Merge "Force security_group_id uuid validation of sg rules" into stable/train

2022-04-21 17:17:19 +00:00 · 2022-04-21 17:17:19 +00:00 · a9e12cd274
parent dced5f1792 f5fa74c5c6
commit a9e12cd274
2 changed files with 12 additions and 1 deletions
--- a/neutron/extensions/securitygroup.py
+++ b/neutron/extensions/securitygroup.py
@ -246,7 +246,9 @@ RESOURCE_ATTRIBUTE_MAP = {
               'primary_key': True},
        'security_group_id': {'allow_post': True, 'allow_put': False,
                              'is_visible': True, 'required_by_policy': True,
-                              'is_sort_key': True, 'is_filter': True},
+                              'is_sort_key': True, 'is_filter': True,
+                              'validate': {
+                                  'type:string': db_const.UUID_FIELD_SIZE}},
        'remote_group_id': {'allow_post': True, 'allow_put': False,
                            'default': None, 'is_visible': True,
                            'is_sort_key': True, 'is_filter': True},
--- a/neutron/tests/unit/extensions/test_securitygroup.py
+++ b/neutron/tests/unit/extensions/test_securitygroup.py
@ -1923,6 +1923,15 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
        self.deserialize(self.fmt, res)
        self.assertEqual(webob.exc.HTTPBadRequest.code, res.status_int)

+    def test_create_security_group_rule_with_non_uuid_security_group_id(self):
+        security_group_id = 0
+        rule = self._build_security_group_rule(
+            security_group_id, 'ingress',
+            const.PROTO_NAME_TCP, '22', '22')
+        res = self._create_security_group_rule(self.fmt, rule)
+        self.deserialize(self.fmt, res)
+        self.assertEqual(webob.exc.HTTPBadRequest.code, res.status_int)
+
    def test_create_port_with_non_uuid(self):
        with self.network() as n:
            with self.subnet(n):