From d13cbcd6d85a0dd67d88143686f8c83791ee79ff Mon Sep 17 00:00:00 2001 From: Brian Waldon Date: Thu, 16 Aug 2012 15:07:14 -0400 Subject: [PATCH] Validate uuid-ness in v2 image entity The image entity was allowing any string value to pass through in an image create operation. We should limit it strictly to UUID-like values. Fixes bug 1037725 Change-Id: I3f28d3f2dc5c0f63322efe250051874d7975ec1f --- glance/api/v2/images.py | 3 ++- glance/tests/unit/v2/test_images_resource.py | 6 ++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/glance/api/v2/images.py b/glance/api/v2/images.py index 5d58b8c945..9ff6110c8d 100644 --- a/glance/api/v2/images.py +++ b/glance/api/v2/images.py @@ -378,7 +378,8 @@ _BASE_PROPERTIES = { 'id': { 'type': 'string', 'description': 'An identifier for the image', - 'maxLength': 36, + 'pattern': ('^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}' + '-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$'), }, 'name': { 'type': 'string', diff --git a/glance/tests/unit/v2/test_images_resource.py b/glance/tests/unit/v2/test_images_resource.py index 750fdb66d3..0e15498d17 100644 --- a/glance/tests/unit/v2/test_images_resource.py +++ b/glance/tests/unit/v2/test_images_resource.py @@ -445,6 +445,12 @@ class TestImagesDeserializer(test_utils.BaseTestCase): expected = {'image': {'properties': {}}} self.assertEqual(expected, output) + def test_create_invalid_id(self): + request = unit_test_utils.get_fake_request() + request.body = json.dumps({'id': 'gabe'}) + self.assertRaises(webob.exc.HTTPBadRequest, self.deserializer.create, + request) + def test_create_no_body(self): request = unit_test_utils.get_fake_request() self.assertRaises(webob.exc.HTTPBadRequest, self.deserializer.create,