[openstack-dev] [Cinder] cinder not support query volume/snapshot with regular expression

Zhangleiqiang (Trump) zhangleiqiang at huawei.com
Tue Apr 29 06:16:27 UTC 2014


Currently, Nova API achieve this feature based on the database’s REGEX support. Do you have advice on alternative way to achieve it?


----------
zhangleiqiang (Trump)

Best Regards

From: laserjetyang [mailto:laserjetyang at gmail.com]
Sent: Tuesday, April 29, 2014 1:49 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Cinder] cinder not support query volume/snapshot with regular expression

It looks to me the Nova API will be dangerous source of DoS attacks due to the regexp?

On Mon, Apr 28, 2014 at 7:04 PM, Duncan Thomas <duncan.thomas at gmail.com<mailto:duncan.thomas at gmail.com>> wrote:
Regex matching in APIs can be a dangerous source of DoS attacks - see
http://en.wikipedia.org/wiki/ReDoS. Unless this is mitigated sensibly,
I will continue to resist any cinder patch that adds them.

Glob matches might be safer?

On 26 April 2014 05:02, Zhangleiqiang (Trump) <zhangleiqiang at huawei.com<mailto:zhangleiqiang at huawei.com>> wrote:
> Hi, all:
>
>         I see Nova allows search instances by name, ip and ip6 fields which can be normal string and regular expression:
>
>         [stack at leiqzhang-stack cinder]$ nova help list
>
>         List active servers.
>
>         Optional arguments:
>                 --ip <ip-regexp>      Search with regular expression match by IP address
>                                 (Admin only).
>                 --ip6 <ip6-regexp>    Search with regular expression match by IPv6 address
>                          (Admin only).
>                 --name <name-regexp>  Search with regular expression match by name
>                 --instance-name <name-regexp> Search with regular expression match by server name
>                                 (Admin only).
>
>         I think it is also needed for Cinder when query the volume/snapshot/backup by name. Any advice?
>
> ----------
> zhangleiqiang (Trump)
>
> Best Regards
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org<mailto:OpenStack-dev at lists.openstack.org>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


--
Duncan Thomas

_______________________________________________
OpenStack-dev mailing list
OpenStack-dev at lists.openstack.org<mailto:OpenStack-dev at lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140429/ed2320e5/attachment.html>


More information about the OpenStack-dev mailing list