[openstack-dev] [nova][oslo.utils] Bug-1680130 Check validation of UUID length
Eric Fried
openstack at fried.cc
Mon Apr 24 15:00:40 UTC 2017
That's not the only way you can break this, though. For example,
'12-3-45-6-78-12-3456-781-234-56-781-234-56-79' still passes the
modified is_uuid_like(), but still manifests the bug.
Trying to get is_uuid_like() to cover all possible formatting snafus
while still allowing the same formats as before (e.g. without any
hyphens at all) is a rabbit hole of mystical depths.
On 04/24/2017 09:44 AM, Jay Pipes wrote:
> On 04/24/2017 09:45 AM, Jadhav, Pooja wrote:
>> Solution 3:
>>
>> We can check UUID in central place means in "is_uuid_like" method of
>> oslo_utils [4].
>
> This gets my vote. It's a bug in the is_uuid_like() function, IMHO, that
> is returns True for badly-formatted UUID values (like having two
> consecutive hyphens).
>
> FTR, the fix would be pretty simple. Just change this [1] line from this:
>
> return str(uuid.UUID(val)).replace('-', '') == _format_uuid_string(val)
>
> to this:
>
> # Disallow two consecutive hyphens
> if '--' in val:
> raise TypeError
> return str(uuid.UUID(val)).replace('-', '') == _format_uuid_string(val)
>
> Fix it there and you fix this issue for all projects that use it.
>
> Best,
> -jay
>
> [1]
> https://github.com/openstack/oslo.utils/blob/master/oslo_utils/uuidutils.py#L56
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
More information about the OpenStack-dev
mailing list