starred/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2026-01-11 21:10:29 +01:00
Code Issues 273 Packages Projects Releases 10 Wiki Activity

API endpoint dcim/cables fails to validate termination type against target specified by id #2675

New Issue
Closed
opened 2025-12-29 18:21:03 +01:00 by adam · 6 comments
adam commented 2025-12-29 18:21:03 +01:00
Owner
Copy Link

Originally created by @ajknv on GitHub (Jun 19, 2019).

Environment

  • Python version: 3.6.8
  • NetBox version: 2.5.13

Steps to Reproduce

  1. Send an API request to create a cable where one of the termination types (accidentally) doesn't match the type of the actual object referenced by the corresponding termination id, e.g.:
    POST dcim/cables '{"termination_a_id": "<POWEROUTLET_ID>", "termination_a_type": "<POWERPORT_TYPE_ID>", "termination_b_id": "<POWEROUTLET_ID>", "termination_b_type": "<POWEROUTLET_TYPE_ID>"}'

Expected Behavior

Netbox will validate that an object of "termination_<X>_type" with the specified "termination_<X>_id" actually exists and reject the request with an error if not.

Observed Behavior

Netbox apparently writes the requested data to the dcim_cables table blindly, creating a broken foreign key reference. It does provoke an error, but not a well-formed rejection request, and the cable object gets created anyway:
Server Error
There was a problem with your request. Please contact an administrator. The complete exception is provided below:
&lt;class &#39;AttributeError&#39;&gt; &#39;NoneType&#39; object has no attribute &#39;cable&#39;

The resulting cable object is also "broken" in that it cannot be deleted via the UI or API, as attempts to do so raise an error:
There was a problem with your request. Please contact an administrator. The complete exception is provided below:
<class 'AttributeError'> 'NoneType' object has no attribute 'trace'
Recovery requires deleting the cable directly from the database with a SQL statement.

Originally created by @ajknv on GitHub (Jun 19, 2019). ### Environment * Python version: 3.6.8 * NetBox version: 2.5.13 ### Steps to Reproduce 1. Send an API request to create a cable where one of the termination types (accidentally) doesn't match the type of the actual object referenced by the corresponding termination id, e.g.: POST dcim/cables '{"termination_a_id": "<POWEROUTLET_ID>", "termination_a_type": "<POWERPORT_TYPE_ID>", "termination_b_id": "<POWEROUTLET_ID>", "termination_b_type": "<POWEROUTLET_TYPE_ID>"}' ### Expected Behavior Netbox will validate that an object of "termination\_\<X\>\_type" with the specified "termination\_\<X\>\_id" actually exists and reject the request with an error if not. ### Observed Behavior Netbox apparently writes the requested data to the dcim_cables table blindly, creating a broken foreign key reference. It does provoke an error, but not a well-formed rejection request, and the cable object gets created anyway: ``Server Error`` ``There was a problem with your request. Please contact an administrator. The complete exception is provided below:`` ``&lt;class &#39;AttributeError&#39;&gt; &#39;NoneType&#39; object has no attribute &#39;cable&#39; `` The resulting cable object is also "broken" in that it cannot be deleted via the UI or API, as attempts to do so raise an error: `` There was a problem with your request. Please contact an administrator. The complete exception is provided below: `` `` <class 'AttributeError'> 'NoneType' object has no attribute 'trace' `` Recovery requires deleting the cable directly from the database with a SQL statement.
adam added the type: bugstatus: accepted labels 2025-12-29 18:21:03 +01:00
adam closed this issue 2025-12-29 18:21:03 +01:00
adam commented 2025-12-29 18:21:04 +01:00
Author
Owner
Copy Link

@mshems commented on GitHub (Jun 20, 2019):

The endpoint additionally does not check that termination_a_id is not the same as termination_b_id. The resulting cable is also broken and cannot be deleted via UI or API, giving the following error:

<class 'AttributeError'>

'NoneType' object has no attribute 'trace'
@mshems commented on GitHub (Jun 20, 2019): The endpoint additionally does not check that `termination_a_id` is not the same as `termination_b_id`. The resulting cable is also broken and cannot be deleted via UI or API, giving the following error: ``` <class 'AttributeError'> 'NoneType' object has no attribute 'trace' ```
adam commented 2025-12-29 18:21:04 +01:00
Author
Owner
Copy Link

@jeremystretch commented on GitHub (Jun 20, 2019):

Python version: 2.7.5
NetBox version: 2.5.13

NetBox v2.5 requires Python 3.5 or higher. Please verify your installation environment.

@jeremystretch commented on GitHub (Jun 20, 2019): > Python version: 2.7.5 > NetBox version: 2.5.13 NetBox v2.5 requires Python 3.5 or higher. Please verify your installation environment.
adam commented 2025-12-29 18:21:04 +01:00
Author
Owner
Copy Link

@ajknv commented on GitHub (Jun 20, 2019):

My mistake, pulled the python version from the host environment rather than the container it was running in. Updated bug synopsis to reflect correct version of python running the Netbox workers (3.6.8).

@ajknv commented on GitHub (Jun 20, 2019): My mistake, pulled the python version from the host environment rather than the container it was running in. Updated bug synopsis to reflect correct version of python running the Netbox workers (3.6.8).
adam commented 2025-12-29 18:21:04 +01:00
Author
Owner
Copy Link

@jeremystretch commented on GitHub (Jun 24, 2019):

I'm not able to reproduce this on v2.5.13 or v2.6.0. NetBox validates the connection types as expected and returns an error:

curl -X POST \
-H "Authorization: Token <token>" \
-H "Content-Type: application/json" \
-H "Accept: application/json; indent=4" \
http://localhost:8000/api/dcim/cables/ \
--data '{"termination_a_id": "35281", "termination_a_type": "dcim.poweroutlet", "termination_b_id": "35257", "termination_b_type": "dcim.poweroutlet"}'

{
    "non_field_errors": [
        "Incompatible termination types: power outlet and power outlet"
    ]
}

Please post the full exact API request you're making to trigger the exception.

@jeremystretch commented on GitHub (Jun 24, 2019): I'm not able to reproduce this on v2.5.13 or v2.6.0. NetBox validates the connection types as expected and returns an error: ``` curl -X POST \ -H "Authorization: Token <token>" \ -H "Content-Type: application/json" \ -H "Accept: application/json; indent=4" \ http://localhost:8000/api/dcim/cables/ \ --data '{"termination_a_id": "35281", "termination_a_type": "dcim.poweroutlet", "termination_b_id": "35257", "termination_b_type": "dcim.poweroutlet"}' ``` ``` { "non_field_errors": [ "Incompatible termination types: power outlet and power outlet" ] } ``` Please post the full exact API request you're making to trigger the exception.
adam commented 2025-12-29 18:21:04 +01:00
Author
Owner
Copy Link

@ajknv commented on GitHub (Jun 24, 2019):

You don't appear to have specified different termination types in your repro attempt.
curl -X POST -H "Authorization: Token <TOKEN>" -H "Content-Type: application/json" -H "Accept: application/json; indent=4" https://localhost:443/api/dcim/cables/ --data '{"termination_a_id": "992", "termination_a_type": "dcim.poweroutlet", "termination_b_id": "993", "termination_b_type": "dcim.powerport"}'

<body>
<div class="container-fluid">
<div class="row">
<div class="col-md-6 col-md-offset-3">
<div class="panel panel-danger" style="margin-top: 200px">
<div class="panel-heading">
<strong>
<i class="fa fa-warning"></i>
Server Error
</strong>
</div>
<div>
<p>
There was a problem with your request. Please contact an administrator.
</p>
<hr />
<p>
The complete exception is provided below:
</p>
<strong><class 'AttributeError'></strong><br />
'NoneType' object has no attribute 'cable'</pre>
<p>
If further assistance is required, please post to the <a href="https://groups.google.com/forum/#!forum/netbox-discuss">NetBox mailing list</a>.
</p>
<div class="text-right">
<a href="/" class="btn btn-primary">Home Page</a>
</div>
</div>
</div>
</div>
</div>
</div>
</body>

@ajknv commented on GitHub (Jun 24, 2019): You don't appear to have specified different termination *types* in your repro attempt. `curl -X POST -H "Authorization: Token <TOKEN>" -H "Content-Type: application/json" -H "Accept: application/json; indent=4" https://localhost:443/api/dcim/cables/ --data '{"termination_a_id": "992", "termination_a_type": "dcim.poweroutlet", "termination_b_id": "993", "termination_b_type": "dcim.powerport"}'` <hr> <title>Server Error</title> \<body> \<div class="container-fluid"> \<div class="row"> \<div class="col-md-6 col-md-offset-3"> \<div class="panel panel-danger" style="margin-top: 200px"> \<div class="panel-heading"> \<strong> \<i class="fa fa-warning">\</i> Server Error \</strong> \</div> \<div> \<p> There was a problem with your request. Please contact an administrator. \</p> \<hr /> \<p> The complete exception is provided below: \</p> \<strong>&lt;class &#39;AttributeError&#39;&gt;\</strong>\<br /> &#39;NoneType&#39; object has no attribute &#39;cable&#39;\</pre> \<p> If further assistance is required, please post to the \<a href="https://groups.google.com/forum/#!forum/netbox-discuss">NetBox mailing list\</a>. \</p> \<div class="text-right"> \<a href="/" class="btn btn-primary">Home Page\</a> \</div> \</div> \</div> \</div> \</div> \</div> \</body>
adam commented 2025-12-29 18:21:04 +01:00
Author
Owner
Copy Link

@jeremystretch commented on GitHub (Jun 24, 2019):

Oh, I see, you're referencing an object that doesn't exist. I would have thought that Django would handle that validation natively but apparently it does not.

@jeremystretch commented on GitHub (Jun 24, 2019): Oh, I see, you're referencing an object that doesn't exist. I would have thought that Django would handle that validation natively but apparently it does not.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
beta
breaking change
complexity: high
complexity: low
complexity: medium
needs milestone
netbox
pending closure
plugin candidate
pull-request
Mirrored from GitHub Pull Request
 severity: high
severity: low
severity: medium
status: accepted
status: backlog
status: blocked
status: duplicate
status: needs owner
status: needs triage
status: revisions needed
status: under review
topic: GraphQL
topic: Internationalization
topic: OpenAPI
topic: UI/UX
topic: cabling
topic: event rules
topic: htmx navigation
topic: industrialization
topic: migrations
topic: plugins
topic: scripts
topic: templating
topic: testing
type: bug
type: deprecation
type: documentation
type: feature
type: housekeeping
type: translation
No Label status: accepted type: bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/netbox#2675
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?