Prevent client from overriding important headers.

The glance client offered the opportunity to override
important headers via the features parameter during image
creation or update.

Created a blacklist of unsupported features like:
content-length
content-type
x-image-meta-size

These headers should not be overriden by the client.

Fixes LP Bug #1023892

Change-Id: I14aac59e00a2672fd98f6dab221096ab5de86855

glance/common/exception.py

@@ -240,3 +240,7 @@ class SchemaLoadError(GlanceException):
 class InvalidObject(GlanceException):
     message = _("Provided object does not match schema "
                 "'%(schema)s': %(reason)s")
+
+
+class UnsupportedHeaderFeature(GlanceException):
+    message = _("Provided header feature is unsupported: %(feature)s")

glance/common/utils.py

@@ -43,6 +43,8 @@ import glance.openstack.common.log as logging
 
 LOG = logging.getLogger(__name__)
 
+FEATURE_BLACKLIST = ['content-length', 'content-type', 'x-image-meta-size']
+
 
 def chunkreadable(iter, chunk_size=65536):
     """
@@ -153,6 +155,8 @@ def add_features_to_http_headers(features, headers):
     """
     if features:
         for k, v in features.items():
+            if k.lower() in FEATURE_BLACKLIST:
+                raise exception.UnsupportedHeaderFeature(feature=k)
             if v is not None:
                 headers[k.lower()] = unicode(v)
 

glance/tests/unit/test_clients.py

@@ -2004,6 +2004,29 @@ class TestClient(base.IsolatedUnitTest):
                           fixture,
                           image_data_fixture)
 
+    def test_add_image_with_unsupported_feature(self):
+        """Tests that UnsupportedHeaderFeature is raised when image is added"""
+        fixture = {
+            'name': 'fake public image',
+            'is_public': True,
+            'disk_format': 'vhd',
+            'container_format': 'ovf',
+            'size': 19,
+            'location': "http://localhost/glance-tests/2"
+        }
+
+        feature_fixture = {
+            'content-type': 'bad content type',
+            'content-length': '0',
+            'x-image-meta-size': '0'
+        }
+
+        for k, v in feature_fixture.items():
+            self.assertRaises(exception.UnsupportedHeaderFeature,
+                              self.client.add_image,
+                              None,
+                              features={k: v})
+
     def test_update_image(self):
         """Tests that the /images PUT registry API updates the image"""
         fixture = {'name': 'fake public image #2',
@@ -2031,6 +2054,25 @@ class TestClient(base.IsolatedUnitTest):
                           _gen_uuid(),
                           fixture)
 
+    def test_update_image_with_unsupported_feature(self):
+        """Tests that UnsupportedHeaderFeature is raised during update"""
+        fixture = {
+            'name': 'fake public image #2'
+        }
+
+        feature_fixture = {
+            'content-type': 'bad content-type',
+            'content-length': '0',
+            'x-image-meta-size': '0'
+        }
+
+        for k, v in feature_fixture.items():
+            self.assertRaises(exception.UnsupportedHeaderFeature,
+                              self.client.update_image,
+                              UUID2,
+                              image_meta=fixture,
+                              features={k: v})
+
     def test_delete_image(self):
         """Tests that image metadata is deleted properly"""
         # Grab the original number of images