Public bug reported:
I uploaded a file with a bad path which contains a double slash (example:
'/my/file//path') in an object storage container.
The problem is that Horizon accepted this bad path as if it was a valid path,
there was no control or validation on the path made by OpenStack Horizon. In
the URL if I put '/containers/container/my-container/A/b/12/s' which doesn't
exist, Horizon still open the container with the following path.
Steps to reproduce :
- use "pkgcloud" module available on GitHub with node.JS to upload a file in a
container in Horizon
- upload a file with a bad path
- get all files and you see that the file has been saved in a fake URL
Optionally: put a bad path on URL after '/containers/container/' and
Horizon will open this false container with false file
** Affects: horizon
Importance: Undecided
Status: New
** Tags: bad container file horizon node object openstack path pkgcloud storage
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1734154
Title:
bad file path but accepted in a container by Horizon after uploading
file
Status in OpenStack Dashboard (Horizon):
New
Bug description:
I uploaded a file with a bad path which contains a double slash (example:
'/my/file//path') in an object storage container.
The problem is that Horizon accepted this bad path as if it was a valid path,
there was no control or validation on the path made by OpenStack Horizon. In
the URL if I put '/containers/container/my-container/A/b/12/s' which doesn't
exist, Horizon still open the container with the following path.
Steps to reproduce :
- use "pkgcloud" module available on GitHub with node.JS to upload a file in
a container in Horizon
- upload a file with a bad path
- get all files and you see that the file has been saved in a fake URL
Optionally: put a bad path on URL after '/containers/container/' and
Horizon will open this false container with false file
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1734154/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
