Project

General

Profile

Actions
Copy link

Bug #10263

closed

Insufficient validation of alias name when restoring aliases

Added by moon sec over 5 years ago. Updated over 5 years ago.

Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
Backup / Restore
Target version:
-
Start date:
02/16/2020
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.4-p3
Affected Architecture:
All

Description

When creating an alias using the GUI, the alias name is validated correctly (only "a-z, A-Z, 0-9 and _"). When Restoring aliases using the restore function, the alias names are not validated correctly. Thus, names like "web-server" are allowed.

Steps to reproduce:
1. Backup Aliases using "Backup and Restore" Function.
2. Change the name of an alias to an non-validatable value (e.g. web-server)
3. Restore Aliases using "Backup and Restore" Function.

Actions
Copy link
 #1

Updated by moon sec over 5 years ago

Category: Backup/Restore

Actions
Copy link
 #2

Updated by Jim Pingle over 5 years ago

  • Category set to Backup / Restore
  • Status changed from New to Not a Bug

There are lots of ways you can create bad configurations by restoring things improperly. It's not viable to validate them all, given the way things are currently designed. In the future this may be a non-factor when things are redesigned and there are other things like YANG involved that help out. But it isn't something that will be actionable as-is.

Actions
Copy link

Also available in: Atom PDF