Missing input validation on security groups #705
Comments
|
We have created an issue in Pivotal Tracker to manage this: https://www.pivotaltracker.com/story/show/133208349 The labels on this github issue will be updated when the story is started. |
luan
pushed a commit
that referenced
this issue
Dec 7, 2016
[GH #705] [Finishes #133208349] Signed-off-by: Luan Santos <lsantos@pivotal.io>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks for submitting an issue to
cloud_controller_ng. We are always trying to improve! To help us, please fill out the following template.Issue
It is possible for an admin to create and bind a security group that is syntactically invalid.
Context
If a
destinationfield is empty, no error is thrown. The rule gets applied to applications, and Diego components then log errors and refuse to start the app.Steps to Reproduce
Create a file containing this JSON
[ { "destination": "10.10.5.68", "ports": "60002", "protocol": "tcp" }, { "destination": "", "ports": "8080", "protocol": "tcp" } ]Then run
Observe that the command succeeds:
Expected result
I expect an error, perhaps from the CLI, but definitely from the CC API.
cc: @jaydunk
The text was updated successfully, but these errors were encountered: