.com/lnader/origin-server/commit/845ce9eef98d7313602a50e1a40ecbd14a86906b

in pull request

https://github.com/openshift/origin-server/pull/4213

Comment 2 Luke Meyer 2013-12-23 15:26:13 EST

Next build of rubygem-openshift-origin-console

https://github.com/openshift/enterprise-server/pull/179

origin-server:

commit 374793256163bdc93dcda88fa95f6afd08581ee7
Author: Lili Nader <lnader@redhat.com>
Date:   Thu Nov 21 16:43:36 2013 -0800

    Bug 1032436

commit 425baa3ad8087b7b59081571303cedcaaee8c622
Author: Lili Nader <lnader@redhat.com>
Date:   Wed Nov 20 18:45:20 2013 -0800

    Added checking for git ref according to git-check-ref-format rules

commit fc50a13e7b6143cbb56f0c1906f9a99273a29223
Author: Lili Nader <lnader@redhat.com>
Date:   Fri Nov 22 14:50:50 2013 -0800

    Added ; to list of chars not allowed

Comment 3 Luke Meyer 2013-12-26 13:28:59 EST

The pull request merge testing failed. I'll look into it as priorities allow.

Comment 4 Luke Meyer 2014-01-09 17:14:45 EST

I'd like to take another shot at this for 2.0.2.

Comment 5 Jason DeTiberus 2014-01-15 15:26:06 EST

Tracked the merge tests failing to a bug in the devenv script, updated the script to fix the issue and the merge was successful.

Comment 6 Nan Wei 2014-01-16 22:06:23 EST

Openshift enterprise puddle: 2014-01-16.1

1. add new env variable to an exist app
curl -k -H 'Accept: application/xml' --user nwei1@redhat.com https://10.4.59.142/broker/rest/domain/nwei1domain/application/phps/environment-variables -X POST -d name=foo2 -d value='wwebar%B3'
    <message>
      <severity>error</severity>
      <text>Only valid UTF-8 encoded inputs are accepted</text>
      <exit-code nil="true"></exit-code>
      <field nil="true"></field>
      <index nil="true"></index>
    </message>

2. check env variable output
[root@broker ~]# rhc env list -a phps

3. add valid env variable and check output resule
[root@broker ~]# rhc env list -a phps
foo1=wwww

Comment 8 errata-xmlrpc 2014-01-28 11:39:06 EST

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-0102.html

Note You need to log in before you can comment on or make changes to this bug.