openstack
/
cinder
Code Issues Proposed changes

Add orm type check for paginate_query 

Cinder rasises 500 error if the sort key is the resources'
object property.

This patch add the type check to prevent querying with non-ORM
propery.

Change-Id: Ia7de86435d4af865c20bcd2b6f9b24ccf3b1dca2
Closes-bug: #1653197
This commit is contained in:
wangxiyuan 2016-12-30 14:44:45 +08:00
parent a72d529fbe
commit 3ab03318ac
2 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
cinder/common/sqlalchemyutils.py
View File

@ -22,6 +22,7 @@ from oslo_log import log as logging
from six.moves import range
import sqlalchemy
from cinder.db import api
from cinder import exception
from cinder.i18n import _, _LW
@ -90,6 +91,8 @@ def paginate_query(query, model, limit, sort_keys, marker=None,
sort_key_attr = getattr(model, current_sort_key)
except AttributeError:
raise exception.InvalidInput(reason='Invalid sort key')
if not api.is_orm_value(sort_key_attr):
raise exception.InvalidInput(reason='Invalid sort key')
query = query.order_by(sort_dir_func(sort_key_attr))
# Add pagination

11
cinder/tests/unit/objects/test_volume.py
View File

@ -514,6 +514,7 @@ class TestVolume(test_objects.BaseObjectsTestCase):
self.assertFalse(volume_attachment_get.called)
@ddt.ddt
class TestVolumeList(test_objects.BaseObjectsTestCase):
@mock.patch('cinder.db.volume_get_all')
def test_get_all(self, volume_get_all):
@ -560,6 +561,16 @@ class TestVolumeList(test_objects.BaseObjectsTestCase):
self.assertEqual(1, len(volumes))
TestVolume._compare(self, db_volume, volumes[0])
@ddt.data(['name_id'], ['__contains__'])
def test_get_by_project_with_sort_key(self, sort_keys):
fake_volume.fake_db_volume()
self.assertRaises(exception.InvalidInput,
objects.VolumeList.get_all_by_project,
self.context,
self.context.project_id,
sort_keys=sort_keys)
@mock.patch('cinder.db.volume_include_in_cluster')
def test_include_in_cluster(self, include_mock):
filters = {'host': mock.sentinel.host,