Malformed input in the IP addr field in "power parameters" causes part of SQL error to be shown
Bug #1839189 reported by
Vladimir Grevtsev
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MAAS |
Fix Committed
|
High
|
Alessandro Marcolini |
Bug Description
UI bug video: https:/
MAAS packages: http://
Steps to reproduce:
1. Open machine > configuration > power configuration
2. Edit > select IPMI or Intel AMT
3. Enter "123" in both fields, click "Save changes" -> error "Error: invalid input syntax for type inet: "123" LINE 1: ...ype" = 6) AND "maasserver_
4. Enter "1231231231" -> same as in #3
5. "12312312312" -> Error: failed to detect a valid IP address from '12312312312' (as expected in all of the previous steps)
Related branches
~alemar99/maas:ip_addr_validation_power_params
- Anton Troyanov: Approve
- MAAS Lander: Approve
-
Diff: 701 lines (+381/-20)24 files modifiedsrc/maasserver/api/tests/test_machine.py (+33/-0)
src/maasserver/clusterrpc/driver_parameters.py (+8/-1)
src/maasserver/fields.py (+66/-0)
src/maasserver/tests/test_fields.py (+122/-0)
src/maasserver/websockets/handlers/tests/test_machine.py (+39/-0)
src/provisioningserver/drivers/__init__.py (+5/-1)
src/provisioningserver/drivers/pod/lxd.py (+6/-1)
src/provisioningserver/drivers/pod/virsh.py (+6/-1)
src/provisioningserver/drivers/power/amt.py (+6/-1)
src/provisioningserver/drivers/power/apc.py (+6/-1)
src/provisioningserver/drivers/power/dli.py (+6/-1)
src/provisioningserver/drivers/power/eaton.py (+6/-1)
src/provisioningserver/drivers/power/hmc.py (+6/-1)
src/provisioningserver/drivers/power/hmcz.py (+6/-1)
src/provisioningserver/drivers/power/ipmi.py (+6/-1)
src/provisioningserver/drivers/power/moonshot.py (+6/-1)
src/provisioningserver/drivers/power/msftocs.py (+6/-1)
src/provisioningserver/drivers/power/openbmc.py (+6/-1)
src/provisioningserver/drivers/power/recs.py (+6/-1)
src/provisioningserver/drivers/power/redfish.py (+6/-1)
src/provisioningserver/drivers/power/seamicro.py (+6/-1)
src/provisioningserver/drivers/power/ucsm.py (+6/-1)
src/provisioningserver/drivers/power/vmware.py (+6/-1)
src/provisioningserver/drivers/power/wedge.py (+6/-1)
summary: |
- [2.6] [UI] Malformed input in the IP addr field in "power parameters" - causes part of SQL error to be shown + [2.6] Malformed input in the IP addr field in "power parameters" causes + part of SQL error to be shown |
Changed in maas: | |
status: | New → Triaged |
importance: | Undecided → High |
Changed in maas: | |
milestone: | 3.5.0 → 3.5.x |
Changed in maas: | |
assignee: | nobody → Alessandro Marcolini (alemar99) |
Changed in maas: | |
milestone: | 3.5.x → 3.6.0 |
Changed in maas: | |
status: | Triaged → In Progress |
Changed in maas: | |
status: | In Progress → Fix Committed |
To post a comment you must log in.
We should check for SQL injection vulnerabilities here, and also not expose error messages that come directly from the db