[CONTROLLER-1315] restconf allows alphabetical characters and non-numerical symbols for the flow id field Created: 13/May/15 Updated: 25/Jul/23 Resolved: 14/May/15 |
|
| Status: | Resolved |
| Project: | controller |
| Component/s: | restconf |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | ||
| Reporter: | Ryan Goulding | Assignee: | Unassigned |
| Resolution: | Cannot Reproduce | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Operating System: All |
||
| External issue ID: | 3207 |
| Description |
|
Alphabetical characters and non-numerical symbol are inappropriately allowed as flow ID. There is potential for exploitation with characters such as '$' and '@'. Thus, flow IDs like 'abc', or '---' are accepted by restconf. An example of a REST PUT call utilizing "---" as the flow ID that was accepted by the controller is shown below: PUT http://<controller-ip>:8181/restconf/config/opendaylight-inventory:nodes/node/openflow:1/table/0/flow/--- |
| Comments |
| Comment by Tony Tkacik [ 14/May/15 ] |
|
id in openflow model is modeled as string, so openflow model allows such keys and is correct for restconf to accept them. Marking is as Resolved - INVALID - since Restconf is behaving correctly according If you still see this as a bug, please open issue against openflowplugin with your Could you please elaborate how characters such "$" or "@" may present security flaw? Restconf / MD-SAL / Clustering / Netconf is not interpreting this characters and treats them as pure strings. |