Validate JSON content type before parsing manager PATCH requests

This patch removes the "force=True" parameter in the get_json() method. This allows flask to enforce the requirement for a valid Content-Type header and properly formatted JSON payloads. When the request doesn't meet the conditions, flask automatically raises a 400 Bad request. This prevents unexpected errors caused by malformed or non-JSON input. A try-except block has been added to catch and log the error with a clear message. Unit tests have been added to verify both valid and invalid cases. Signed-off-by: Queensly Kyerewaa Acheampongmaa <qacheampong@gmail.com> Change-Id: I0d5b18a92939d26cba565c6226d5713e9e7735b6
2025-07-14 12:09:17 +00:00
parent 44c6662a6d
commit 4d7850318e
2 changed files with 35 additions and 1 deletions
--- a/sushy_tools/emulator/main.py
+++ b/sushy_tools/emulator/main.py
@@ -405,8 +405,15 @@ def manager_resource(identity):
    elif flask.request.method == "PATCH":
        if app.feature_set != "full":
            raise error.MethodNotAllowed("PATCH not supported in minimum mode")
+        try:
+            data = flask.request.get_json()
+        except wz_exc.BadRequest:
+            app.logger.error(
+                "PATCH method missing in /Managers/%s due to invalid JSON",
+                identity
+            )
+            raise error.BadRequest("Request must be a valid JSON")

-        data = flask.request.get_json(force=True)
        new_datetime = data.get("DateTime")
        new_offset = data.get("DateTimeLocalOffset")

--- a/sushy_tools/tests/unit/emulator/test_main.py
+++ b/sushy_tools/tests/unit/emulator/test_main.py
@@ -238,6 +238,33 @@ class ManagersTestCase(EmulatorTestCase):
        self.assertEqual({'@odata.id': '/redfish/v1/Systems/xxx/VirtualMedia'},
                         response.json['VirtualMedia'])

+    @patch_resource('managers')
+    def test_manager_resource_patch_valid_json(self, managers_mock):
+        managers_mock = managers_mock.return_value
+        managers_mock.set_datetime.return_value = None
+
+        payload = {
+            "DateTime": "2025-07-14T11:30:00+00:00",
+            "DateTimeLocalOffset": "+00:00"}
+
+        response = self.app.patch(
+            '/redfish/v1/Managers/xxxx-yyyy-zzzz',
+            json=payload)
+
+        self.assertEqual(204, response.status_code)
+
+    @patch_resource('managers')
+    def test_manager_resource_patch_invalid_json(self, managers_mock):
+        managers_mock = managers_mock.return_value
+        managers_mock.set_datetime.return_value = None
+
+        response = self.app.patch(
+            '/redfish/v1/Managers/xxxx-yyyy-zzzz',
+            data='not-json',
+            content_type='application/json')
+
+        self.assertEqual(400, response.status_code)
+
    @patch_resource('managers')
    def test_manager_resource_get_reduced_feature_set(self, managers_mock):
        self.set_feature_set("vmedia")