middleware: return HTTPBadRequest when path is invalid

Gracefully handle paths that are invalid UTF-8 by returning HTTP error 400 instead of an Internal Server Error. Change-Id: I3b30e4d64e758eefd85f7a70fc645db69991b3d7 Task: 26379
2018-09-11 11:18:53 +02:00 · 2018-09-11 11:18:53 +02:00 · fafdd06bfd
parent fc9848eb9a
commit fafdd06bfd
2 changed files with 16 additions and 0 deletions
--- a/heat/api/middleware/version_negotiation.py
+++ b/heat/api/middleware/version_negotiation.py
@ -41,6 +41,13 @@ class VersionNegotiationFilter(wsgi.Middleware):
        return the correct API controller, otherwise, if we
        find an Accept: header, process it
        """
+
+        # Make sure the request path is valid UTF-8
+        try:
+            req.path
+        except UnicodeDecodeError:
+            return webob.exc.HTTPBadRequest()
+
        # See if a version identifier is in the URI passed to
        # us already. If so, simply return the right version
        # API controller
--- a/heat/tests/api/middleware/test_version_negotiation_middleware.py
+++ b/heat/tests/api/middleware/test_version_negotiation_middleware.py
@ -136,3 +136,12 @@ class VersionNegotiationMiddlewareTest(common.HeatTestCase):
        response = version_negotiation.process_request(request)

        self.assertIsInstance(response, webob.exc.HTTPNotFound)
+
+    def test_invalid_utf8_path(self):
+        version_negotiation = vn.VersionNegotiationFilter(
+            self._version_controller_factory, None, None)
+        request = webob.Request.blank('/%c0')
+
+        response = version_negotiation.process_request(request)
+
+        self.assertIsInstance(response, webob.exc.HTTPBadRequest)