902073 – malformated guid's cause http 500

Bug 902073 - malformated guid's cause http 500

Summary: malformated guid's cause http 500

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	oVirt
Classification:	Retired
Component:	ovirt-engine-api
Sub Component:
Version:	unspecified
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	3.5.0
Assignee:	Ori Liel
QA Contact:	Jiri Belka
Docs Contact:
URL:
Whiteboard:	infra
Depends On:
Blocks:	902242
TreeView+	depends on / blocked

Reported:	2013-01-20 19:11 UTC by Laszlo Hornyak
Modified:	2016-02-10 19:34 UTC (History)
CC List:	9 users (show)
Fixed In Version:	ovirt-3.5.0-alpha2
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	902242 (view as bug list)
Environment:
Last Closed:	2014-10-17 12:42:53 UTC
oVirt Team:	Infra
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
oVirt gerrit	27140	0	master	MERGED	restapi: Malformed GUID - fail gracefully	Never

Description Laszlo Hornyak 2013-01-20 19:11:00 UTC

Description of problem:
some of the malformed guids are able to cause unexpected error in engine.
example for such a case:
    <quota id="8972844b-45ab-4369-927c-6cfec17fdfb3-FAIL"/>


Version-Release number of selected component (if applicable):


How reproducible:
always

  
Actual results:

2013-01-20 21:07:15,063 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) java.lang.reflect.InvocationTargetException
2013-01-20 21:07:15,064 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
2013-01-20 21:07:15,064 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
2013-01-20 21:07:15,064 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
2013-01-20 21:07:15,065 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at java.lang.reflect.Method.invoke(Method.java:601)
2013-01-20 21:07:15,065 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at org.ovirt.engine.api.restapi.types.MappingLocator$MethodInvokerMapper.map(MappingLocator.java:115)
2013-01-20 21:07:15,065 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at org.ovirt.engine.api.restapi.resource.BackendVmResource$UpdateParametersProvider.getParameters(BackendVmResource.java:369)
2013-01-20 21:07:15,066 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at org.ovirt.engine.api.restapi.resource.BackendVmResource$UpdateParametersProvider.getParameters(BackendVmResource.java:364)
2013-01-20 21:07:15,066 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at org.ovirt.engine.api.restapi.resource.AbstractBackendSubResource.doUpdate(AbstractBackendSubResource.java:93)
2013-01-20 21:07:15,066 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at org.ovirt.engine.api.restapi.resource.AbstractBackendSubResource.performUpdate(AbstractBackendSubResource.java:82)
2013-01-20 21:07:15,067 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at org.ovirt.engine.api.restapi.resource.BackendVmResource.update(BackendVmResource.java:114)
2013-01-20 21:07:15,067 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at org.ovirt.engine.api.restapi.resource.BackendVmResource.update(BackendVmResource.java:66)
2013-01-20 21:07:15,067 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
2013-01-20 21:07:15,067 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
2013-01-20 21:07:15,068 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
2013-01-20 21:07:15,068 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at java.lang.reflect.Method.invoke(Method.java:601)
2013-01-20 21:07:15,068 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:155)
2013-01-20 21:07:15,068 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at org.jboss.resteasy.core.ResourceMethod.invokeOnTarget(ResourceMethod.java:257)
2013-01-20 21:07:15,069 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:222)
2013-01-20 21:07:15,069 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at org.jboss.resteasy.core.ResourceLocator.invokeOnTargetObject(ResourceLocator.java:152)
2013-01-20 21:07:15,070 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at org.jboss.resteasy.core.ResourceLocator.invoke(ResourceLocator.java:91)
2013-01-20 21:07:15,070 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at org.jboss.resteasy.core.SynchronousDispatcher.getResponse(SynchronousDispatcher.java:525)
2013-01-20 21:07:15,071 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:502)
2013-01-20 21:07:15,071 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:119)
2013-01-20 21:07:15,072 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:208)
2013-01-20 21:07:15,072 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:55)
2013-01-20 21:07:15,073 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:50)
2013-01-20 21:07:15,073 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
2013-01-20 21:07:15,073 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329)
2013-01-20 21:07:15,074 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
2013-01-20 21:07:15,074 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
2013-01-20 21:07:15,074 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
2013-01-20 21:07:15,074 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:489)
2013-01-20 21:07:15,075 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)
2013-01-20 21:07:15,075 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
2013-01-20 21:07:15,075 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
2013-01-20 21:07:15,076 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
2013-01-20 21:07:15,076 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)
2013-01-20 21:07:15,076 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877)
2013-01-20 21:07:15,076 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671)
2013-01-20 21:07:15,077 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930)
2013-01-20 21:07:15,077 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at java.lang.Thread.run(Thread.java:722)
2013-01-20 21:07:15,078 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) Caused by: java.lang.IllegalArgumentException: Invalid UUID string: 8972844b-45ab-4369-927c-6cfec17fdfb3-FAIL
2013-01-20 21:07:15,079 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at java.util.UUID.fromString(UUID.java:194)
2013-01-20 21:07:15,080 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at org.ovirt.engine.core.compat.NGuid.<init>(NGuid.java:55)
2013-01-20 21:07:15,080 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at org.ovirt.engine.core.compat.Guid.<init>(Guid.java:24)
2013-01-20 21:07:15,080 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	at org.ovirt.engine.api.restapi.types.VmMapper.map(VmMapper.java:228)
2013-01-20 21:07:15,081 ERROR [stderr] (http--0_0_0_0_0_0_0_0-8080-1) 	... 41 more
2013-01-20 21:07:15,083 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/api].[org.ovirt.engine.api.restapi.BackendApplication]] (http--0_0_0_0_0_0_0_0-8080-1) Servlet.service() for servlet org.ovirt.engine.api.restapi.BackendApplication threw exception: org.jboss.resteasy.spi.UnhandledException: java.lang.NullPointerException
	at org.jboss.resteasy.core.SynchronousDispatcher.handleApplicationException(SynchronousDispatcher.java:340) [resteasy-jaxrs-2.3.2.Final.jar:]
	at org.jboss.resteasy.core.SynchronousDispatcher.handleException(SynchronousDispatcher.java:214) [resteasy-jaxrs-2.3.2.Final.jar:]
	at org.jboss.resteasy.core.SynchronousDispatcher.handleInvokerException(SynchronousDispatcher.java:190) [resteasy-jaxrs-2.3.2.Final.jar:]
	at org.jboss.resteasy.core.SynchronousDispatcher.getResponse(SynchronousDispatcher.java:540) [resteasy-jaxrs-2.3.2.Final.jar:]
	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:502) [resteasy-jaxrs-2.3.2.Final.jar:]
	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:119) [resteasy-jaxrs-2.3.2.Final.jar:]
	at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:208) [resteasy-jaxrs-2.3.2.Final.jar:]
	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:55) [resteasy-jaxrs-2.3.2.Final.jar:]
	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:50) [resteasy-jaxrs-2.3.2.Final.jar:]
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) [jbossweb-7.0.13.Final.jar:]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [jbossweb-7.0.13.Final.jar:]
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) [jbossweb-7.0.13.Final.jar:]
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:489) [jbossweb-7.0.13.Final.jar:]
	at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:]
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:]
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:]
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:]
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:]
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:]
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:]
	at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_07]
Caused by: java.lang.NullPointerException
	at org.ovirt.engine.api.restapi.resource.BackendVmResource$UpdateParametersProvider.getParameters(BackendVmResource.java:372) [restapi-jaxrs-3.2.0.jar:]
	at org.ovirt.engine.api.restapi.resource.BackendVmResource$UpdateParametersProvider.getParameters(BackendVmResource.java:364) [restapi-jaxrs-3.2.0.jar:]
	at org.ovirt.engine.api.restapi.resource.AbstractBackendSubResource.doUpdate(AbstractBackendSubResource.java:93) [restapi-jaxrs-3.2.0.jar:]
	at org.ovirt.engine.api.restapi.resource.AbstractBackendSubResource.performUpdate(AbstractBackendSubResource.java:82) [restapi-jaxrs-3.2.0.jar:]
	at org.ovirt.engine.api.restapi.resource.BackendVmResource.update(BackendVmResource.java:114) [restapi-jaxrs-3.2.0.jar:]
	at org.ovirt.engine.api.restapi.resource.BackendVmResource.update(BackendVmResource.java:66) [restapi-jaxrs-3.2.0.jar:]
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_07]
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_07]
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_07]
	at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_07]
	at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:155) [resteasy-jaxrs-2.3.2.Final.jar:]
	at org.jboss.resteasy.core.ResourceMethod.invokeOnTarget(ResourceMethod.java:257) [resteasy-jaxrs-2.3.2.Final.jar:]
	at org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:222) [resteasy-jaxrs-2.3.2.Final.jar:]
	at org.jboss.resteasy.core.ResourceLocator.invokeOnTargetObject(ResourceLocator.java:152) [resteasy-jaxrs-2.3.2.Final.jar:]
	at org.jboss.resteasy.core.ResourceLocator.invoke(ResourceLocator.java:91) [resteasy-jaxrs-2.3.2.Final.jar:]
	at org.jboss.resteasy.core.SynchronousDispatcher.getResponse(SynchronousDispatcher.java:525) [resteasy-jaxrs-2.3.2.Final.jar:]
	... 20 more


Expected results:


Additional info:

Comment 1 Laszlo Hornyak 2013-02-26 13:13:33 UTC

I remember we agreed that this will be fixed by another patch, not mine. So I abandoned my patch, I think this should be rechecked and probably closed as duplicate.

Comment 3 Ori Liel 2014-04-07 13:24:01 UTC

Since 

  http://gerrit.ovirt.org/#/c/7603/3 

we intercept bad guids and generate appropriate error messages. This solution cover all cases in which the guid was created using the ancestor 'asGuid()' method.

Places that create guid differently, unconventionally, aren't covered by this patch. So I need to know the specific operation in your example: in what context did you pass: 

  <quota id="8972844b-45ab-4369-927c-6cfec17fdfb3-FAIL"/>

What's the operation you performed, what's the URL?

Comment 4 Ori Liel 2014-04-28 10:49:30 UTC

I think this specific doesn't reproduce, but I took the opportunity to cover all other potential cases for bad GUID creation:

  http://gerrit.ovirt.org/#/c/27140/

Comment 5 Jiri Belka 2014-09-08 09:30:47 UTC

Is there a way to verified this, please?

Comment 6 Ori Liel 2014-09-10 11:08:06 UTC

In the code I had to fix a single method, but from a QA point of view, the only way to verify that it's fixed for all possible flows, is to test all possible flows... I don't think this is an efficient use of your time; I'd sample a few cases

Comment 7 Jiri Belka 2014-09-15 12:37:09 UTC

this is not easy testable and original complain was from a developer who didn't state how such uuid would appear.

Comment 8 Sandro Bonazzola 2014-10-17 12:42:53 UTC

oVirt 3.5 has been released and should include the fix for this issue.

Note You need to log in before you can comment on or make changes to this bug.