Enforce UUID of port/subnet ID for router interfaces

The add_router_interface/remove_router_interface actions are not subject to the typical attribute map validation so the input values for port_id and subnet_id were not being checked for UUID likeness. This lead to an ugly traceback if a boolean value was present which could fill logs with garbage if a tenant kept doing it. This patch calls the API validator for UUIDs in the _validate_interface_info function where we validate requests to add_router_inferface and remove_router_interface. Conflicts: neutron/db/l3_db.py Change-Id: I0a0d3279a21c815fb78528860fc2a35c1d5a4e2d Closes-Bug: #1584510 (cherry picked from commit 18280216cb)
2016-05-14 05:39:31 -07:00 · 2016-05-14 05:39:31 -07:00 · df80a6e73d
parent 3019c54da9
commit df80a6e73d
2 changed files with 22 additions and 2 deletions
--- a/neutron/db/l3_db.py
+++ b/neutron/db/l3_db.py
@ -518,6 +518,12 @@ class L3_NAT_dbonly_mixin(l3.RouterPluginBase):
        if not (port_id_specified or subnet_id_specified):
            msg = _("Either subnet_id or port_id must be specified")
            raise n_exc.BadRequest(resource='router', msg=msg)
+        for key in ('port_id', 'subnet_id'):
+            if key not in interface_info:
+                continue
+            err = attributes._validate_uuid(interface_info[key])
+            if err:
+                raise n_exc.BadRequest(resource='router', msg=err)
        if not for_removal:
            if port_id_specified and subnet_id_specified:
                msg = _("Cannot specify both subnet-id and port-id")
--- a/neutron/tests/unit/extensions/test_l3.py
+++ b/neutron/tests/unit/extensions/test_l3.py
@ -379,9 +379,9 @@ class L3NatTestCaseMixin(object):
                                 tenant_id=None,
                                 msg=None):
        interface_data = {}
-        if subnet_id:
+        if subnet_id is not None:
            interface_data.update({'subnet_id': subnet_id})
-        if port_id:
+        if port_id is not None:
            interface_data.update({'port_id': port_id})

        req = self.new_action_request('routers', interface_data, router_id,
@ -960,6 +960,20 @@ class L3NatTestCaseBase(L3NatTestCaseMixin):
                # nsx metadata access case
                self.assertIn(payload['tenant_id'], [stid, ''], msg)

+    def test_router_add_interface_bad_values(self):
+        with self.router() as r:
+            exp_code = exc.HTTPBadRequest.code
+            self._router_interface_action('add',
+                                          r['router']['id'],
+                                          False,
+                                          None,
+                                          expected_code=exp_code)
+            self._router_interface_action('add',
+                                          r['router']['id'],
+                                          None,
+                                          False,
+                                          expected_code=exp_code)
+
    def test_router_add_interface_subnet(self):
        fake_notifier.reset()
        with self.router() as r: