Actions
Issue #5330
closedHardcoded URL patterns needs proper check
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Sprint 59
Quarter:
Description
As now used urlpatterns check only ending of url :
urlpatterns = [
url(r'rpm/upload/$', OneShotUploadViewSet.as_view({'post': 'create'})),
url(r'rpm/copy/$', CopyViewSet.as_view({'post': 'create'})),
url(r'modulemd/upload/$', ModuleOneShotUpload.as_view({'post': 'create'}))
]
it is possible to use them in strange ways :
http --form POST :24817/pulp/api/v3/sdfghjkl/modulemd/upload/ file@./fedora.yaml.gz
works same as
http --form POST :24817/pulp/api/v3/modulemd/upload/ file@./fedora.yaml.gz
We should allow users to use only one way as other api calls starts with "/pulp/api/v3/..."
Related issues
Added by ipanova@redhat.com over 5 years ago
Updated by ipanova@redhat.com over 5 years ago
- Related to Issue #5486: Plugin url patterns allow an arbitrary base path (not just /pulp/api/v3/) added
Updated by ipanova@redhat.com over 5 years ago
- Status changed from NEW to POST
- Assignee set to ipanova@redhat.com
- Sprint set to Sprint 59
Updated by ipanova@redhat.com about 5 years ago
- Status changed from POST to MODIFIED
Applied in changeset 5a27113348df2af343e71d265a2ce911293d991b.
Updated by ttereshc about 5 years ago
- Status changed from MODIFIED to CLOSED - CURRENTRELEASE
Actions
Add url prefix to plugin custom urls.
closes #5330 https://pulp.plan.io/issues/5330