Fix member create to handle unicode characters

If user passes member id as unicode characters in member create then HTTP 500 internal server error is raised. Reason: The unicode format check is not performed in db create member. This patch fixes the member create by checking member id before inserting in db. If member id is unicode then proper exception is raised and same is handled in controller api. Change-Id: I67be5e990d1269cbb986db7fff21a90a41af06e4 Closes-Bug: #1688189
2017-05-04 16:53:08 +05:30 · 2017-05-04 16:53:08 +05:30 · 05e9bdb656
commit 05e9bdb656
parent af7b564ac3
4 changed files with 10 additions and 0 deletions
--- a/glance/api/v2/image_members.py
+++ b/glance/api/v2/image_members.py
@ -116,6 +116,8 @@ class ImageMembersController(object):
                                                               member_id)
            member_repo.add(new_member)
            return new_member
+        except exception.Invalid as e:
+            raise webob.exc.HTTPBadRequest(explanation=e.msg)
        except exception.Forbidden:
            msg = _("Not allowed to create members for image %s.") % image_id
            LOG.warning(msg)
--- a/glance/db/simple/api.py
+++ b/glance/db/simple/api.py
@ -538,6 +538,7 @@ def image_member_count(context, image_id):


@log_call
+@utils.no_4byte_params
 def image_member_create(context, values):
    member = _image_member_format(values['image_id'],
                                  values['member'],
--- a/glance/db/sqlalchemy/api.py
+++ b/glance/db/sqlalchemy/api.py
@ -1072,6 +1072,7 @@ def _image_property_delete_all(context, image_id, delete_time=None,
    return props_updated_count


+@utils.no_4byte_params
 def image_member_create(context, values, session=None):
    """Create an ImageMember object."""
    memb_ref = models.ImageMember()
--- a/glance/tests/unit/v2/test_image_members_resource.py
+++ b/glance/tests/unit/v2/test_image_members_resource.py
@ -279,6 +279,12 @@ class TestImageMembersController(test_utils.BaseTestCase):
        self.assertEqual(UUID2, output.image_id)
        self.assertEqual(TENANT3, output.member_id)

+    def test_member_create_raises_bad_request_for_unicode_value(self):
+        request = unit_test_utils.get_fake_request()
+        self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create,
+                          request, image_id=UUID5,
+                          member_id=u'\U0001f693')
+
    def test_update_done_by_member(self):
        request = unit_test_utils.get_fake_request(tenant=TENANT4)
        image_id = UUID2