expires should be checked when using pre-signed url

When creating pre-signed url, if expire time is set as some special string like "'expires'='3600'", after creation is done, the expire time will be "3600-01-01T00:00:00", that means this url will be valid until the year 3600! So we should check the data format of expire time, if it's a string of integer value, zaqar should return error. Change-Id: I61d2d977d45b5d33ff3355f2c854215ee1a52bb2 Closes-Bug: #1561311
2016-03-24 12:12:42 +08:00 · 2016-03-24 12:12:42 +08:00 · b645feb48a
commit b645feb48a
parent 0e1f4aed28
2 changed files with 11 additions and 0 deletions
--- a/zaqar/common/urls.py
+++ b/zaqar/common/urls.py
@ -62,6 +62,15 @@ def create_signed_url(key, paths, project=None, expires=None, methods=None):
    if expires is not None:
        # NOTE(flaper87): Verify if the format is correct
        # and normalize the value to UTC.
+        check_expires = None
+        try:
+            check_expires = int(expires)
+        except ValueError:
+            pass
+        if check_expires:
+            raise ValueError(_LE('`expires` should be date format, '
+                                 'for example 2016-01-01T00:00:00, '
+                                 'not integer value: %s') % check_expires)
        parsed = timeutils.parse_isotime(expires)
        expires = timeutils.normalize_time(parsed)
    else:
--- a/zaqar/tests/unit/common/test_urls.py
+++ b/zaqar/tests/unit/common/test_urls.py
@ -103,3 +103,5 @@ class TestURLs(base.TestBase):
        self.assertRaises(ValueError, urls.create_signed_url, 'test', '/test')
        self.assertRaises(ValueError, urls.create_signed_url, 'test',
                          ['/test'], expires='wrong date format')
+        self.assertRaises(ValueError, urls.create_signed_url, 'test',
+                          ['/test'], expires='3600')