azure-service-bus-dotnet icon indicating copy to clipboard operation
azure-service-bus-dotnet copied to clipboard

Published 20 hours ago verified publisher icon Azure

ManagementClient.QueueExistsAsync() is working incorrectly

Open SeanFeldman opened this issue 6 years ago • 4 comments

Give the following code:

await client.QueueExistsAsync("error");

Actual when a connection string w/o Manage rights is used, the client will throw UnauthorizedException in case error queue exists. If the queue doesn't exist, it will return false.

Expected Throw whenever connection string has no Manage rights.

This is a potential security issue as information about entities could be revealed.

Note: have not tested with other entities. Could be the same issue.

Note: this is a broker side issue and the old client is affected as well (https://github.com/Azure/azure-service-bus/issues/211).

SeanFeldman avatar Jun 28 '18 21:06 SeanFeldman

The old client is throwing UnauthorizedAccessException. For consistency, it would be good to throw the same exception as well.

SeanFeldman avatar Jun 28 '18 21:06 SeanFeldman

Old client throws System.UnauthorizedAccessException . New client throws Microsoft.Azure.ServiceBus.UnauthorizedException. Wanted all known exceptions to extend from ServiceBusException. Hence the change

nemakam avatar Jun 28 '18 21:06 nemakam

@nemakam name wise, np. But the issue goes beyond that. Could you please comment on that? Thanks.

SeanFeldman avatar Jun 28 '18 21:06 SeanFeldman

Yes. Its a very valid issue. That definitely will be fixed soon..

nemakam avatar Jun 28 '18 21:06 nemakam