Project

Profile

Help

Issue #5330

closed

Hardcoded URL patterns needs proper check

Added by ppicka over 5 years ago. Updated about 5 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Sprint 59
Quarter:

Description

As now used urlpatterns check only ending of url :

urlpatterns = [
    url(r'rpm/upload/$', OneShotUploadViewSet.as_view({'post': 'create'})),
    url(r'rpm/copy/$', CopyViewSet.as_view({'post': 'create'})),
    url(r'modulemd/upload/$', ModuleOneShotUpload.as_view({'post': 'create'}))
]

it is possible to use them in strange ways :

http --form POST :24817/pulp/api/v3/sdfghjkl/modulemd/upload/ file@./fedora.yaml.gz

works same as

http --form POST :24817/pulp/api/v3/modulemd/upload/ file@./fedora.yaml.gz

We should allow users to use only one way as other api calls starts with "/pulp/api/v3/..."


Related issues

Related to Container Support - Issue #5486: Plugin url patterns allow an arbitrary base path (not just /pulp/api/v3/)CLOSED - CURRENTRELEASEamacdona@redhat.comActions
Actions #1

Updated by ppicka over 5 years ago

  • Description updated (diff)
Actions #2

Updated by ggainey over 5 years ago

  • Triaged changed from No to Yes

Added by ipanova@redhat.com over 5 years ago

Revision 5a271133 | View on GitHub

Add url prefix to plugin custom urls.

closes #5330 https://pulp.plan.io/issues/5330

Actions #3

Updated by ipanova@redhat.com over 5 years ago

  • Related to Issue #5486: Plugin url patterns allow an arbitrary base path (not just /pulp/api/v3/) added
Actions #4

Updated by ipanova@redhat.com over 5 years ago

  • Status changed from NEW to POST
  • Assignee set to ipanova@redhat.com
  • Sprint set to Sprint 59
Actions #5

Updated by ipanova@redhat.com about 5 years ago

  • Status changed from POST to MODIFIED
Actions #6

Updated by ttereshc about 5 years ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE

Also available in: Atom PDF