Project

General

Profile

Bug #23085

It possible to create puppet repository using name contains html tag

Added by Samir Jha over 3 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Repositories
Target version:
Difficulty:
Triaged:
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1516468

Description of problem:
Name validation is not working properly on creating puppet repository

Version-Release number of selected component (if applicable):
Satellite 6.3.0 snap 25
foreman-1.15.6.9-1.el7sat.noarch
foreman-bootloaders-redhat-201707171807-1.el7sat.noarch
foreman-bootloaders-redhat-tftpboot-201707171807-1.el7sat.noarch
foreman-cli-1.15.6.9-1.el7sat.noarch
foreman-compute-1.15.6.9-1.el7sat.noarch
foreman-debug-1.15.6.9-1.el7sat.noarch
foreman-discovery-image-3.4.1-3.el7sat.noarch
foreman-ec2-1.15.6.9-1.el7sat.noarch
foreman-gce-1.15.6.9-1.el7sat.noarch
foreman-installer-1.15.6.4-1.el7sat.noarch
foreman-installer-katello-3.4.5.12-1.el7sat.noarch
foreman-libvirt-1.15.6.9-1.el7sat.noarch
foreman-openstack-1.15.6.9-1.el7sat.noarch
foreman-ovirt-1.15.6.9-1.el7sat.noarch
foreman-postgresql-1.15.6.9-1.el7sat.noarch
foreman-proxy-1.15.6.1-1.el7sat.noarch
foreman-proxy-content-3.4.5-6.el7sat.noarch
foreman-rackspace-1.15.6.9-1.el7sat.noarch
foreman-selinux-1.15.5-1.el7sat.noarch
foreman-vmware-1.15.6.9-1.el7sat.noarch
hp-dl120gen9-04.rhts.eng.bos.redhat.com-foreman-client-1.0-1.noarch
hp-dl120gen9-04.rhts.eng.bos.redhat.com-foreman-proxy-1.0-2.noarch
hp-dl120gen9-04.rhts.eng.bos.redhat.com-foreman-proxy-client-1.0-1.noarch
katello-3.4.5-6.el7sat.noarch
katello-certs-tools-2.4.0-1.el7sat.noarch
katello-client-bootstrap-1.4.2-1.el7sat.noarch
katello-common-3.4.5-6.el7sat.noarch
katello-debug-3.4.5-6.el7sat.noarch
katello-default-ca-1.0-1.noarch
katello-installer-base-3.4.5.12-1.el7sat.noarch
katello-selinux-3.0.2-1.el7sat.noarch
katello-server-ca-1.0-1.noarch
katello-service-3.4.5-6.el7sat.noarch
pulp-katello-1.0.2-1.el7sat.noarch
puppet-foreman_scap_client-0.3.16-1.el7sat.noarch
satellite-6.3.0-21.0.beta.el7sat.noarch
satellite-cli-6.3.0-21.0.beta.el7sat.noarch
satellite-common-6.3.0-21.0.beta.el7sat.noarch
satellite-installer-6.3.0.9-1.beta.el7sat.noarch
tfm-rubygem-foreman_bootdisk-9.0.0-2.fm1_15.el7sat.noarch
tfm-rubygem-foreman_discovery-9.1.5-1.fm1_15.el7sat.noarch
tfm-rubygem-foreman_docker-3.1.0-1.fm1_15.el7sat.noarch
tfm-rubygem-foreman_hooks-0.3.14-1.fm1_15.el7sat.noarch
tfm-rubygem-foreman_openscap-0.7.10-1.fm1_15.el7sat.noarch
tfm-rubygem-foreman-redhat_access-2.0.12-1.el7sat.noarch
tfm-rubygem-foreman_remote_execution-1.3.7-1.fm1_15.el7sat.noarch
tfm-rubygem-foreman_remote_execution_core-1.0.6-1.fm1_15.el7sat.noarch
tfm-rubygem-foreman-tasks-0.9.6-1.fm1_15.el7sat.noarch
tfm-rubygem-foreman-tasks-core-0.1.8-1.fm1_15.el7sat.noarch
tfm-rubygem-foreman_theme_satellite-1.0.4.12-1.el7sat.noarch
tfm-rubygem-foreman_virt_who_configure-0.1.8-1.fm1_15.el7sat.noarch
tfm-rubygem-hammer_cli_foreman-0.11.0.5-1.el7sat.noarch
tfm-rubygem-hammer_cli_foreman_admin-0.0.7-1.el7sat.noarch
tfm-rubygem-hammer_cli_foreman_bootdisk-0.1.3.3-2.el7sat.noarch
tfm-rubygem-hammer_cli_foreman_discovery-1.0.0-1.el7sat.noarch
tfm-rubygem-hammer_cli_foreman_docker-0.0.6-2.el7sat.noarch
tfm-rubygem-hammer_cli_foreman_openscap-0.1.5-1.fm1_15.el7sat.noarch
tfm-rubygem-hammer_cli_foreman_remote_execution-0.0.6-1.fm1_15.el7sat.noarch
tfm-rubygem-hammer_cli_foreman_tasks-0.0.12-1.fm1_15.el7sat.noarch
tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.3-1.el7sat.noarch
tfm-rubygem-hammer_cli_katello-0.11.3.1-1.el7sat.noarch
tfm-rubygem-katello-3.4.5.27-1.el7sat.noarch
tfm-rubygem-katello_ostree-3.4.5.27-1.el7sat.noarch

How reproducible:
Always

Steps to Reproduce:
1. Send request
2017-11-22 18:34:11 - nailgun.client - DEBUG - Making HTTP POST request to https://hp-dl120gen9-04.rhts.eng.bos.redhat.com/katello/api/v2/repositories with options {'verify': False, 'auth': ('admin', 'changeme'), 'headers': {'content-type': 'application/json'}}, no params and data {"product_id": 440, "content_type": "puppet", "url": "http://davidd.fedorapeople.org/repos/random_puppet/", "name": "<blockquote>YDShxlSEmj</blockquote>"}.

Actual results:
Repository created
2017-11-22 18:34:13 - nailgun.client - DEBUG - Received HTTP 200 response: {"content_type":"puppet","docker_upstream_name":null,"mirror_on_sync":true,"verify_ssl_on_sync":true,"unprotected":true,"full_path":"http://hp-dl120gen9-04.rhts.eng.bos.redhat.com/pulp/puppet/1bbaae58-2386-4cd3-9b6b-c128c4da312d/","checksum_type":null,"container_repository_name":null,"download_policy":null,"url":"http://davidd.fedorapeople.org/repos/random_puppet/","relative_path":"zanxHrFXWcH/Library/custom/nxtMgT/_blockquote_YDShxlSEmj__blockquote_","major":null,"minor":null,"gpg_key_id":null,"content_id":"1511368452987","content_view_version_id":226,"library_instance_id":null,"product_type":"custom","promoted":false,"ostree_branches":[],"upstream_username":null,"ostree_upstream_sync_policy":null,"ostree_upstream_sync_depth":null,"organization":{"name":"zanxHrFXWcH","label":"zanxHrFXWcH","id":199},"created_at":"2017-11-22 16:34:12 UTC","updated_at":"2017-11-22 16:34:13 UTC","backend_identifier":"1bbaae58-2386-4cd3-9b6b-c128c4da312d","id":95,"name":"<blockquote>YDShxlSEmj</blockquote>","label":"_blockquote_YDShxlSEmj__blockquote_","product":{"id":440,"cp_id":"209854665745","name":"nxtMgT","sync_plan":["name","description","sync_date","interval","next_sync"]},"last_sync":null,"content_counts":{"ostree_branch":0,"docker_manifest":0,"docker_tag":0,"rpm":0,"package":0,"package_group":0,"erratum":0,"puppet_module":0,"file":0},"last_sync_words":null,"gpg_key":null,"environment":{"id":217},"permissions":{"deletable":true},"upstream_password_exists":false}

Expected results:
API returns response with 422 code and A validation error occurred. message

Additional info:
This case works fine for yum repository

Associated revisions

Revision da6438e7 (diff)
Added by sjha4 over 3 years ago

Fixes #23085 - Possible to create repo with HTML tags in name

History

#2 Updated by Samir Jha over 3 years ago

  • Assignee set to Samir Jha

#3 Updated by The Foreman Bot over 3 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/Katello/katello/pull/7275 added

#4 Updated by John Mitsch over 3 years ago

  • Legacy Backlogs Release (now unused) set to 338

#5 Updated by Anonymous over 3 years ago

  • % Done changed from 0 to 100
  • Status changed from Ready For Testing to Closed

Also available in: Atom PDF