Project

General

Profile

Actions
Copy link

Bug #36634

closed

ACS bulk refresh through API silently sanitizes input IDs

Added by Samir Jha over 1 year ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Samir Jha
Category:
Alternate Content Sources
Target version:
Katello 4.10.0
Difficulty:
Triaged:
Yes
Bugzilla link:
2224113
Pull request:
https://github.com/Katello/katello/pull/10675
Fixed in Releases:
Katello 4.10.0
Found in Releases:
Red Hat JIRA:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=2224113

Description of problem:
When using the API to request a bulk refresh of alternate content sources, invalid ids will be discarded if there is a single valid ACS id in the query.

Version-Release number of selected component (if applicable):
n/a

How reproducible:
Always

Steps to Reproduce:
1. Create a Sat instance with an alternate content source, note the id.
2. Start a bulk refresh using the API, including the valid id along with several bogus id's:
`curl --request POST --user admin:changeme -H "Content-type: application/json" <host>/katello/api/alternate_content_sources/bulk/refresh?ids=<valid>,1001,1002,1003`

Actual results:
JSON output informing the user that the valid id alone has been refreshed

Expected results:
An error indicating invalid parameters

Additional info:
n/a

Actions
Copy link

Also available in: Atom PDF