summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZuul <zuul@review.openstack.org>2018-02-13 20:02:56 +0000
committerGerrit Code Review <review@openstack.org>2018-02-13 20:02:56 +0000
commitdbdb6213cbfc23210c6a7b7b8bdb18de0de5e017 (patch)
tree00ee2e778be5f2d27d5e0834ed6ae1b22c84c6f0
parent657905bcb82beeef86cb6785c3cbdc261125e0e5 (diff)
parent6029ccd44e500bd1d3ba41821793216cb4eac6dd (diff)
Merge "Invalid query parameter could lead to HTTP 500"
-rw-r--r--nova/api/validation/__init__.py13
-rw-r--r--nova/tests/unit/test_api_validation.py7
2 files changed, 19 insertions, 1 deletions
diff --git a/nova/api/validation/__init__.py b/nova/api/validation/__init__.py
index 490c4ea..6f1d0b3 100644
--- a/nova/api/validation/__init__.py
+++ b/nova/api/validation/__init__.py
@@ -21,6 +21,8 @@ import re
21 21
22from nova.api.openstack import api_version_request as api_version 22from nova.api.openstack import api_version_request as api_version
23from nova.api.validation import validators 23from nova.api.validation import validators
24from nova import exception
25from nova.i18n import _
24 26
25 27
26def _schema_validation_helper(schema, target, min_version, max_version, 28def _schema_validation_helper(schema, target, min_version, max_version,
@@ -167,8 +169,17 @@ def query_schema(query_params_schema, min_version=None,
167 else: 169 else:
168 req = args[1] 170 req = args[1]
169 171
172 # NOTE(Kevin_Zheng): The webob package throws UnicodeError when
173 # param cannot be decoded. Catch this and raise HTTP 400.
174
175 try:
176 query_dict = req.GET.dict_of_lists()
177 except UnicodeDecodeError:
178 msg = _('Query string is not UTF-8 encoded')
179 raise exception.ValidationError(msg)
180
170 if _schema_validation_helper(query_params_schema, 181 if _schema_validation_helper(query_params_schema,
171 req.GET.dict_of_lists(), 182 query_dict,
172 min_version, max_version, 183 min_version, max_version,
173 args, kwargs, is_body=False): 184 args, kwargs, is_body=False):
174 # NOTE(alex_xu): The additional query parameters were stripped 185 # NOTE(alex_xu): The additional query parameters were stripped
diff --git a/nova/tests/unit/test_api_validation.py b/nova/tests/unit/test_api_validation.py
index 416ef62..9e33121 100644
--- a/nova/tests/unit/test_api_validation.py
+++ b/nova/tests/unit/test_api_validation.py
@@ -305,6 +305,13 @@ class QueryParamsSchemaTestCase(test.NoDBTestCase):
305 req.api_version_request = api_version.APIVersionRequest("2.3") 305 req.api_version_request = api_version.APIVersionRequest("2.3")
306 self.assertRaises(exception.ValidationError, self.controller.get, req) 306 self.assertRaises(exception.ValidationError, self.controller.get, req)
307 307
308 def test_validate_request_unicode_decode_failure(self):
309 req = fakes.HTTPRequest.blank("/tests?foo=%88")
310 req.api_version_request = api_version.APIVersionRequest("2.1")
311 ex = self.assertRaises(
312 exception.ValidationError, self.controller.get, req)
313 self.assertIn("Query string is not UTF-8 encoded", six.text_type(ex))
314
308 def test_strip_out_additional_properties(self): 315 def test_strip_out_additional_properties(self):
309 req = fakes.HTTPRequest.blank( 316 req = fakes.HTTPRequest.blank(
310 "/tests?foos=abc&foo=%s&bar=123&-bar=456" % fakes.FAKE_UUID) 317 "/tests?foos=abc&foo=%s&bar=123&-bar=456" % fakes.FAKE_UUID)