Project

Profile

Help

Issue #5330

Hardcoded URL patterns needs proper check

Added by ppicka 4 months ago. Updated 2 months ago.

Status:
MODIFIED
Priority:
Normal
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Severity:
2. Medium
Version:
Platform Release:
Blocks Release:
OS:
Backwards Incompatible:
No
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
QA Contact:
Complexity:
Smash Test:
Verified:
No
Verification Required:
No
Sprint:
Sprint 59

Description

As now used urlpatterns check only ending of url :

urlpatterns = [
    url(r'rpm/upload/$', OneShotUploadViewSet.as_view({'post': 'create'})),
    url(r'rpm/copy/$', CopyViewSet.as_view({'post': 'create'})),
    url(r'modulemd/upload/$', ModuleOneShotUpload.as_view({'post': 'create'}))
]

it is possible to use them in strange ways :

http --form POST :24817/pulp/api/v3/sdfghjkl/modulemd/upload/ file@./fedora.yaml.gz

works same as
http --form POST :24817/pulp/api/v3/modulemd/upload/ file@./fedora.yaml.gz

We should allow users to use only one way as other api calls starts with "/pulp/api/v3/..."


Related issues

Related to Container Support - Issue #5486: Plugin url patterns allow an arbitrary base path (not just /pulp/api/v3/) MODIFIED Actions

Associated revisions

Revision 5a271133 View on GitHub
Added by ipanova@redhat.com 3 months ago

Add url prefix to plugin custom urls.

closes #5330
https://pulp.plan.io/issues/5330

History

#1 Updated by ppicka 4 months ago

  • Description updated (diff)

#2 Updated by ggainey 4 months ago

  • Triaged changed from No to Yes

#3 Updated by ipanova@redhat.com 3 months ago

  • Related to Issue #5486: Plugin url patterns allow an arbitrary base path (not just /pulp/api/v3/) added

#4 Updated by ipanova@redhat.com 3 months ago

  • Status changed from NEW to POST
  • Assignee set to ipanova@redhat.com
  • Sprint set to Sprint 59

#5 Updated by ipanova@redhat.com 2 months ago

  • Status changed from POST to MODIFIED

Please register to edit this issue

Also available in: Atom PDF