1516468 – It possible to create puppet repository using name contains html tag

Bug 1516468 - It possible to create puppet repository using name contains html tag

Summary: It possible to create puppet repository using name contains html tag

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Repositories
Sub Component:
Version:	6.3.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	6.4.0
Assignee:	satellite6-bugs
QA Contact:	jcallaha
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-11-22 16:53 UTC by Oleg Dovzhenko
Modified:	2019-11-05 23:10 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-10-16 19:20:00 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
Production log (495.43 KB, application/zip) 2017-11-22 16:53 UTC, Oleg Dovzhenko	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Foreman Issue Tracker	23085	0	None	None	None	2018-04-02 13:44:14 UTC

Description Oleg Dovzhenko 2017-11-22 16:53:00 UTC

Created attachment 1357676 [details]
Production log

Description of problem:
Name validation is not working properly on creating puppet repository

Version-Release number of selected component (if applicable):
Satellite 6.3.0 snap 25
foreman-1.15.6.9-1.el7sat.noarch
foreman-bootloaders-redhat-201707171807-1.el7sat.noarch
foreman-bootloaders-redhat-tftpboot-201707171807-1.el7sat.noarch
foreman-cli-1.15.6.9-1.el7sat.noarch
foreman-compute-1.15.6.9-1.el7sat.noarch
foreman-debug-1.15.6.9-1.el7sat.noarch
foreman-discovery-image-3.4.1-3.el7sat.noarch
foreman-ec2-1.15.6.9-1.el7sat.noarch
foreman-gce-1.15.6.9-1.el7sat.noarch
foreman-installer-1.15.6.4-1.el7sat.noarch
foreman-installer-katello-3.4.5.12-1.el7sat.noarch
foreman-libvirt-1.15.6.9-1.el7sat.noarch
foreman-openstack-1.15.6.9-1.el7sat.noarch
foreman-ovirt-1.15.6.9-1.el7sat.noarch
foreman-postgresql-1.15.6.9-1.el7sat.noarch
foreman-proxy-1.15.6.1-1.el7sat.noarch
foreman-proxy-content-3.4.5-6.el7sat.noarch
foreman-rackspace-1.15.6.9-1.el7sat.noarch
foreman-selinux-1.15.5-1.el7sat.noarch
foreman-vmware-1.15.6.9-1.el7sat.noarch
hp-dl120gen9-04.rhts.eng.bos.redhat.com-foreman-client-1.0-1.noarch
hp-dl120gen9-04.rhts.eng.bos.redhat.com-foreman-proxy-1.0-2.noarch
hp-dl120gen9-04.rhts.eng.bos.redhat.com-foreman-proxy-client-1.0-1.noarch
katello-3.4.5-6.el7sat.noarch
katello-certs-tools-2.4.0-1.el7sat.noarch
katello-client-bootstrap-1.4.2-1.el7sat.noarch
katello-common-3.4.5-6.el7sat.noarch
katello-debug-3.4.5-6.el7sat.noarch
katello-default-ca-1.0-1.noarch
katello-installer-base-3.4.5.12-1.el7sat.noarch
katello-selinux-3.0.2-1.el7sat.noarch
katello-server-ca-1.0-1.noarch
katello-service-3.4.5-6.el7sat.noarch
pulp-katello-1.0.2-1.el7sat.noarch
puppet-foreman_scap_client-0.3.16-1.el7sat.noarch
satellite-6.3.0-21.0.beta.el7sat.noarch
satellite-cli-6.3.0-21.0.beta.el7sat.noarch
satellite-common-6.3.0-21.0.beta.el7sat.noarch
satellite-installer-6.3.0.9-1.beta.el7sat.noarch
tfm-rubygem-foreman_bootdisk-9.0.0-2.fm1_15.el7sat.noarch
tfm-rubygem-foreman_discovery-9.1.5-1.fm1_15.el7sat.noarch
tfm-rubygem-foreman_docker-3.1.0-1.fm1_15.el7sat.noarch
tfm-rubygem-foreman_hooks-0.3.14-1.fm1_15.el7sat.noarch
tfm-rubygem-foreman_openscap-0.7.10-1.fm1_15.el7sat.noarch
tfm-rubygem-foreman-redhat_access-2.0.12-1.el7sat.noarch
tfm-rubygem-foreman_remote_execution-1.3.7-1.fm1_15.el7sat.noarch
tfm-rubygem-foreman_remote_execution_core-1.0.6-1.fm1_15.el7sat.noarch
tfm-rubygem-foreman-tasks-0.9.6-1.fm1_15.el7sat.noarch
tfm-rubygem-foreman-tasks-core-0.1.8-1.fm1_15.el7sat.noarch
tfm-rubygem-foreman_theme_satellite-1.0.4.12-1.el7sat.noarch
tfm-rubygem-foreman_virt_who_configure-0.1.8-1.fm1_15.el7sat.noarch
tfm-rubygem-hammer_cli_foreman-0.11.0.5-1.el7sat.noarch
tfm-rubygem-hammer_cli_foreman_admin-0.0.7-1.el7sat.noarch
tfm-rubygem-hammer_cli_foreman_bootdisk-0.1.3.3-2.el7sat.noarch
tfm-rubygem-hammer_cli_foreman_discovery-1.0.0-1.el7sat.noarch
tfm-rubygem-hammer_cli_foreman_docker-0.0.6-2.el7sat.noarch
tfm-rubygem-hammer_cli_foreman_openscap-0.1.5-1.fm1_15.el7sat.noarch
tfm-rubygem-hammer_cli_foreman_remote_execution-0.0.6-1.fm1_15.el7sat.noarch
tfm-rubygem-hammer_cli_foreman_tasks-0.0.12-1.fm1_15.el7sat.noarch
tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.3-1.el7sat.noarch
tfm-rubygem-hammer_cli_katello-0.11.3.1-1.el7sat.noarch
tfm-rubygem-katello-3.4.5.27-1.el7sat.noarch
tfm-rubygem-katello_ostree-3.4.5.27-1.el7sat.noarch

How reproducible:
Always

Steps to Reproduce:
1. Send request
2017-11-22 18:34:11 - nailgun.client - DEBUG - Making HTTP POST request to https://hp-dl120gen9-04.rhts.eng.bos.redhat.com/katello/api/v2/repositories with options {'verify': False, 'auth': ('admin', 'changeme'), 'headers': {'content-type': 'application/json'}}, no params and data {"product_id": 440, "content_type": "puppet", "url": "http://davidd.fedorapeople.org/repos/random_puppet/", "name": "<blockquote>YDShxlSEmj</blockquote>"}.


Actual results:
Repository created
2017-11-22 18:34:13 - nailgun.client - DEBUG - Received HTTP 200 response:   {"content_type":"puppet","docker_upstream_name":null,"mirror_on_sync":true,"verify_ssl_on_sync":true,"unprotected":true,"full_path":"http://hp-dl120gen9-04.rhts.eng.bos.redhat.com/pulp/puppet/1bbaae58-2386-4cd3-9b6b-c128c4da312d/","checksum_type":null,"container_repository_name":null,"download_policy":null,"url":"http://davidd.fedorapeople.org/repos/random_puppet/","relative_path":"zanxHrFXWcH/Library/custom/nxtMgT/_blockquote_YDShxlSEmj__blockquote_","major":null,"minor":null,"gpg_key_id":null,"content_id":"1511368452987","content_view_version_id":226,"library_instance_id":null,"product_type":"custom","promoted":false,"ostree_branches":[],"upstream_username":null,"ostree_upstream_sync_policy":null,"ostree_upstream_sync_depth":null,"organization":{"name":"zanxHrFXWcH","label":"zanxHrFXWcH","id":199},"created_at":"2017-11-22 16:34:12 UTC","updated_at":"2017-11-22 16:34:13 UTC","backend_identifier":"1bbaae58-2386-4cd3-9b6b-c128c4da312d","id":95,"name":"<blockquote>YDShxlSEmj</blockquote>","label":"_blockquote_YDShxlSEmj__blockquote_","product":{"id":440,"cp_id":"209854665745","name":"nxtMgT","sync_plan":["name","description","sync_date","interval","next_sync"]},"last_sync":null,"content_counts":{"ostree_branch":0,"docker_manifest":0,"docker_tag":0,"rpm":0,"package":0,"package_group":0,"erratum":0,"puppet_module":0,"file":0},"last_sync_words":null,"gpg_key":null,"environment":{"id":217},"permissions":{"deletable":true},"upstream_password_exists":false}

Expected results:
API returns response with 422 code and A validation error occurred. message 

Additional info:
This case works fine for yum repository

Comment 2 Brad Buckingham 2017-12-01 14:04:53 UTC

What are the negative impacts that you see due to this behavior?  
Do you only see this with repository name or all resources?

I see a similar bug 1378427 that was created/closed; therefore, I'd like to better understand if this is a common behavior and the side affects.

Comment 3 Oleg Dovzhenko 2017-12-04 09:32:13 UTC

There is no negative impact due to this behavior, but for me issue that for puppet, yum and docker repositories we have different behavior with the same case:

1. We can't create yum repository. Response comes with 422 code
2. We can't create docker repository. Response comes with 500 response. See https://bugzilla.redhat.com/show_bug.cgi?id=1516410
3. We can create puppet repository.

For me we should have same behavior across all types.
We can either be able to create repositories with html in names or throw validation error (with same code), but do this for all types of repositories to not confuse user.

Comment 4 Samir Jha 2018-04-02 13:44:12 UTC

Created redmine issue http://projects.theforeman.org/issues/23085 from this bug

Comment 5 Satellite Program 2018-04-12 16:06:07 UTC

Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/23085 has been resolved.

Comment 6 jcallaha 2018-06-04 18:33:15 UTC

Verified in Satellite 6.4 Snap 4.

I was able to successfully create a puppet repo with html and special characters in the name. The special characters were converted to underscores.

Comment 7 Bryan Kearney 2018-10-16 19:20:00 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:2927

Note You need to log in before you can comment on or make changes to this bug.