Validate empty location value for v1 api

When empty string is passed as location value the glance raises internal server error. The patch checks that location value is present in image meta and generates BadRequest if it is empty. Change-Id: I8f3640276368292ced508d5f4c918c147b9d1f19 Closes-Bug: #1498460
2015-09-23 14:48:54 +03:00 · 2015-09-23 14:48:54 +03:00 · c2cbdd84e7
parent a33b20b92b
commit c2cbdd84e7
3 changed files with 45 additions and 11 deletions
--- a/glance/api/v1/images.py
+++ b/glance/api/v1/images.py
@ -465,26 +465,32 @@ class Controller(controller.BaseController):
        or copy-from headers) are supported. Otherwise we reject
        with 400 "Bad Request".
        """
-        if source:
-            if store_utils.validate_external_location(source):
-                return source
-            else:
+        if store_utils.validate_external_location(source):
+            return source
+        else:
+            if source:
                msg = _("External sources are not supported: '%s'") % source
-                LOG.warn(msg)
-                raise HTTPBadRequest(explanation=msg,
-                                     request=req,
-                                     content_type="text/plain")
+            else:
+                msg = _("External source should not be empty")
+            LOG.warn(msg)
+            raise HTTPBadRequest(explanation=msg,
+                                 request=req,
+                                 content_type="text/plain")

    @staticmethod
    def _copy_from(req):
        return req.headers.get('x-glance-api-copy-from')

    def _external_source(self, image_meta, req):
-        source = image_meta.get('location')
-        if source is not None:
+        if 'location' in image_meta:
            self._enforce(req, 'set_image_location')
-        else:
+            source = image_meta['location']
+        elif 'x-glance-api-copy-from' in req.headers:
            source = Controller._copy_from(req)
+        else:
+            # we have an empty external source value
+            # so we are creating "draft" of the image and no need validation
+            return None
        return Controller._validate_source(source, req)

    @staticmethod
--- a/glance/common/store_utils.py
+++ b/glance/common/store_utils.py
@ -129,6 +129,8 @@ def validate_external_location(uri):
    :param uri: The URI of external image location.
    :return: Whether given URI of external image location are OK.
    """
+    if not uri:
+        return False

    # TODO(zhiyan): This function could be moved to glance_store.
    # TODO(gm): Use a whitelist of allowed schemes
--- a/glance/tests/unit/v1/test_api.py
+++ b/glance/tests/unit/v1/test_api.py
@ -510,6 +510,32 @@ class TestGlanceAPI(base.IsolatedUnitTest):
            self.assertEqual(400, res.status_int)
            self.assertIn('Disk format is not specified', res.body)

+    def test_create_with_empty_location(self):
+        fixture_headers = {
+            'x-image-meta-location': '',
+        }
+
+        req = webob.Request.blank("/images")
+        req.method = 'POST'
+        for k, v in six.iteritems(fixture_headers):
+            req.headers[k] = v
+
+        res = req.get_response(self.api)
+        self.assertEqual(400, res.status_int)
+
+    def test_create_with_empty_copy_from(self):
+        fixture_headers = {
+            'x-glance-api-copy-from': '',
+        }
+
+        req = webob.Request.blank("/images")
+        req.method = 'POST'
+        for k, v in six.iteritems(fixture_headers):
+            req.headers[k] = v
+
+        res = req.get_response(self.api)
+        self.assertEqual(400, res.status_int)
+
    def test_create_delayed_image_with_no_disk_and_container_formats(self):
        fixture_headers = {
            'x-image-meta-name': 'delayed',