Merge "Invalid query parameter could lead to HTTP 500"
This commit is contained in:
commit
dbdb6213cb
|
@ -21,6 +21,8 @@ import re
|
||||||
|
|
||||||
from nova.api.openstack import api_version_request as api_version
|
from nova.api.openstack import api_version_request as api_version
|
||||||
from nova.api.validation import validators
|
from nova.api.validation import validators
|
||||||
|
from nova import exception
|
||||||
|
from nova.i18n import _
|
||||||
|
|
||||||
|
|
||||||
def _schema_validation_helper(schema, target, min_version, max_version,
|
def _schema_validation_helper(schema, target, min_version, max_version,
|
||||||
|
@ -167,8 +169,17 @@ def query_schema(query_params_schema, min_version=None,
|
||||||
else:
|
else:
|
||||||
req = args[1]
|
req = args[1]
|
||||||
|
|
||||||
|
# NOTE(Kevin_Zheng): The webob package throws UnicodeError when
|
||||||
|
# param cannot be decoded. Catch this and raise HTTP 400.
|
||||||
|
|
||||||
|
try:
|
||||||
|
query_dict = req.GET.dict_of_lists()
|
||||||
|
except UnicodeDecodeError:
|
||||||
|
msg = _('Query string is not UTF-8 encoded')
|
||||||
|
raise exception.ValidationError(msg)
|
||||||
|
|
||||||
if _schema_validation_helper(query_params_schema,
|
if _schema_validation_helper(query_params_schema,
|
||||||
req.GET.dict_of_lists(),
|
query_dict,
|
||||||
min_version, max_version,
|
min_version, max_version,
|
||||||
args, kwargs, is_body=False):
|
args, kwargs, is_body=False):
|
||||||
# NOTE(alex_xu): The additional query parameters were stripped
|
# NOTE(alex_xu): The additional query parameters were stripped
|
||||||
|
|
|
@ -305,6 +305,13 @@ class QueryParamsSchemaTestCase(test.NoDBTestCase):
|
||||||
req.api_version_request = api_version.APIVersionRequest("2.3")
|
req.api_version_request = api_version.APIVersionRequest("2.3")
|
||||||
self.assertRaises(exception.ValidationError, self.controller.get, req)
|
self.assertRaises(exception.ValidationError, self.controller.get, req)
|
||||||
|
|
||||||
|
def test_validate_request_unicode_decode_failure(self):
|
||||||
|
req = fakes.HTTPRequest.blank("/tests?foo=%88")
|
||||||
|
req.api_version_request = api_version.APIVersionRequest("2.1")
|
||||||
|
ex = self.assertRaises(
|
||||||
|
exception.ValidationError, self.controller.get, req)
|
||||||
|
self.assertIn("Query string is not UTF-8 encoded", six.text_type(ex))
|
||||||
|
|
||||||
def test_strip_out_additional_properties(self):
|
def test_strip_out_additional_properties(self):
|
||||||
req = fakes.HTTPRequest.blank(
|
req = fakes.HTTPRequest.blank(
|
||||||
"/tests?foos=abc&foo=%s&bar=123&-bar=456" % fakes.FAKE_UUID)
|
"/tests?foos=abc&foo=%s&bar=123&-bar=456" % fakes.FAKE_UUID)
|
||||||
|
|
Loading…
Reference in New Issue