From f6725f7c1460187637aa1758f1a8f06b8e268b56 Mon Sep 17 00:00:00 2001 From: Goutham Pacha Ravi Date: Thu, 10 Aug 2023 15:28:31 -0700 Subject: [PATCH] Validate provider_location while managing snapshot Change-Id: Iec2ceb8a4d8519e5ed716e771dc17388ab5d4d7f Closes-Bug: #2031048 Signed-off-by: Goutham Pacha Ravi --- manila/api/v2/share_snapshots.py | 3 +++ manila/tests/api/v2/test_share_snapshots.py | 3 ++- ...8-fix-provider-location-validation-b6d1e977f50643bb.yaml | 6 ++++++ 3 files changed, 11 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/bug-2031048-fix-provider-location-validation-b6d1e977f50643bb.yaml diff --git a/manila/api/v2/share_snapshots.py b/manila/api/v2/share_snapshots.py index 9ff1b7ee3c..e60c34251e 100644 --- a/manila/api/v2/share_snapshots.py +++ b/manila/api/v2/share_snapshots.py @@ -182,6 +182,9 @@ class ShareSnapshotsController(share_snapshots.ShareSnapshotMixin, if not data.get(parameter): msg = _("Required parameter %s is empty.") % parameter raise exc_response(explanation=msg) + if not isinstance(data[parameter], str): + msg = _("Parameter %s must be a string.") % parameter + raise exc_response(explanation=msg) def _check_if_share_share_network_is_active(self, context, snapshot): share_network_id = snapshot['share'].get('share_network_id') diff --git a/manila/tests/api/v2/test_share_snapshots.py b/manila/tests/api/v2/test_share_snapshots.py index d9eb773420..b2ee957a57 100644 --- a/manila/tests/api/v2/test_share_snapshots.py +++ b/manila/tests/api/v2/test_share_snapshots.py @@ -777,7 +777,8 @@ class ShareSnapshotAdminActionsAPITest(test.TestCase): {}, {'snapshots': {}}, {'snapshot': get_fake_manage_body(share_id='xxxxxxxx')}, - {'snapshot': get_fake_manage_body(provider_location='xxxxxxxx')} + {'snapshot': get_fake_manage_body(provider_location='xxxxxxxx')}, + {'snapshot': {'provider_location': {'x': 'y'}, 'share_id': 'xyzzy'}}, ) def test_snapshot_manage_invalid_body(self, body): self.mock_policy_check = self.mock_object( diff --git a/releasenotes/notes/bug-2031048-fix-provider-location-validation-b6d1e977f50643bb.yaml b/releasenotes/notes/bug-2031048-fix-provider-location-validation-b6d1e977f50643bb.yaml new file mode 100644 index 0000000000..d7ab1ad019 --- /dev/null +++ b/releasenotes/notes/bug-2031048-fix-provider-location-validation-b6d1e977f50643bb.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + The "manage" API for snapshots now validates the format of + "provider_location" and "share_id" fields and handles errors + appropriately. These fields are expected to contain string values.