diff --git a/manila/api/v2/share_snapshots.py b/manila/api/v2/share_snapshots.py index 0f91b0bbc2..cfd3a0ef6d 100644 --- a/manila/api/v2/share_snapshots.py +++ b/manila/api/v2/share_snapshots.py @@ -174,6 +174,9 @@ class ShareSnapshotsController(share_snapshots.ShareSnapshotMixin, if not data.get(parameter): msg = _("Required parameter %s is empty.") % parameter raise exc_response(explanation=msg) + if not isinstance(data[parameter], str): + msg = _("Parameter %s must be a string.") % parameter + raise exc_response(explanation=msg) def _check_if_share_share_network_is_active(self, context, snapshot): share_network_id = snapshot['share'].get('share_network_id') diff --git a/manila/tests/api/v2/test_share_snapshots.py b/manila/tests/api/v2/test_share_snapshots.py index 5bce73e4ea..f2147ae4e9 100644 --- a/manila/tests/api/v2/test_share_snapshots.py +++ b/manila/tests/api/v2/test_share_snapshots.py @@ -701,7 +701,8 @@ class ShareSnapshotAdminActionsAPITest(test.TestCase): {}, {'snapshots': {}}, {'snapshot': get_fake_manage_body(share_id='xxxxxxxx')}, - {'snapshot': get_fake_manage_body(provider_location='xxxxxxxx')} + {'snapshot': get_fake_manage_body(provider_location='xxxxxxxx')}, + {'snapshot': {'provider_location': {'x': 'y'}, 'share_id': 'xyzzy'}}, ) def test_snapshot_manage_invalid_body(self, body): self.mock_policy_check = self.mock_object( diff --git a/releasenotes/notes/bug-2031048-fix-provider-location-validation-b6d1e977f50643bb.yaml b/releasenotes/notes/bug-2031048-fix-provider-location-validation-b6d1e977f50643bb.yaml new file mode 100644 index 0000000000..d7ab1ad019 --- /dev/null +++ b/releasenotes/notes/bug-2031048-fix-provider-location-validation-b6d1e977f50643bb.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + The "manage" API for snapshots now validates the format of + "provider_location" and "share_id" fields and handles errors + appropriately. These fields are expected to contain string values.