Marking this as INVALID. Please set it back to NEW if you disagree.
** Changed in: nova
Status: New => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1888722
Title:
The Nova api permits any possible hostname, including for example
"../.." or "; --" or "hostname.openstack.org"
Status in OpenStack Compute (nova):
Invalid
Status in OpenStack Security Advisory:
Invalid
Bug description:
I have a long-standing bug in my internal bug tracker expressing
concern that the following server names are valid:
foo"]; --
../..
I note that there are also a couple of existing bugs (1581977 and
1655563) describing a bad interaction with the Neutron integration api
for hosts with a '.' in the name.
I propose a new config option:
[api]
permitted_servername_regex
That would allow people using neutron integration to disallow dots in
names, and I would rest easier knowing that I'd also ruled out
slashes, ampersands and semicolons.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1888722/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
