Public bug reported: Neutron is allowing to update qos-bandwidth-limit-rule with some special characters. I can update "qos-bandwidth-limit-rule-update " with some of the special characters. This should be restricted. I have used "$!", "$@", "$#, in --max-kbps value.
Steps: $ neutron qos-policy-create qos-policy7 $ neutron qos-bandwidth-limit-rule-create <qos-policy-id> --max-kbps 10000 --max-burst-kbps 30000 $ neutron qos-bandwidth-limit-rule-update <qos-bandwidth-rule-id> <qos- policy-id> --max-kbps 1$!0 --max-burst-kbps 30000 In above command qos-bandwidth-limit-rule-update updated with "1$!0" this should be restricted. Detailed commands pasted here:- http://paste.openstack.org/show/600207/ ** Affects: neutron Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1667285 Title: Neutron: Updation of qos-bandwidth-limit-rule-update with some special characters should be restricted Status in neutron: New Bug description: Neutron is allowing to update qos-bandwidth-limit-rule with some special characters. I can update "qos-bandwidth-limit-rule-update " with some of the special characters. This should be restricted. I have used "$!", "$@", "$#, in --max-kbps value. Steps: $ neutron qos-policy-create qos-policy7 $ neutron qos-bandwidth-limit-rule-create <qos-policy-id> --max-kbps 10000 --max-burst-kbps 30000 $ neutron qos-bandwidth-limit-rule-update <qos-bandwidth-rule-id> <qos-policy-id> --max-kbps 1$!0 --max-burst-kbps 30000 In above command qos-bandwidth-limit-rule-update updated with "1$!0" this should be restricted. Detailed commands pasted here:- http://paste.openstack.org/show/600207/ To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1667285/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
