From d950949b9023669f037e406a6bd930e1d626f109 Mon Sep 17 00:00:00 2001 From: Hongbin Lu Date: Thu, 5 Jul 2018 20:26:07 +0000 Subject: [PATCH] Ensure request's object type is dict Handle an edge case that API users send a POST/PUT request with invalid data in request body. Closes-Bug: #1780327 Change-Id: I3877c18a18ac506dc8f4a9ded2a18b53b9f6cfae --- neutron/api/v2/base.py | 3 +++ neutron/tests/unit/api/v2/test_base.py | 8 ++++++++ 2 files changed, 11 insertions(+) diff --git a/neutron/api/v2/base.py b/neutron/api/v2/base.py index 2f6ca1c230e..ef4f3ee1689 100644 --- a/neutron/api/v2/base.py +++ b/neutron/api/v2/base.py @@ -710,6 +710,9 @@ class Controller(object): if res_dict is None: msg = _("Unable to find '%s' in request body") % resource raise webob.exc.HTTPBadRequest(msg) + if not isinstance(res_dict, dict): + msg = _("Object '%s' contains invalid data") % resource + raise webob.exc.HTTPBadRequest(msg) attr_ops = attributes.AttributeInfo(attr_info) attr_ops.populate_project_id(context, res_dict, is_create) diff --git a/neutron/tests/unit/api/v2/test_base.py b/neutron/tests/unit/api/v2/test_base.py index f71962fa235..658aab793c3 100644 --- a/neutron/tests/unit/api/v2/test_base.py +++ b/neutron/tests/unit/api/v2/test_base.py @@ -832,6 +832,14 @@ class JSONV2TestCase(APIv2TestBase, testlib_api.WebTestCase): data = {} self._test_create_failure_bad_request('networks', data) + def test_create_object_string_not_json(self): + data = {'network': 'a string'} + self._test_create_failure_bad_request('networks', data) + + def test_create_object_boolean_not_json(self): + data = {'network': True} + self._test_create_failure_bad_request('networks', data) + def test_create_missing_attr(self): data = {'port': {'what': 'who', 'tenant_id': _uuid()}} self._test_create_failure_bad_request('ports', data)