From 5956ea0079befa7e3e5d5316213fad4d00f25652 Mon Sep 17 00:00:00 2001 From: Sean Dague Date: Wed, 16 Jan 2013 14:36:00 -0500 Subject: enforce server_id can only be uuid or int the get() function takes an arbitrary id coming from the rest url for the server. In our current code it checks if this is a proper uuid and sends it down the uuid path, everything else gets dispatched to the version that selects by integer id. This means that arbitrary garbage fuzzed server ids will get sent down the int path, all the way to the database. In postgresql, where the db is strongly typed, this causes a type error. This error was found by tempest nightly runs where we send some 35 and 37 character strings in. This patch creates and equivalent is_int_like function. If the server_id is neither uuid_like nor int_like, we throw the InstanceNotFound exception early. This also saves us a trip to the database in these cases. Make the is_int_like a little more robust, and don't succeed on floats Once more with feeling, to let us actually use is_int_like on ints, not just strings. Fixes bug #1100253 Change-Id: If4ae8005fd33a23ac50a6408ecd5933a2ff6425c --- nova/utils.py | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'nova/utils.py') diff --git a/nova/utils.py b/nova/utils.py index 115791b64..75cba0a7c 100644 --- a/nova/utils.py +++ b/nova/utils.py @@ -859,6 +859,14 @@ def bool_from_str(val): val.lower() == 'y' +def is_int_like(val): + """Check if a value looks like an int.""" + try: + return str(int(val)) == str(val) + except Exception: + return False + + def is_valid_boolstr(val): """Check if the provided string is a valid bool string or not.""" val = str(val).lower() -- cgit