Validate uuid-ness in v2 image entity

The image entity was allowing any string value to pass through in an image create operation. We should limit it strictly to UUID-like values. Fixes bug 1037725 Change-Id: I3f28d3f2dc5c0f63322efe250051874d7975ec1f
2012-08-16 15:07:14 -04:00 · 2012-08-16 15:07:14 -04:00 · d13cbcd6d8
commit d13cbcd6d8
parent c6b460837d
2 changed files with 8 additions and 1 deletions
--- a/glance/api/v2/images.py
+++ b/glance/api/v2/images.py
@ -378,7 +378,8 @@ _BASE_PROPERTIES = {
    'id': {
        'type': 'string',
        'description': 'An identifier for the image',
-        'maxLength': 36,
+        'pattern': ('^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}'
+                    '-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$'),
    },
    'name': {
        'type': 'string',
--- a/glance/tests/unit/v2/test_images_resource.py
+++ b/glance/tests/unit/v2/test_images_resource.py
@ -445,6 +445,12 @@ class TestImagesDeserializer(test_utils.BaseTestCase):
        expected = {'image': {'properties': {}}}
        self.assertEqual(expected, output)

+    def test_create_invalid_id(self):
+        request = unit_test_utils.get_fake_request()
+        request.body = json.dumps({'id': 'gabe'})
+        self.assertRaises(webob.exc.HTTPBadRequest, self.deserializer.create,
+                          request)
+
    def test_create_no_body(self):
        request = unit_test_utils.get_fake_request()
        self.assertRaises(webob.exc.HTTPBadRequest, self.deserializer.create,