Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"odo registry add" adds registry for invalid url in devfileV2 #3451

Closed
prietyc123 opened this issue Jun 30, 2020 · 6 comments · Fixed by #3900
Closed

"odo registry add" adds registry for invalid url in devfileV2 #3451

prietyc123 opened this issue Jun 30, 2020 · 6 comments · Fixed by #3900
Assignees
@GeekArthur
Labels
area/registry Issues or PRs related to Devfile registries kind/bug Categorizes issue or PR as related to a bug. priority/Low Nice to have issue. It's not immediately on the project roadmap to get it done.

Comments

@prietyc123
Copy link
Contributor

/kind bug

What versions of software are you using?

Operating System:
All

Output of odo version:
master

How did you run odo exactly?

Steps to reproduce:

  1. Enable experimental mode odo preference set Experimental true
  2. odo registry add wRegistry "http://api.google.com/q?exp=a|b" with invalid url
  3. odo registry list

Actual behavior

$ odo preference view
PARAMETER             CURRENT_VALUE
UpdateNotification    false
NamePrefix            
Timeout               
PushTimeout           
Experimental          true

$ odo registry add wRegistry "http://api.google.com/q?exp=a|b"
New registry successfully added

$ odo registry listNAME                       URL
CheDevfileRegistry         https://che-devfile-registry.openshift.io
DefaultDevfileRegistry     https://raw.githubusercontent.com/elsony/devfile-registry/master
demoRegistry               http://docker.io
wrongRegistry              http://www.xyz.com
wRegistry                  http://api.google.com/q?exp=a|b

Expected behavior

odo registry add should throw error for invalid url

Any logs, error output, etc?

Manually verified.
@openshift-ci-robot openshift-ci-robot added the kind/bug Categorizes issue or PR as related to a bug. label Jun 30, 2020
@prietyc123 prietyc123 added the area/registry Issues or PRs related to Devfile registries label Jun 30, 2020
@prietyc123 prietyc123 mentioned this issue Jun 30, 2020
Closed
3 tasks
@prietyc123
Copy link
Contributor Author

Even I tried with $ also but somehow it is converting the $ into some random number.

$ odo registry add wRegistry "http://$$$$,,,,,@hdjh.hcgcyd"
New registry successfully added
$ odo registry list
NAME                       URL
wRegistry                  http://1624716247,,,,,@hdjh.hcgcyd

This looks something weird to me.

@prietyc123 prietyc123 added the priority/High Important issue; should be worked on before any other issues (except priority/Critical issue(s)). label Jun 30, 2020
@kadel
Copy link
Member

kadel commented Jun 30, 2020

This shouldn't be a high priority.

/remove-priority high
/priority low

We intentionally don't validate that the registry is accessible and in odo registry add command.

I think that http://api.google.com/q?exp=a|b is a valid URL.

http://$$$$,,,,,@hdjh.hcgcyd is another story, that is clearly invalid URL.

We definitely don't want to check if URL is available or not in odo registry add.

But it might make sense to add format validation that would check for proper URL format.

@openshift-ci-robot openshift-ci-robot added priority/Low Nice to have issue. It's not immediately on the project roadmap to get it done. and removed priority/High Important issue; should be worked on before any other issues (except priority/Critical issue(s)). labels Jun 30, 2020
@mik-dass
Copy link
Contributor

We can maybe do some basic URL validation using ParseRequestURI() from the url package.

@GeekArthur
Copy link
Contributor

Regarding arguments/flags validation, the design is that we divide the validation into two stages:
Early validation stage: Only validate URL basic format, happens when user adds registry URL
Validation stage: Validate URL accessibility, happens when user uses registry URL

That design is based on yum-config-manager, design proposal with details under this thread: #2940 (comment)

@prietyc123 In short, all the inaccessible/invalid URL will be detected/validated when users use the URL by running odo catalog, odo create, etc

@prietyc123
Copy link
Contributor Author

I think that http://api.google.com/q?exp=a|b is a valid URL.

I don't find it a valid url as it contains | which already has some special meaning. IMO if it is encoded as http://api.google.com/q?exp=a%7Cb then we can consider this a valid.

http://$$$$,,,,,@hdjh.hcgcyd is another story, that is clearly invalid URL.

Yes, for such kind of urls we should add some format validation. Also we can consider to exclude those url which has some special meaning like | and $

But it might make sense to add format validation that would check for proper URL format.

+1

@girishramnani girishramnani mentioned this issue Aug 5, 2020
Closed
@GeekArthur
Copy link
Contributor

@mik-dass We do have the URL validation function here: https://github.com/openshift/odo/blob/master/pkg/util/util.go#L1139, it uses url.Parse package to implement the basic URL format validation which is similar to use url.ParseRequestURI as both of the packages are used to parse and get the essential components of the URL for analysis. The original design of the basic URL format validation is that the URL is valid if it has both scheme and host.

Regarding the discussion above, based on the current RFC https://www.ietf.org/rfc/rfc3986.txt, I agree with @kadel, this URL http://api.google.com/q?exp=a|b is valid as | is not reserved character, it may throw URISyntaxException error in Java code but that doesn't apply to our case because odo uses Golang.

My suggestion is that we can add the code that excluding the reserved character for the essential components to our existing basic URL format validation.

@GeekArthur GeekArthur mentioned this issue Sep 4, 2020
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@GeekArthur GeekArthur

Labels
area/registry Issues or PRs related to Devfile registries kind/bug Categorizes issue or PR as related to a bug. priority/Low Nice to have issue. It's not immediately on the project roadmap to get it done.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Improve URL format validation GeekArthur/odo-fork
5 participants
@kadel @mik-dass @GeekArthur @openshift-ci-robot @prietyc123