Validate empty location value for v1 api
When empty string is passed as location value the glance
raises internal server error.
The patch checks that location value is present in image meta
and generates BadRequest if it is empty.
Change-Id: I8f3640276368292ced508d5f4c918c147b9d1f19
Closes-Bug: #1498460
(cherry picked from commit c2cbdd84e7
)
This commit is contained in:
parent
b9c9ac7363
commit
08fea0bad8
|
@ -441,26 +441,32 @@ class Controller(controller.BaseController):
|
|||
or copy-from headers) are supported. Otherwise we reject
|
||||
with 400 "Bad Request".
|
||||
"""
|
||||
if source:
|
||||
if store_utils.validate_external_location(source):
|
||||
return source
|
||||
else:
|
||||
if store_utils.validate_external_location(source):
|
||||
return source
|
||||
else:
|
||||
if source:
|
||||
msg = _("External sources are not supported: '%s'") % source
|
||||
LOG.warn(msg)
|
||||
raise HTTPBadRequest(explanation=msg,
|
||||
request=req,
|
||||
content_type="text/plain")
|
||||
else:
|
||||
msg = _("External source should not be empty")
|
||||
LOG.warn(msg)
|
||||
raise HTTPBadRequest(explanation=msg,
|
||||
request=req,
|
||||
content_type="text/plain")
|
||||
|
||||
@staticmethod
|
||||
def _copy_from(req):
|
||||
return req.headers.get('x-glance-api-copy-from')
|
||||
|
||||
def _external_source(self, image_meta, req):
|
||||
source = image_meta.get('location')
|
||||
if source is not None:
|
||||
if 'location' in image_meta:
|
||||
self._enforce(req, 'set_image_location')
|
||||
else:
|
||||
source = image_meta['location']
|
||||
elif 'x-glance-api-copy-from' in req.headers:
|
||||
source = Controller._copy_from(req)
|
||||
else:
|
||||
# we have an empty external source value
|
||||
# so we are creating "draft" of the image and no need validation
|
||||
return None
|
||||
return Controller._validate_source(source, req)
|
||||
|
||||
@staticmethod
|
||||
|
|
|
@ -129,6 +129,8 @@ def validate_external_location(uri):
|
|||
:param uri: The URI of external image location.
|
||||
:return: Whether given URI of external image location are OK.
|
||||
"""
|
||||
if not uri:
|
||||
return False
|
||||
|
||||
# TODO(zhiyan): This function could be moved to glance_store.
|
||||
# TODO(gm): Use a whitelist of allowed schemes
|
||||
|
|
|
@ -453,6 +453,32 @@ class TestGlanceAPI(base.IsolatedUnitTest):
|
|||
self.assertEqual(400, res.status_int)
|
||||
self.assertIn('Disk format is not specified', res.body)
|
||||
|
||||
def test_create_with_empty_location(self):
|
||||
fixture_headers = {
|
||||
'x-image-meta-location': '',
|
||||
}
|
||||
|
||||
req = webob.Request.blank("/images")
|
||||
req.method = 'POST'
|
||||
for k, v in six.iteritems(fixture_headers):
|
||||
req.headers[k] = v
|
||||
|
||||
res = req.get_response(self.api)
|
||||
self.assertEqual(400, res.status_int)
|
||||
|
||||
def test_create_with_empty_copy_from(self):
|
||||
fixture_headers = {
|
||||
'x-glance-api-copy-from': '',
|
||||
}
|
||||
|
||||
req = webob.Request.blank("/images")
|
||||
req.method = 'POST'
|
||||
for k, v in six.iteritems(fixture_headers):
|
||||
req.headers[k] = v
|
||||
|
||||
res = req.get_response(self.api)
|
||||
self.assertEqual(400, res.status_int)
|
||||
|
||||
def test_create_delayed_image_with_no_disk_and_container_formats(self):
|
||||
fixture_headers = {
|
||||
'x-image-meta-name': 'delayed',
|
||||
|
|
Loading…
Reference in New Issue