Project

Profile

Help

Issue #9080

closed

Invalid relative URLs are not identified beforehand

Added by lmjachky over 3 years ago. Updated over 3 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
Category:
-
Sprint/Milestone:
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
OS:
Triaged:
No
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Sprint 100
Quarter:

Description

The problem is that file:// is a part of the URL, so the actual path is interpreted as relative (home/vagrant/...) instead of absolute (/home/vagrant/...). That feels like something that we could be catching upfront.

Solution:

Reject all relative paths with a specific error message.


Related issues

Copied to Pulp - Backport #9083: Backport 9080 "Invalid relative URLs are not identified beforehand" to 3.14.zCLOSED - CURRENTRELEASEmdellweg

Actions
Actions #1

Updated by lmjachky over 3 years ago

  • Status changed from ASSIGNED to POST
Actions #2

Updated by dalley over 3 years ago

  • Copied to Backport #9083: Backport 9080 "Invalid relative URLs are not identified beforehand" to 3.14.z added
Actions #3

Updated by dalley over 3 years ago

  • Sprint/Milestone set to 3.15.0

Added by Lubos Mjachky over 3 years ago

Revision d8cba5ab | View on GitHub

Validate absolute pathnames in remotes' URLs

Before this change, it was not possible to determine why did the synchronization fail when a user provided a seemingly valid URL. This commit also adds more relevant information to the error message.

Having set ALLOWED_EXPORT_PATHS to ["/tmp", "/home/vagrant/test"], the following error messages are shown:

$ pulp file remote create --name test --url file://error/vagrant/test/centos-7/PULP_MANIFEST
Error: {"url":["The path 'error/vagrant/test/centos-7/PULP_MANIFEST' needs to be an absolute pathname."]}

$ pulp file remote create --name test --url file:///error/vagrant/test/centos-7/PULP_MANIFEST
Error: {"url":["The path '/error/vagrant/test/centos-7/PULP_MANIFEST' does not start with any of the allowed import paths"]}

closes #9080

Actions #4

Updated by Anonymous over 3 years ago

  • Status changed from POST to MODIFIED
Actions #5

Updated by pulpbot over 3 years ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE

Also available in: Atom PDF