Allow CONTENT_LENGTH to be present but empty
The CONTENT_LENGTH environ can be present, but empty, which returns None, and causes a ValueError when attempting to use .int(). This patch removes the setting of CONTENT_LENGTH to an integer, but instead ensures that if CONTENT_LENGTH is not empty it is an integer, to prevent a situation where a bogus "CONTENT_LENGTH" header is specified. Additionally, as the CONTENT_TYPE environ can similarly be present but empty, we should .get() it in a similar fashion to ensure it isn't present but None when CONTENT_LENGTH is specified. Change-Id: I66b6f9afbea8bf037997a59ba0b976f83c9825fb Closes-Bug: #1681843
This commit is contained in:
parent
2ad983a22c
commit
49a409031b
@ -177,12 +177,18 @@ class PlacementHandler(object):
|
|||||||
raise webob.exc.HTTPForbidden(
|
raise webob.exc.HTTPForbidden(
|
||||||
_('admin required'),
|
_('admin required'),
|
||||||
json_formatter=util.json_error_formatter)
|
json_formatter=util.json_error_formatter)
|
||||||
# Check that an incoming request with a content-length
|
# Check that an incoming request with a content-length header
|
||||||
# header also has a content-type header. If not raise a 400.
|
# that is an integer > 0 and not empty, also has a content-type
|
||||||
if int(environ.get('CONTENT_LENGTH', 0)):
|
# header that is not empty. If not raise a 400.
|
||||||
if 'CONTENT_TYPE' not in environ:
|
clen = environ.get('CONTENT_LENGTH')
|
||||||
|
try:
|
||||||
|
if clen and (int(clen) > 0) and not environ.get('CONTENT_TYPE'):
|
||||||
raise webob.exc.HTTPBadRequest(
|
raise webob.exc.HTTPBadRequest(
|
||||||
_('content-type header required'),
|
_('content-type header required when content-length > 0'),
|
||||||
|
json_formatter=util.json_error_formatter)
|
||||||
|
except ValueError as exc:
|
||||||
|
raise webob.exc.HTTPBadRequest(
|
||||||
|
_('content-length header must be an integer'),
|
||||||
json_formatter=util.json_error_formatter)
|
json_formatter=util.json_error_formatter)
|
||||||
try:
|
try:
|
||||||
return dispatch(environ, start_response, self._map)
|
return dispatch(environ, start_response, self._map)
|
||||||
|
@ -142,3 +142,42 @@ class DeclarationsTest(test.NoDBTestCase):
|
|||||||
environ = _environ(path='')
|
environ = _environ(path='')
|
||||||
result = self.mapper.match(environ=environ)
|
result = self.mapper.match(environ=environ)
|
||||||
self.assertEqual(root.home, result['action'])
|
self.assertEqual(root.home, result['action'])
|
||||||
|
|
||||||
|
|
||||||
|
class ContentHeadersTest(test.NoDBTestCase):
|
||||||
|
|
||||||
|
def setUp(self):
|
||||||
|
super(ContentHeadersTest, self).setUp()
|
||||||
|
self.environ = _environ(path='/')
|
||||||
|
self.app = handler.PlacementHandler()
|
||||||
|
|
||||||
|
def test_no_content_type(self):
|
||||||
|
self.environ['CONTENT_LENGTH'] = '10'
|
||||||
|
self.assertRaisesRegex(webob.exc.HTTPBadRequest,
|
||||||
|
"content-type header required when "
|
||||||
|
"content-length > 0", self.app,
|
||||||
|
self.environ, start_response)
|
||||||
|
|
||||||
|
def test_non_integer_content_length(self):
|
||||||
|
self.environ['CONTENT_LENGTH'] = 'foo'
|
||||||
|
self.assertRaisesRegex(webob.exc.HTTPBadRequest,
|
||||||
|
"content-length header must be an integer",
|
||||||
|
self.app, self.environ, start_response)
|
||||||
|
|
||||||
|
def test_empty_content_type(self):
|
||||||
|
self.environ['CONTENT_LENGTH'] = '10'
|
||||||
|
self.environ['CONTENT_TYPE'] = ''
|
||||||
|
self.assertRaisesRegex(webob.exc.HTTPBadRequest,
|
||||||
|
"content-type header required when "
|
||||||
|
"content-length > 0", self.app,
|
||||||
|
self.environ, start_response)
|
||||||
|
|
||||||
|
def test_empty_content_length_and_type_works(self):
|
||||||
|
self.environ['CONTENT_LENGTH'] = ''
|
||||||
|
self.environ['CONTENT_TYPE'] = ''
|
||||||
|
self.app(self.environ, start_response)
|
||||||
|
|
||||||
|
def test_content_length_and_type_works(self):
|
||||||
|
self.environ['CONTENT_LENGTH'] = '10'
|
||||||
|
self.environ['CONTENT_TYPE'] = 'foo'
|
||||||
|
self.app(self.environ, start_response)
|
||||||
|
Loading…
x
Reference in New Issue
Block a user