Skip to content

NotificationEndpoint: http type does not check if URL string follows URL schema  #23724

New issue
New issue
Open
Open
NotificationEndpoint: http type does not check if URL string follows URL schema #23724
Labels
area/apikind/bugteam/edge
@karel-rehor

Description

@karel-rehor
karel-rehor
opened on Sep 13, 2022

Steps to reproduce:
List the minimal actions needed to reproduce the behavior.

  1. Prepare a new Notification Endpoint request
  2. In the request body for the field url provide a string that does not follow the URL or URI schema from W3C https://www.w3.org/TR/2011/WD-html5-20110525/urls.html for example in Javascript I provided the value Math.PI
  3. POST the request to /api/v2/notificationEndpoints

Expected behavior:
Describe what you expected to happen.

Expected the URL value to be verified and rejected, since the string does not fulfill the requirements to be a URL. At a minimum should match

 URI         = scheme ":" hier-part [ "?" query ] [ "#" fragment ]

https://www.rfc-editor.org/rfc/rfc3986

Actual behavior:
Describe What actually happened.
The request was accepted and the notficationEndpoint object was returned with the invalid URL

resp.body {
   "id": "09f9ae7d8912a000",
   "name": "SimpleHTTP_b4d89e",
   "description": "3abc147aca56f91e68001803862a58a2e3b5406ce8e9426b9beee0552b37b12d",
   "orgID": "45c6c63b15e97792",
   "status": "active",
   "createdAt": "2022-09-13T12:04:31.396425055Z",
   "updatedAt": "2022-09-13T12:04:31.396425055Z",
   "url": "3.141592653589793",
   "token": "",
   "username": "",
   "password": "",
   "authMethod": "none",
   "method": "POST",
   "contentTemplate": "",
   "type": "http",
   "labels": [],
   "links": {
      "self": "/api/v2/notificationEndpoints/09f9ae7d8912a000",
      "labels": "/api/v2/notificationEndpoints/09f9ae7d8912a000/labels",
      "members": "/api/v2/notificationEndpoints/09f9ae7d8912a000/members",
      "owners": "/api/v2/notificationEndpoints/09f9ae7d8912a000/owners"
   }

This was from posting the following request

{
   "orgID": "45c6c63b15e97792",
   "name": "SimpleHTTP_b4d89e",
   "description": "3abc147aca56f91e68001803862a58a2e3b5406ce8e9426b9beee0552b37b12d",
   "type": "http",
   "status": "active",
   "authMethod": "none",
   "method": "POST",
   "url": "3.141592653589793"
}

Environment info:

Testing against latest remocal K8S-IDPE

commit 7c046b8fee75b90bc2d7b176ffbe7e045b9c3fae (HEAD -> master, origin/master, origin/HEAD)
Author: influx-acs[bot] <107396960+influx-acs[bot]@users.noreply.github.com>
Date:   Tue Sep 13 07:53:01 2022 +0000

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/apikind/bugteam/edge

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions