Bug 1219680 - webadmin portal allows to add non-ascii characters in the disk_description which causes false positive object creation in log.
Summary: webadmin portal allows to add non-ascii characters in the disk_description wh...
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine
Version: 3.5.1
Hardware: All
OS: Linux
Target Milestone: ovirt-3.6.0-rc
: 3.6.0
Assignee: Idan Shaby
QA Contact: Natalie Gavrielov
Depends On: 1249130
Blocks: 1261387
TreeView+ depends on / blocked
Reported: 2015-05-08 00:34 UTC by Anand Nande
Modified: 2019-06-13 08:29 UTC (History)
12 users (show)

Fixed In Version: ovirt-engine-3.6.0_beta5
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1261387 (view as bug list)
Last Closed: 2016-03-09 21:06:14 UTC
oVirt Team: Storage
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2016:0376 0 normal SHIPPED_LIVE Red Hat Enterprise Virtualization Manager 3.6.0 2016-03-10 01:20:52 UTC
oVirt gerrit 45374 0 master MERGED core: encode non-ASCII disk alias/description Never
oVirt gerrit 45900 0 ovirt-engine-3.6 MERGED core: encode non-ASCII disk alias/description Never

Comment 1 Anand Nande 2015-05-08 00:34:50 UTC
Created attachment 1023327 [details]

Comment 2 Anand Nande 2015-05-08 00:35:23 UTC
Created attachment 1023328 [details]

Comment 4 Allon Mureinik 2015-05-10 07:46:46 UTC
Liron, this looks like a result of your recent work on the OVF store. Can you have a look please?

Comment 6 Allon Mureinik 2015-08-03 14:24:19 UTC
Talked to Yaniv Dary from the PM team - we should block non-ASCII characters for this field.

If it's important to support such characters, please open an RFE.

Comment 7 Allon Mureinik 2015-08-03 14:25:56 UTC
This was also reproduced by RHEV Storage QA - see bug 1249130.

Comment 8 Liron Aravot 2015-08-20 12:54:14 UTC
Allon, it's not related to the OVF changes, it's a side effect of change Ie2642ae7016579ead699509426e01ac2010bd374 where an update of the description to the storage was added.

We can block unhallowed characters, but the false postive result isn't wrong - we don't want necessarily to fail the disk update if we fail to update the description in the storage..the severity can change to WARNING instead of an ERROR aside of a description validation.

Comment 10 Natalie Gavrielov 2015-11-17 12:52:23 UTC
The following scenario was tested:

Create a new disk using webadmin, in the description box used none ascii characters such as: ¼, ½, ¾, ®, ©, ², ♠, ♥, ♦, ♣.

1. Disk was not created.
2. UI prevents the creation of a disk with such description.
3. No messages found in engine.log regarding this operation.

Verified using rhevm- (3.6.0-20)

Comment 11 Idan Shaby 2015-11-18 07:26:35 UTC
Actually what should be verified here is that the disk *IS* created and that its description is encoded and decoded properly.

To do that, you can:
1. Create a storage domain (two scenarios - file and block).
2. Create a disk on that domain with a non ASCII description (try to use "áéíóúñññ" or something similar, I will explain a bit more about it later).
3. Take the domain down to maintenance and destroy it.
4. Import the storage domain.
5. Register the disk you previously created (http://www.ovirt.org/Features/ImportStorageDomain#Register_an_unregistered_disk).
6. Verify that the disk's description is as expected.

The characters you used are blocked in the ui level. These are characters that we don't allow to use at all, not before and not after the fix for this bug.
So when you fill the disk's description, use non ascii characters that the ui doesn't block.

For more information about legal characters for the disk's description, you can look at - org.ovirt.engine.ui.uicommonweb.validation.BaseI18NValidation.java.

Comment 12 Idan Shaby 2015-11-18 07:58:48 UTC
Generally, BaseI18NValidation.java should allow all utf letters and numbers.

Comment 13 Natalie Gavrielov 2015-11-18 17:26:24 UTC
Performed the scenario above both for nfs and iscsi.

Used rest api as described in comment #11.
1. Getting the list of all storage domains:
METHOD: GET, URL: https://ngavrilo-rhevm.scl.lab.tlv.redhat.com/api/storagedomains
2. Getting list of unregistered disks of the relevant storage domain:
METHOD: POST, URL: https://ngavrilo-rhevm.scl.lab.tlv.redhat.com/api/storagedomains/bcc8d614-bcb7-41b1-9129-f2828b190c51/disks;unregistered
3. Register a disk:
curl -v -k -u "admin@internal" -H "Content-type: application/xml" -d '<disk id="48e61b2a-dfe7-473d-985e-d2cd7e39cc7b"><alias>disk-iscsi</alias> </disk>' "https://ngavrilo-rhevm.scl.lab.tlv.redhat.com/api/storagedomains/bcc8d614-bcb7-41b1-9129-f2828b190c51/disks;unregistered"


Enter host password for user 'admin@internal':
* About to connect() to ngavrilo-rhevm.scl.lab.tlv.redhat.com port 443 (#0)
*   Trying connected
* Connected to ngavrilo-rhevm.scl.lab.tlv.redhat.com ( port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* warning: ignoring value of ssl.verifyhost
* skipping SSL peer certificate verification
* SSL connection using TLS_DHE_RSA_WITH_AES_256_CBC_SHA
* Server certificate:
* 	subject: CN=ngavrilo-rhevm.scl.lab.tlv.redhat.com,O=scl.lab.tlv.redhat.com,C=US
* 	start date: Nov 16 06:28:09 2015 GMT
* 	expire date: Oct 21 06:28:09 2020 GMT
* 	common name: ngavrilo-rhevm.scl.lab.tlv.redhat.com
* 	issuer: CN=ngavrilo-rhevm.scl.lab.tlv.redhat.com.87759,O=scl.lab.tlv.redhat.com,C=US
* Server auth using Basic with user 'admin@internal'
> POST /api/storagedomains/bcc8d614-bcb7-41b1-9129-f2828b190c51/disks;unregistered HTTP/1.1
> Authorization: Basic YWRtaW5AaW50ZXJuYWw6MTIzNDU2
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.18 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: ngavrilo-rhevm.scl.lab.tlv.redhat.com
> Accept: */*
> Content-type: application/xml
> Content-Length: 81
< HTTP/1.1 201 Created
< Date: Wed, 18 Nov 2015 17:00:42 GMT
< Location: https://ngavrilo-rhevm.scl.lab.tlv.redhat.com/api/api/storagedomains/bcc8d614-bcb7-41b1-9129-f2828b190c51/disks/48e61b2a-dfe7-473d-985e-d2cd7e39cc7b
< Content-Type: application/xml
< Content-Length: 1677
< Vary: Accept-Encoding
< Connection: close
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<disk href="/api/storagedomains/bcc8d614-bcb7-41b1-9129-f2828b190c51/disks/48e61b2a-dfe7-473d-985e-d2cd7e39cc7b" id="48e61b2a-dfe7-473d-985e-d2cd7e39cc7b">
        <link href="/api/storagedomains/bcc8d614-bcb7-41b1-9129-f2828b190c51/disks/48e61b2a-dfe7-473d-985e-d2cd7e39cc7b/export" rel="export"/>
    <link href="/api/storagedomains/bcc8d614-bcb7-41b1-9129-f2828b190c51/disks/48e61b2a-dfe7-473d-985e-d2cd7e39cc7b/permissions" rel="permissions"/>
    <link href="/api/storagedomains/bcc8d614-bcb7-41b1-9129-f2828b190c51/disks/48e61b2a-dfe7-473d-985e-d2cd7e39cc7b/statistics" rel="statistics"/>
    <storage_domain href="/api/storagedomains/bcc8d614-bcb7-41b1-9129-f2828b190c51" id="bcc8d614-bcb7-41b1-9129-f2828b190c51"/>
        <storage_domain id="bcc8d614-bcb7-41b1-9129-f2828b190c51"/>
    <disk_profile href="/api/diskprofiles/16364109-0f8e-4a94-b070-7feda432a8c2" id="16364109-0f8e-4a94-b070-7feda432a8c2"/>
* Closing connection #0

Disk appears in the UI, Description with the non ASCII chars is displayed correctly.

Verified, using rhevm- (3.6.0-20)

Comment 17 errata-xmlrpc 2016-03-09 21:06:14 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.