enforce server_id can only be uuid or int

the get() function takes an arbitrary id coming from the rest url
for the server. In our current code it checks if this is a proper uuid
and sends it down the uuid path, everything else gets dispatched to
the version that selects by integer id. This means that arbitrary
garbage fuzzed server ids will get sent down the int path, all the way
to the database.

In postgresql, where the db is strongly typed, this causes a type error.
This error was found by tempest nightly runs where we send some 35 and 37
character strings in.

This patch creates and equivalent is_int_like function. If the server_id
is neither uuid_like nor int_like, we throw the InstanceNotFound exception
early. This also saves us a trip to the database in these cases.

Make the is_int_like a little more robust, and don't succeed on floats

Once more with feeling, to let us actually use is_int_like on ints, not
just strings.

Fixes bug #1100253

Change-Id: If4ae8005fd33a23ac50a6408ecd5933a2ff6425c

0 files changed, 0 insertions, 0 deletions