Browse Source

Fix member create to handle unicode characters

If user passes member id as unicode characters in member create then
HTTP 500 internal server error is raised.
Reason: The unicode format check is not performed in db create member.

This patch fixes the member create by checking member id before
inserting in db. If member id is unicode then proper exception
is raised and same is handled in controller api.

Change-Id: I67be5e990d1269cbb986db7fff21a90a41af06e4
Closes-Bug: #1688189
tags/16.0.0.0b3
neha.pandey Brian Rosmaita 3 years ago
parent
commit
05e9bdb656
4 changed files with 10 additions and 0 deletions
  1. +2
    -0
      glance/api/v2/image_members.py
  2. +1
    -0
      glance/db/simple/api.py
  3. +1
    -0
      glance/db/sqlalchemy/api.py
  4. +6
    -0
      glance/tests/unit/v2/test_image_members_resource.py

+ 2
- 0
glance/api/v2/image_members.py View File

@@ -116,6 +116,8 @@ class ImageMembersController(object):
member_id)
member_repo.add(new_member)
return new_member
except exception.Invalid as e:
raise webob.exc.HTTPBadRequest(explanation=e.msg)
except exception.Forbidden:
msg = _("Not allowed to create members for image %s.") % image_id
LOG.warning(msg)


+ 1
- 0
glance/db/simple/api.py View File

@@ -538,6 +538,7 @@ def image_member_count(context, image_id):


@log_call
@utils.no_4byte_params
def image_member_create(context, values):
member = _image_member_format(values['image_id'],
values['member'],


+ 1
- 0
glance/db/sqlalchemy/api.py View File

@@ -1072,6 +1072,7 @@ def _image_property_delete_all(context, image_id, delete_time=None,
return props_updated_count


@utils.no_4byte_params
def image_member_create(context, values, session=None):
"""Create an ImageMember object."""
memb_ref = models.ImageMember()


+ 6
- 0
glance/tests/unit/v2/test_image_members_resource.py View File

@@ -279,6 +279,12 @@ class TestImageMembersController(test_utils.BaseTestCase):
self.assertEqual(UUID2, output.image_id)
self.assertEqual(TENANT3, output.member_id)

def test_member_create_raises_bad_request_for_unicode_value(self):
request = unit_test_utils.get_fake_request()
self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create,
request, image_id=UUID5,
member_id=u'\U0001f693')

def test_update_done_by_member(self):
request = unit_test_utils.get_fake_request(tenant=TENANT4)
image_id = UUID2


Loading…
Cancel
Save