Comments (5)
Glutexo
commented on August 28, 2024
Reproduced. Details: The bug is caused by passing the string directly to the SQL query. PostgreSQL complains about querying a UUID field by an invalid value:
sqlalchemy.exc.DataError: (psycopg2.DataError) invalid input syntax for uuid: "bbq"
LINE 3: WHERE hosts.account = 'abc123' AND hosts.id IN ('bbq')
I see two problems here:
- The UUID parameters are not validated.
The SQL exceptions are not caught.This is actually correct: if an invalid query is built, it is an internal server error.
The validation can be hot-fixed by checking the ID in the view function. But a correct approach would be to define a custom validator for Connexion: https://connexion.readthedocs.io/en/latest/request.html?highlight=data#custom-validators
from insights-host-inventory.
Glutexo
commented on August 28, 2024
Pinning as this looks like a bug bug to me.
from insights-host-inventory.
Glutexo
commented on August 28, 2024
This bug is still present. Created a new ticket for this.
https://projects.engineering.redhat.com/browse/RHCLOUD-350
from insights-host-inventory.
Glutexo
commented on August 28, 2024
This is fixed. To some extent probably by #160.
I checked all the cases when the UUID is passed in the request and all are caught with 400 Bad Request.
from insights-host-inventory.
Glutexo
commented on August 28, 2024
Created some pull requests to cover all the request UUID validation cases by tests. See #265.
from insights-host-inventory.
Related Issues (20)
- Prefix environment variables HOT 1
- Move Kafka configuration to the config object
- Improve Kafka consumer toggle
- Remove unittest.mock from API tests HOT 1
- Decouple DB model from logic HOT 2
- Extract host (de)serialization HOT 1
- Missing License file
- Fix all Flake8 rules
- App initialization utilizes import and decorator side effects
- namepsace file typo
- Lock dependencies to specific versions HOT 2
- Kafka client doesn’t resolve localhost on a Mac
- DRY host-related schemas
- Use Marshmallow to serialize Host
- Check ObjectDeletedError catching on delete HOT 3
- KafkaProducer doesn’t flush
- Double encoding of egress events HOT 1
- need to use sa.DateTime(timezone=True) so time zone is accounted for when storing datetime in the db. HOT 1
- Add tag count to `/hosts` endpoint HOT 1
- Extend system_profile filter to support the cloud_provider field.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from insights-host-inventory.