88c45151fa
While agent_url is software generated, it is still a public endpoint and at least needs some upfront filtering applied. To do this, we can leverage urllib in the standard library to disassemble the url, and reconstruct it based upon the standards. The plus of this approach is that it will remove some invalid formatting for us, and if things are too out of line, an exception is raised as ValueError. An important note, this is *not* explicitly urlparsing security[0] as denoted in the Python urllib documentation, but that the application should operate defensively. [0]: https://docs.python.org/3/library/urllib.parse.html#url-parsing-security Change-Id: I45ee1c8a73ed13511bc47a69130105f16d34be1e
11 lines
368 B
YAML
11 lines
368 B
YAML
---
|
|
features:
|
|
- |
|
|
Adds additional validation to the agent ``callback_url``.
|
|
security:
|
|
- |
|
|
Additional validation of the ``callback_url`` which is supplied to Ironic
|
|
by the agent has been added. In addition to any standardized formatting
|
|
checks included in Python urllib, we will also reject requests which
|
|
have an invalid URL schema formatting.
|