Fix a bug with handling of binary data

When checking the length of the data in a request, Barbican assumes that data is UTF-8 encoded strings. Barbican then attempts to decode all data from UTF-8 to byte strings, which results in an exception when the data does not conform to UTF-8. This CR also adds the six library as a dependency to add type checking that is compatible in both Python 2 and 3. Change-Id: I3e937998c3bd4d5fbe94c89099ba56c26dbb75b7 Closes-Bug: #1315498
2014-05-02 14:25:10 -05:00 · 2014-05-02 14:25:10 -05:00 · 7699eeb2ec
commit 7699eeb2ec
parent 584b561c17
3 changed files with 33 additions and 1 deletions
--- a/barbican/common/validators.py
+++ b/barbican/common/validators.py
@ -6,6 +6,7 @@ import abc

 import jsonschema as schema
 from oslo.config import cfg
+import six

 from barbican.common import exception
 from barbican.common import utils
@ -26,7 +27,10 @@ CONF.register_opts(common_opts)


 def secret_too_big(data):
-    return len(data.encode('utf-8')) > CONF.max_allowed_secret_in_bytes
+    if isinstance(data, six.text_type):
+        return len(data.encode('UTF-8')) > CONF.max_allowed_secret_in_bytes
+    else:
+        return len(data) > CONF.max_allowed_secret_in_bytes


 def get_invalid_property(validation_error):
--- a/barbican/tests/common/test_validators.py
+++ b/barbican/tests/common/test_validators.py
@ -30,6 +30,33 @@ def suite():
    return suite


+class WhenTestingValidatorsFunctions(testtools.TestCase):
+
+    def test_secret_too_big_is_false_for_small_secrets(self):
+        data = b'\xb0'
+
+        is_too_big = validators.secret_too_big(data)
+
+        self.assertFalse(is_too_big)
+
+    def test_secret_too_big_is_true_for_big_secrets(self):
+        data = b'\x01' * validators.CONF.max_allowed_secret_in_bytes
+        data += b'\x01'
+
+        is_too_big = validators.secret_too_big(data)
+
+        self.assertTrue(is_too_big)
+
+    def test_secret_too_big_is_true_for_big_unicode_secrets(self):
+        beer = u'\U0001F37A'
+        data = beer * (validators.CONF.max_allowed_secret_in_bytes / 4)
+        data += u'1'
+
+        is_too_big = validators.secret_too_big(data)
+
+        self.assertTrue(is_too_big)
+
+
 class WhenTestingSecretValidator(testtools.TestCase):

    def setUp(self):
--- a/requirements.txt
+++ b/requirements.txt
@ -14,6 +14,7 @@ pbr>=0.5.21,<1.0
 pycrypto>=2.6
 pysqlite
 python-keystoneclient>=0.4.1
+six>=1.6.0
 SQLAlchemy>=0.7.8,<=0.9.99
 stevedore>=0.12
 WebOb>=1.2.3,<1.3