OpenStack Dashboard (Horizon)

Argument validation for various API endpoints

Bug #1961595 reported by Vadym Markov on 2022-02-21

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Dashboard (Horizon)	In Progress	Undecided	Unassigned

Bug Description

Currently, not all request handlers validate arguments passed from client. It leads to response 500 in case of malformed requests.

Affected endpoints:

1. http://<horizon url>/api/glance/metadefs/namespaces/?=
resource_type is required argument here
2. https://<horizon url>/auth/switch/<project id>/?next=somemalformedredirect
Redirect is not validated, in case of non-existing url it raises NoReverseMatch or 500 depending on dashboard config

OpenStack Infra (hudson-openstack) on 2022-02-21

Changed in horizon:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-02-22: Fix proposed to horizon (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/horizon/+/830410

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2025-05-26: Fix merged to horizon (master)

Reviewed: https://review.opendev.org/c/openstack/horizon/+/830410
Committed: https://opendev.org/openstack/horizon/commit/9115b4a2de8661eb42e068711ceca7c6dba32f8a
Submitter: "Zuul (22348)"
Branch: master

commit 9115b4a2de8661eb42e068711ceca7c6dba32f8a
Author: Vadym Markov <email address hidden>
Date: Mon Feb 21 16:46:38 2022 +0200

Enable redirect URL check

Redirect parameter at project change button link was not validated. In
case of invalid parameter, user get response 500

Partial-Bug: #1961595
Change-Id: I7cebf4fa8d09a061774dfaba6b230d8090b7ac73

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.