Project

Profile

Help

Issue #9080

Invalid relative URLs are not identified beforehand

Added by lmjachky 2 months ago. Updated 29 days ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
Category:
-
Sprint/Milestone:
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
OS:
Triaged:
No
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Sprint 100
Quarter:

Description

The problem is that file:// is a part of the URL, so the actual path is interpreted as relative (home/vagrant/...) instead of absolute (/home/vagrant/...). That feels like something that we could be catching upfront.

Solution:

Reject all relative paths with a specific error message.


Related issues

Copied to Pulp - Backport #9083: Backport 9080 "Invalid relative URLs are not identified beforehand" to 3.14.zCLOSED - CURRENTRELEASE

<a title="Actions" class="icon-only icon-actions js-contextmenu" href="#">Actions</a>

Associated revisions

Revision d8cba5ab View on GitHub
Added by Lubos Mjachky 2 months ago

Validate absolute pathnames in remotes' URLs

Before this change, it was not possible to determine why did the synchronization fail when a user provided a seemingly valid URL. This commit also adds more relevant information to the error message.

Having set ALLOWED_EXPORT_PATHS to ["/tmp", "/home/vagrant/test"], the following error messages are shown:

$ pulp file remote create --name test --url file://error/vagrant/test/centos-7/PULP_MANIFEST
Error: {"url":["The path 'error/vagrant/test/centos-7/PULP_MANIFEST' needs to be an absolute pathname."]}

$ pulp file remote create --name test --url file:///error/vagrant/test/centos-7/PULP_MANIFEST
Error: {"url":["The path '/error/vagrant/test/centos-7/PULP_MANIFEST' does not start with any of the allowed import paths"]}

closes #9080

History

#1 Updated by lmjachky 2 months ago

  • Status changed from ASSIGNED to POST

#2 Updated by dalley 2 months ago

  • Copied to Backport #9083: Backport 9080 "Invalid relative URLs are not identified beforehand" to 3.14.z added

#3 Updated by dalley 2 months ago

  • Sprint/Milestone set to 3.15.0

#4 Updated by Anonymous 2 months ago

  • Status changed from POST to MODIFIED

#5 Updated by pulpbot 29 days ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE

Please register to edit this issue

Also available in: Atom PDF