Project

Profile

Help

Issue #5330

Hardcoded URL patterns needs proper check

Added by ppicka 11 months ago. Updated 7 months ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Sprint 59

Description

As now used urlpatterns check only ending of url :

urlpatterns = [
    url(r'rpm/upload/$', OneShotUploadViewSet.as_view({'post': 'create'})),
    url(r'rpm/copy/$', CopyViewSet.as_view({'post': 'create'})),
    url(r'modulemd/upload/$', ModuleOneShotUpload.as_view({'post': 'create'}))
]

it is possible to use them in strange ways :

http --form POST :24817/pulp/api/v3/sdfghjkl/modulemd/upload/ file@./fedora.yaml.gz

works same as

http --form POST :24817/pulp/api/v3/modulemd/upload/ file@./fedora.yaml.gz

We should allow users to use only one way as other api calls starts with "/pulp/api/v3/..."


Related issues

Related to Container Support - Issue #5486: Plugin url patterns allow an arbitrary base path (not just /pulp/api/v3/)CLOSED - CURRENTRELEASE<a title="Actions" class="icon-only icon-actions js-contextmenu" href="#">Actions</a>

Associated revisions

Revision 5a271133 View on GitHub
Added by ipanova@redhat.com 10 months ago

Add url prefix to plugin custom urls.

closes #5330 https://pulp.plan.io/issues/5330

History

#1 Updated by ppicka 11 months ago

  • Description updated (diff)

#2 Updated by ggainey 11 months ago

  • Triaged changed from No to Yes

#3 Updated by ipanova@redhat.com 10 months ago

  • Related to Issue #5486: Plugin url patterns allow an arbitrary base path (not just /pulp/api/v3/) added

#4 Updated by ipanova@redhat.com 10 months ago

  • Status changed from NEW to POST
  • Assignee set to ipanova@redhat.com
  • Sprint set to Sprint 59

#5 Updated by ipanova@redhat.com 10 months ago

  • Status changed from POST to MODIFIED

#6 Updated by ttereshc 7 months ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE

Please register to edit this issue

Also available in: Atom PDF