Merge "Reject invalid filters"

This commit is contained in:
Jenkins 2015-07-28 10:42:15 +00:00 committed by Gerrit Code Review
commit 6e710423a5
5 changed files with 30 additions and 5 deletions

View File

@ -55,12 +55,17 @@ class RestController(pecan.rest.RestController):
return central_rpcapi.CentralAPI.get_instance() return central_rpcapi.CentralAPI.get_instance()
def _apply_filter_params(self, params, accepted_filters, criterion): def _apply_filter_params(self, params, accepted_filters, criterion):
invalid=[]
for k in accepted_filters: for k in params:
if k in params: if k in accepted_filters:
criterion[k] = params[k].replace("*", "%") criterion[k] = params[k].replace("*", "%")
else:
return criterion invalid.append(k)
if invalid:
raise exceptions.BadRequest(
'Invalid filters %s' % ', '.join(invalid))
else:
return criterion
def _handle_post(self, method, remainder): def _handle_post(self, method, remainder):
''' '''

View File

@ -161,3 +161,8 @@ class ApiV2BlacklistsTest(ApiV2TestCase):
# Check that the correct number of recordsets match # Check that the correct number of recordsets match
self.assertEqual(correct_result, len(response.json['blacklists'])) self.assertEqual(correct_result, len(response.json['blacklists']))
def test_invalid_blacklist_filter(self):
url = '/blacklists?description=test'
self.policy({'find_blacklists': '@'})
self._assert_exception('bad_request', 400, self.client.get, url)

View File

@ -954,3 +954,8 @@ class ApiV2RecordSetsTest(ApiV2TestCase):
self.client.delete('/zones/%s' % self.domain['id'], status=202) self.client.delete('/zones/%s' % self.domain['id'], status=202)
self._assert_exception('bad_request', 400, self.client.delete, url) self._assert_exception('bad_request', 400, self.client.delete, url)
def test_invalid_recordset_filter(self):
invalid_url = '/zones/%s/recordsets?action=NONE' % self.domain['id']
self._assert_exception(
'bad_request', 400, self.client.get, invalid_url)

View File

@ -192,3 +192,8 @@ class ApiV2TldsTest(ApiV2TestCase):
# Check that the correct number of tlds match # Check that the correct number of tlds match
self.assertEqual(correct_result, len(response.json['tlds'])) self.assertEqual(correct_result, len(response.json['tlds']))
def test_invalid_recordset_filter(self):
invalid_url = '/tlds?description=test'
self._assert_exception(
'bad_request', 400, self.client.get, invalid_url)

View File

@ -702,3 +702,8 @@ class ApiV2ZonesTest(ApiV2TestCase):
# Check that the correct number of zones match # Check that the correct number of zones match
self.assertEqual(correct_result, len(response.json['zones'])) self.assertEqual(correct_result, len(response.json['zones']))
def test_invalid_zones_filter(self):
invalid_url = '/zones?type=PRIMARY'
self._assert_exception(
'bad_request', 400, self.client.get, invalid_url)