From e7fab0ed8c9ba5ebda99f954daa1fdf74285fae9 Mon Sep 17 00:00:00 2001 From: Goutham Pacha Ravi Date: Thu, 10 Aug 2023 15:28:31 -0700 Subject: [PATCH] Validate provider_location while managing snapshot Change-Id: Iec2ceb8a4d8519e5ed716e771dc17388ab5d4d7f Closes-Bug: #2031048 Signed-off-by: Goutham Pacha Ravi (cherry-picked from commit f6725f7c1460187637aa1758f1a8f06b8e268b56) (cherry picked from commit dba08c221c2d64089406b3c29f71c0a4837be94b) (cherry picked from commit 3badc8633bab278ed9d2f1024ab4ae242b7306c2) (cherry picked from commit f533bdb942ea67ee6c5373ff5efa8e10d711676f) (cherry picked from commit 312a3b4a7403e3b3e0d856e9a246554a7c8199c4) --- manila/api/v2/share_snapshots.py | 3 +++ manila/tests/api/v2/test_share_snapshots.py | 3 ++- ...8-fix-provider-location-validation-b6d1e977f50643bb.yaml | 6 ++++++ 3 files changed, 11 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/bug-2031048-fix-provider-location-validation-b6d1e977f50643bb.yaml diff --git a/manila/api/v2/share_snapshots.py b/manila/api/v2/share_snapshots.py index 37af493e62..74cd6fa7f7 100644 --- a/manila/api/v2/share_snapshots.py +++ b/manila/api/v2/share_snapshots.py @@ -162,6 +162,9 @@ class ShareSnapshotsController(share_snapshots.ShareSnapshotMixin, if not data.get(parameter): msg = _("Required parameter %s is empty.") % parameter raise exc_response(explanation=msg) + if not isinstance(data[parameter], str): + msg = _("Parameter %s must be a string.") % parameter + raise exc_response(explanation=msg) def _check_if_share_share_network_is_active(self, context, snapshot): share_network_id = snapshot['share'].get('share_network_id') diff --git a/manila/tests/api/v2/test_share_snapshots.py b/manila/tests/api/v2/test_share_snapshots.py index 53066857a7..c39f0f1768 100644 --- a/manila/tests/api/v2/test_share_snapshots.py +++ b/manila/tests/api/v2/test_share_snapshots.py @@ -695,7 +695,8 @@ class ShareSnapshotAdminActionsAPITest(test.TestCase): {}, {'snapshots': {}}, {'snapshot': get_fake_manage_body(share_id='xxxxxxxx')}, - {'snapshot': get_fake_manage_body(provider_location='xxxxxxxx')} + {'snapshot': get_fake_manage_body(provider_location='xxxxxxxx')}, + {'snapshot': {'provider_location': {'x': 'y'}, 'share_id': 'xyzzy'}}, ) def test_snapshot_manage_invalid_body(self, body): self.mock_policy_check = self.mock_object( diff --git a/releasenotes/notes/bug-2031048-fix-provider-location-validation-b6d1e977f50643bb.yaml b/releasenotes/notes/bug-2031048-fix-provider-location-validation-b6d1e977f50643bb.yaml new file mode 100644 index 0000000000..d7ab1ad019 --- /dev/null +++ b/releasenotes/notes/bug-2031048-fix-provider-location-validation-b6d1e977f50643bb.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + The "manage" API for snapshots now validates the format of + "provider_location" and "share_id" fields and handles errors + appropriately. These fields are expected to contain string values.