Invalid config set does not catch invalid configs that begin with "projects/" or "services/" |
|||||||
Issue descriptionChrome Version: (copy from chrome://version) OS: (e.g. Win7, OSX 10.9.5, etc...) What steps will reproduce the problem? (1) Visit luci-config.appspot.com (2) Navigate to Configuration Service and then to config.get_config_sets (3) In the config_set field, type in "projects/doesnotexist" or "services/doesnotexist" (4) Click "Authorize and execute" What is the expected result? A 400 error with the error message "invalid config set u'projects/doesnotExist'" What happens instead? A config set is returned with information about the config set that was provided (even though it does not exist). NOTE: If you would like to see expected behavior, type "doesNotExist" into the config_set field without the preceding "projects/" or "services/"
,
Jul 10 2017
,
Jul 10 2017
,
Jul 10 2017
this happens only for admins because the code does not even bother to check if the config set exists. It does not affect users, thus Pri-3 is appropriate.
,
Jul 10 2017
making it available because we have more important things to do
,
Jul 11 2017
,
Jul 11
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue. Sorry for the inconvenience if the bug really should have been left as Available. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 18
With config validation this now actually returns 403, so we should be able to close this as Fixed. |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by cwpayton@google.com
, Jul 10 2017