Browse Source

middleware: return HTTPBadRequest when path is invalid

Gracefully handle paths that are invalid UTF-8 by returning HTTP error
400 instead of an Internal Server Error.

Change-Id: I3b30e4d64e758eefd85f7a70fc645db69991b3d7
Task: 26379
changes/25/601525/1
Benoît Knecht 3 years ago
parent
commit
fafdd06bfd
  1. 7
      heat/api/middleware/version_negotiation.py
  2. 9
      heat/tests/api/middleware/test_version_negotiation_middleware.py

7
heat/api/middleware/version_negotiation.py

@ -41,6 +41,13 @@ class VersionNegotiationFilter(wsgi.Middleware):
return the correct API controller, otherwise, if we
find an Accept: header, process it
"""
# Make sure the request path is valid UTF-8
try:
req.path
except UnicodeDecodeError:
return webob.exc.HTTPBadRequest()
# See if a version identifier is in the URI passed to
# us already. If so, simply return the right version
# API controller

9
heat/tests/api/middleware/test_version_negotiation_middleware.py

@ -136,3 +136,12 @@ class VersionNegotiationMiddlewareTest(common.HeatTestCase):
response = version_negotiation.process_request(request)
self.assertIsInstance(response, webob.exc.HTTPNotFound)
def test_invalid_utf8_path(self):
version_negotiation = vn.VersionNegotiationFilter(
self._version_controller_factory, None, None)
request = webob.Request.blank('/%c0')
response = version_negotiation.process_request(request)
self.assertIsInstance(response, webob.exc.HTTPBadRequest)
Loading…
Cancel
Save