976362 – API for media creation has issue with regular expression validation

Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 976362 - API for media creation has issue with regular expression validation

Summary: API for media creation has issue with regular expression validation

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Provisioning
Sub Component:
Version:	6.0.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	Unspecified
Assignee:	Ivan Necas
QA Contact:	Og Maciel
Docs Contact:
URL:	http://projects.theforeman.org/issues...
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-06-20 12:45 UTC by Og Maciel
Modified:	2019-09-26 15:47 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-07-18 21:24:06 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Foreman Issue Tracker	2685	0	None	None	None	2016-04-22 15:13:46 UTC

Description Og Maciel 2013-06-20 12:45:10 UTC

Description of problem:

When I try to promote a published content view that has RHEL 5Server i386 RPMs, I see a spike in memory consumption for foreman where a thin process uses 100% CPU resources. Seems that the issue is with the media name being automatically generated in foreman which for some reason has trailing spaces (and a double space). I've been told by @inecas that the regular expression used by both the API and UI don't seem to be validating this field.

  value: SimpleOrg/Dev_Env/PublishedRHEL532 RHEL  Server 5.9 i386
  regular expression: /\A(\S+\s?)+\Z/

Once the thin process consumes 100% CPU and 15 GB of my 16 GB available, the Foreman UI becomes inaccessible and the only way to "fix" it is to restart foreman.

Version-Release number of selected component (if applicable):

* apr-util-ldap-1.3.9-3.el6_0.1.x86_64
* candlepin-0.8.9-1.el6_4.noarch
* candlepin-scl-1-5.el6_4.noarch
* candlepin-scl-quartz-2.1.5-5.el6_4.noarch
* candlepin-scl-rhino-1.7R3-1.el6_4.noarch
* candlepin-scl-runtime-1-5.el6_4.noarch
* candlepin-selinux-0.8.9-1.el6_4.noarch
* candlepin-tomcat6-0.8.9-1.el6_4.noarch
* elasticsearch-0.19.9-8.el6sat.noarch
* foreman-1.1.10011-1.noarch
* foreman-compute-1.1.10011-1.noarch
* foreman-installer-puppet-concat-0-2.d776701.git.0.21ef926.el6sat.noarch
* foreman-installer-puppet-dhcp-0-5.3a4a13c.el6sat.noarch
* foreman-installer-puppet-dns-0-7.fcae203.el6sat.noarch
* foreman-installer-puppet-foreman-0-6.568c5c4.el6sat.noarch
* foreman-installer-puppet-foreman_proxy-0-8.bd1e35d.el6sat.noarch
* foreman-installer-puppet-puppet-0-3.ab46748.el6sat.noarch
* foreman-installer-puppet-tftp-0-5.ea6c5e5.el6sat.noarch
* foreman-installer-puppet-xinetd-0-50a267b8.git.0.44aca6a.el6sat.noarch
* foreman-libvirt-1.1.10011-1.noarch
* foreman-postgresql-1.1.10011-1.noarch
* foreman-proxy-1.1.10003-1.el6sat.noarch
* foreman-proxy-installer-1.0.1-10.f5ae2cd.el6sat.noarch
* katello-1.4.2-14.el6sat.noarch
* katello-all-1.4.2-14.el6sat.noarch
* katello-candlepin-cert-key-pair-1.0-1.noarch
* katello-certs-tools-1.4.2-2.el6sat.noarch
* katello-cli-1.4.2-7.el6sat.noarch
* katello-cli-common-1.4.2-7.el6sat.noarch
* katello-common-1.4.2-14.el6sat.noarch
* katello-configure-1.4.3-16.el6sat.noarch
* katello-configure-foreman-1.4.3-16.el6sat.noarch
* katello-foreman-all-1.4.2-14.el6sat.noarch
* katello-glue-candlepin-1.4.2-14.el6sat.noarch
* katello-glue-elasticsearch-1.4.2-14.el6sat.noarch
* katello-glue-pulp-1.4.2-14.el6sat.noarch
* katello-qpid-broker-key-pair-1.0-1.noarch
* katello-qpid-client-key-pair-1.0-1.noarch
* katello-selinux-1.4.3-3.el6sat.noarch
* openldap-2.4.23-31.el6.x86_64
* pulp-rpm-plugins-2.1.2-0.3.beta.el6sat.noarch
* pulp-selinux-2.1.2-0.3.beta.el6sat.noarch
* pulp-server-2.1.2-0.3.beta.el6sat.noarch
* python-ldap-2.3.10-1.el6.x86_64
* ruby193-rubygem-ldap_fluff-0.2.2-1.el6sat.noarch
* ruby193-rubygem-net-ldap-0.3.1-2.el6sat.noarch
* signo-0.0.18-1.el6sat.noarch
* signo-katello-0.0.18-1.el6sat.noarch

How reproducible:


Steps to Reproduce:
1. Sync RHEL 5 5Server i386 RPMs product
2. Create content view with this product and publish it
3. Add published content view to a promotion changeset and promote
4. Watch Foreman's thin process eat your entire CPU

Actual results:


Expected results:


Additional info:

Comment 2 Ivan Necas 2013-06-20 13:42:11 UTC

Fixed in https://github.com/theforeman/foreman/pull/734

Comment 3 Dominic Cleal 2013-06-20 15:18:41 UTC

Merged to 1.2-stable:

commit 21f2b8d4197a15ac8ace3a9c87e0fbcb1e2c49dc
    fixes #2685 incorrect and inefficient regexp checking medium name format

Comment 4 Og Maciel 2013-06-23 20:53:04 UTC

Verified:
* apr-util-ldap-1.3.9-3.el6_0.1.x86_64
* candlepin-0.8.9-1.el6_4.noarch
* candlepin-scl-1-5.el6_4.noarch
* candlepin-scl-quartz-2.1.5-5.el6_4.noarch
* candlepin-scl-rhino-1.7R3-1.el6_4.noarch
* candlepin-scl-runtime-1-5.el6_4.noarch
* candlepin-selinux-0.8.9-1.el6_4.noarch
* candlepin-tomcat6-0.8.9-1.el6_4.noarch
* elasticsearch-0.19.9-8.el6sat.noarch
* foreman-1.1.10014-1.noarch
* foreman-compute-1.1.10014-1.noarch
* foreman-installer-puppet-concat-0-2.d776701.git.0.21ef926.el6sat.noarch
* foreman-installer-puppet-dhcp-0-5.3a4a13c.el6sat.noarch
* foreman-installer-puppet-dns-0-7.fcae203.el6sat.noarch
* foreman-installer-puppet-foreman-0-6.568c5c4.el6sat.noarch
* foreman-installer-puppet-foreman_proxy-0-8.bd1e35d.el6sat.noarch
* foreman-installer-puppet-puppet-0-3.ab46748.el6sat.noarch
* foreman-installer-puppet-tftp-0-5.ea6c5e5.el6sat.noarch
* foreman-installer-puppet-xinetd-0-50a267b8.git.0.44aca6a.el6sat.noarch
* foreman-libvirt-1.1.10014-1.noarch
* foreman-postgresql-1.1.10014-1.noarch
* foreman-proxy-1.1.10003-1.el6sat.noarch
* foreman-proxy-installer-1.0.1-10.f5ae2cd.el6sat.noarch
* katello-1.4.2-17.el6sat.noarch
* katello-all-1.4.2-17.el6sat.noarch
* katello-candlepin-cert-key-pair-1.0-1.noarch
* katello-certs-tools-1.4.2-2.el6sat.noarch
* katello-cli-1.4.2-8.el6sat.noarch
* katello-cli-common-1.4.2-8.el6sat.noarch
* katello-common-1.4.2-17.el6sat.noarch
* katello-configure-1.4.3-16.el6sat.noarch
* katello-configure-foreman-1.4.3-16.el6sat.noarch
* katello-foreman-all-1.4.2-17.el6sat.noarch
* katello-glue-candlepin-1.4.2-17.el6sat.noarch
* katello-glue-elasticsearch-1.4.2-17.el6sat.noarch
* katello-glue-pulp-1.4.2-17.el6sat.noarch
* katello-qpid-broker-key-pair-1.0-1.noarch
* katello-qpid-client-key-pair-1.0-1.noarch
* katello-selinux-1.4.3-3.el6sat.noarch
* openldap-2.4.23-31.el6.x86_64
* pulp-rpm-plugins-2.1.2-1.el6sat.noarch
* pulp-selinux-2.1.2-1.el6sat.noarch
* pulp-server-2.1.2-1.el6sat.noarch
* python-ldap-2.3.10-1.el6.x86_64
* ruby193-rubygem-ldap_fluff-0.2.2-1.el6sat.noarch
* ruby193-rubygem-net-ldap-0.3.1-2.el6sat.noarch
* ruby193-rubygem-runcible-0.4.10-1.el6sat.noarch
* signo-0.0.19-1.el6sat.noarch
* signo-katello-0.0.19-1.el6sat.noarch

Comment 5 Mike McCune 2013-07-18 21:24:06 UTC

mass move to CLOSED:CURRENTRELEASE since MDP1 has been released.

Note You need to log in before you can comment on or make changes to this bug.