Re: [openstack-dev] [nova][oslo.utils] Bug-1680130 Check validation of UUID length

Mon, 24 Apr 2017 08:18:16 -0700 

On 04/24/2017 11:00 AM, Eric Fried wrote:

That's not the only way you can break this, though.  For example,
'12-3-45-6-78-12-3456-781-234-56-781-234-56-79' still passes the
modified is_uuid_like(), but still manifests the bug.

Trying to get is_uuid_like() to cover all possible formatting snafus
while still allowing the same formats as before (e.g. without any
hyphens at all) is a rabbit hole of mystical depths.


Not necessarily a rabbit hole of mystical depths. :)

We only care about hyphens. So, we could have this check instead:

if val.count('-') not in (0, 4):
    raise TypeError

Best,
-jay


On 04/24/2017 09:44 AM, Jay Pipes wrote:

On 04/24/2017 09:45 AM, Jadhav, Pooja wrote:

Solution 3:

We can check UUID in central place means in "is_uuid_like" method of
oslo_utils [4].


This gets my vote. It's a bug in the is_uuid_like() function, IMHO, that
is returns True for badly-formatted UUID values (like having two
consecutive hyphens).

FTR, the fix would be pretty simple. Just change this [1] line from this:

return str(uuid.UUID(val)).replace('-', '') == _format_uuid_string(val)

to this:

# Disallow two consecutive hyphens
if '--' in val:
    raise TypeError
return str(uuid.UUID(val)).replace('-', '') == _format_uuid_string(val)

Fix it there and you fix this issue for all projects that use it.

Best,
-jay

[1]
https://github.com/openstack/oslo.utils/blob/master/oslo_utils/uuidutils.py#L56


__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Reply via email to