[Placement] Invalid query parameter could lead to HTTP 500
Invalid query parameter could lead to HTTP 500, although Placement used JSON Schema verification to check input query params, but query like: GET allocation_candidates?limit=%88 will still lead to HTTP 500, as it failed to parse at webob which is pre JSON Schema check. Change-Id: Iba8d29cb442c610de53e70c81533a8e1243d12dc Partial-bug: #1746202
This commit is contained in:
parent
7f3c2f5fd4
commit
ee5107a00a
@ -201,9 +201,11 @@ def trait_url(environ, trait):
|
||||
|
||||
def validate_query_params(req, schema):
|
||||
try:
|
||||
# NOTE(Kevin_Zheng): The webob package throws UnicodeError when
|
||||
# param cannot be decoded. Catch this and raise HTTP 400.
|
||||
jsonschema.validate(dict(req.GET), schema,
|
||||
format_checker=jsonschema.FormatChecker())
|
||||
except jsonschema.ValidationError as exc:
|
||||
except (jsonschema.ValidationError, UnicodeDecodeError) as exc:
|
||||
raise webob.exc.HTTPBadRequest(
|
||||
_('Invalid query string parameters: %(exc)s') %
|
||||
{'exc': exc})
|
||||
|
@ -21,6 +21,7 @@ from oslo_middleware import request_id
|
||||
from oslo_utils import timeutils
|
||||
import webob
|
||||
|
||||
import six
|
||||
import six.moves.urllib.parse as urlparse
|
||||
|
||||
from nova.api.openstack.placement import lib as pl
|
||||
@ -146,6 +147,22 @@ class TestExtractJSON(test.NoDBTestCase):
|
||||
self.assertEqual(uuidsentinel.rp_uuid, data['uuid'])
|
||||
|
||||
|
||||
class QueryParamsSchemaTestCase(test.NoDBTestCase):
|
||||
|
||||
def test_validate_request(self):
|
||||
schema = {
|
||||
'type': 'object',
|
||||
'properties': {
|
||||
'foo': {'type': 'string'}
|
||||
},
|
||||
'additionalProperties': False}
|
||||
req = webob.Request.blank('/test?foo=%88')
|
||||
error = self.assertRaises(webob.exc.HTTPBadRequest,
|
||||
util.validate_query_params,
|
||||
req, schema)
|
||||
self.assertIn('Invalid query string parameters', six.text_type(error))
|
||||
|
||||
|
||||
class TestJSONErrorFormatter(test.NoDBTestCase):
|
||||
|
||||
def setUp(self):
|
||||
|
Loading…
x
Reference in New Issue
Block a user