Juniper Openstack

allow colon ':' in the key of KeyValuePair

  1. Series trunk
  2. Bug #1765523
Bug #1765523 reported by Tony Liu
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juniper Openstack
Status tracked in Trunk
R3.2
Fix Committed
Medium
Sachin Bansal
Juniper Openstack r3.2.10.0
R4.0
Fix Committed
Medium
Sachin Bansal
Juniper Openstack r4.0.3.0
R4.1
Fix Committed
Medium
Sachin Bansal
Juniper Openstack r4.1.1.0
R5.0
Fix Committed
Medium
Sachin Bansal
Juniper Openstack r5.0.0
Trunk
Fix Committed
Medium
Sachin Bansal
Juniper Openstack r5.1.0

Bug Description

When there is colon ':' in the key of KeyValuePair, exception happens in api-server.
The cause is in cfgm_common/vnc_cassandra.py.

For example, create object VirtualMachine with property annotation with
a key-value pair {'car:honda': '123'}, then the col_name is 'propm:annotations:car:honda'.
Then split() results 4 elements and that causes 'too many values to unpack' exception.
The assumption of coding was that there is no ':' in the key string.

Here is a fix to consider.
====================
#1505
               if self._is_prop_map(col_name):
- (_, prop_name, _) = col_name.split(':')
+ prop_name = col_name.split(':')[1]
                   if field_names and prop_name not in field_names:
                       continue
====================

Tags: config
Sachin Bansal (sbansal)
affects: opencontrail → juniperopenstack
Changed in juniperopenstack:
assignee: nobody → Sachin Bansal (sbansal)
Revision history for this message
Paul Carver (pcarver) wrote :

The proposed fix seems to be fixing it on the wrong end.

If I understand the situation correctly, Contrail is synthesizing a column name that includes user entered data. The user data should be escaped (similar to how user data should be handled to prevent SQL injection) so that characters that would have significance to the code are replaced with escape sequences that do not.

Jeba Paulaiyan (jebap)
Changed in juniperopenstack:
milestone: none → r5.1.0
tags: added: config
Changed in juniperopenstack:
importance: Undecided → Medium
Revision history for this message
Sachin Bansal (sbansal) wrote :

@pcarver, ':' is not restricted for key name in key-value pairs like this. The format of the column name is propm:<prop name>:<key name>. Key name can contain ':'. We just need to make sure that we are only splitting the column name twice.

Revision history for this message
Tony Liu (taoliu-7) wrote : RE: [Bug 1765523] Re: allow colon ':' in the key of KeyValuePair

It's a generic char escape issue. What I did just to fix it in the field
and unlock the process.

First of all, we need to define which chars have significance to code
and which chars are allowed from user.

If it's simply that significant chars are not allowed, then no need to worry
about escape. Otherwise, chars significant to code and allowed from user have
to be escaped. And this must apply to all services.

BTW, there is another bug that char '&' is escaped in controle node,
but not in vrouter. This inconsistency causes issues.

https://bugs.launchpad.net/opencontrail/+bug/1759933

Thanks!

Tony

> -----Original Message-----
> From: <email address hidden> <email address hidden> On Behalf Of Paul
> Carver
> Sent: Friday, April 20, 2018 10:52 AM
> To: Tao Liu <email address hidden>
> Subject: [Bug 1765523] Re: allow colon ':' in the key of KeyValuePair
>
> The proposed fix seems to be fixing it on the wrong end.
>
> If I understand the situation correctly, Contrail is synthesizing a
> column name that includes user entered data. The user data should be
> escaped (similar to how user data should be handled to prevent SQL
> injection) so that characters that would have significance to the code
> are replaced with escape sequences that do not.
>
> --
> You received this bug notification because you are subscribed to the
> bug report.
> https://urldefense.proofpoint.com/v2/url?u=https-
> 3A__bugs.launchpad.net_bugs_1765523&d=DwIFaQ&c=HAkYuh63rsuhr6Scbfh0UjBX
> eMK-ndb3voDTXcWzoCI&r=vdMEMRUc498oENMY52-
> XB1B6UbIA6LfdFEBshVHMhDE&m=Ug4gM_BuNgnmseTLG8-AyV0ZnvSkq9Pm--
> FNQwP51fM&s=KE6ubLGAv39IK10fvQGqG4HvuOJ0l7-XVoJIuphUPrQ&e=
>
> Title:
> allow colon ':' in the key of KeyValuePair
>
> Status in Juniper Openstack:
> New
>
> Bug description:
> When there is colon ':' in the key of KeyValuePair, exception happens
> in api-server.
> The cause is in cfgm_common/vnc_cassandra.py.
>
> For example, create object VirtualMachine with property annotation
> with
> a key-value pair {'car:honda': '123'}, then the col_name is
> 'propm:annotations:car:honda'.
> Then split() results 4 elements and that causes 'too many values to
> unpack' exception.
> The assumption of coding was that there is no ':' in the key string.
>
> Here is a fix to consider.
> ====================
> #1505
> if self._is_prop_map(col_name):
> - (_, prop_name, _) = col_name.split(':')
> + prop_name = col_name.split(':')[1]
> if field_names and prop_name not in field_names:
> continue
> ====================
>
> To manage notifications about this bug go to:
> https://urldefense.proofpoint.com/v2/url?u=https-
> 3A__bugs.launchpad.net_juniperopenstack_-2Bbug_1765523_-
> 2Bsubscriptions&d=DwIFaQ&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-
> ndb3voDTXcWzoCI&r=vdMEMRUc498oENMY52-
> XB1B6UbIA6LfdFEBshVHMhDE&m=Ug4gM_BuNgnmseTLG8-AyV0ZnvSkq9Pm--
> FNQwP51fM&s=8onbjYQAMAFF8qtOZjEbha5mpn3Yq3QDUh8oV2S0WX0&e=

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] master

Review in progress for https://review.opencontrail.org/42296
Submitter: Sachin Bansal (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R5.0

Review in progress for https://review.opencontrail.org/42299
Submitter: Sachin Bansal (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/42299
Committed: http://github.com/Juniper/contrail-controller/commit/c11c5103cfed56c8ca7dc1d4666e7542e049dafd
Submitter: Zuul v3 CI (<email address hidden>)
Branch: R5.0

commit c11c5103cfed56c8ca7dc1d4666e7542e049dafd
Author: Sachin Bansal <email address hidden>
Date: Fri Apr 20 09:41:21 2018 -0700

Split column name only two times

A key in map property could contain ':'. While splitting column
name, only split 2 times to all for this.

Change-Id: I40c29850388ed282e45d610d7b853f3b1d4969d3
Closes-Bug: 1765523

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Reviewed: https://review.opencontrail.org/42296
Committed: http://github.com/Juniper/contrail-controller/commit/31e6478b7e5145ebb68c8c4ac5c2bd9766cd13b8
Submitter: Zuul v3 CI (<email address hidden>)
Branch: master

commit 31e6478b7e5145ebb68c8c4ac5c2bd9766cd13b8
Author: Sachin Bansal <email address hidden>
Date: Fri Apr 20 09:41:21 2018 -0700

Split column name only two times

A key in map property could contain ':'. While splitting column
name, only split 2 times to all for this.

Change-Id: I40c29850388ed282e45d610d7b853f3b1d4969d3
Closes-Bug: 1765523

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R4.1

Review in progress for https://review.opencontrail.org/42371
Submitter: Sachin Bansal (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R4.0

Review in progress for https://review.opencontrail.org/42372
Submitter: Sachin Bansal (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/42372
Committed: http://github.com/Juniper/contrail-controller/commit/30dc1df52eb0f8007df184645db88316d5071e33
Submitter: Zuul (<email address hidden>)
Branch: R4.0

commit 30dc1df52eb0f8007df184645db88316d5071e33
Author: Sachin Bansal <email address hidden>
Date: Fri Apr 20 09:41:21 2018 -0700

Split column name only two times

A key in map property could contain ':'. While splitting column
name, only split 2 times to all for this.

Change-Id: I40c29850388ed282e45d610d7b853f3b1d4969d3
Closes-Bug: 1765523
(cherry picked from commit 31e6478b7e5145ebb68c8c4ac5c2bd9766cd13b8)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Reviewed: https://review.opencontrail.org/42371
Committed: http://github.com/Juniper/contrail-controller/commit/67f85523c879a449a9a64a7e8891cc6c87a276da
Submitter: Zuul (<email address hidden>)
Branch: R4.1

commit 67f85523c879a449a9a64a7e8891cc6c87a276da
Author: Sachin Bansal <email address hidden>
Date: Fri Apr 20 09:41:21 2018 -0700

Split column name only two times

A key in map property could contain ':'. While splitting column
name, only split 2 times to all for this.

Change-Id: I40c29850388ed282e45d610d7b853f3b1d4969d3
Closes-Bug: 1765523
(cherry picked from commit 31e6478b7e5145ebb68c8c4ac5c2bd9766cd13b8)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R3.2

Review in progress for https://review.opencontrail.org/42522
Submitter: Sachin Bansal (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/42522
Committed: http://github.com/Juniper/contrail-controller/commit/fdf3c6b10019e1685530ba31b741a7e3f184953b
Submitter: Zuul (<email address hidden>)
Branch: R3.2

commit fdf3c6b10019e1685530ba31b741a7e3f184953b
Author: Sachin Bansal <email address hidden>
Date: Fri Apr 20 09:41:21 2018 -0700

Split column name only two times

A key in map property could contain ':'. While splitting column
name, only split 2 times to all for this.

Change-Id: I40c29850388ed282e45d610d7b853f3b1d4969d3
Closes-Bug: 1765523
(cherry picked from commit 31e6478b7e5145ebb68c8c4ac5c2bd9766cd13b8)
(cherry picked from commit 67f85523c879a449a9a64a7e8891cc6c87a276da)

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.