openstack/sushy-tools
Code Issues Proposed changes

Validate JSON content type before parsing manager PATCH requests

Browse Source 
This patch removes the "force=True" parameter in the get_json() method.
This allows flask to enforce the requirement for a valid Content-Type
header and properly formatted JSON payloads.

When the request doesn't meet the conditions, flask
automatically raises a 400 Bad request. This prevents unexpected errors
caused by malformed or non-JSON input.

A try-except block has been added to catch and log the error with a
clear message.

Unit tests have been added to verify both valid and invalid cases.

Signed-off-by: Queensly Kyerewaa Acheampongmaa <qacheampong@gmail.com>
Change-Id: I0d5b18a92939d26cba565c6226d5713e9e7735b6
This commit is contained in:
Queensly Acheampongmaa
2025-07-14 12:09:17 +00:00
parent 44c6662a6d
commit 4d7850318e
2 changed files with 35 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
sushy_tools/emulator/main.py
View File

@@ -405,8 +405,15 @@ def manager_resource(identity):
elif flask.request.method == "PATCH": elif flask.request.method == "PATCH":
if app.feature_set != "full": if app.feature_set != "full":
raise error.MethodNotAllowed("PATCH not supported in minimum mode") raise error.MethodNotAllowed("PATCH not supported in minimum mode")
try:
data = flask.request.get_json()
except wz_exc.BadRequest:
app.logger.error(
"PATCH method missing in /Managers/%s due to invalid JSON",
identity
)
raise error.BadRequest("Request must be a valid JSON")
data = flask.request.get_json(force=True)
new_datetime = data.get("DateTime") new_datetime = data.get("DateTime")
new_offset = data.get("DateTimeLocalOffset") new_offset = data.get("DateTimeLocalOffset")

27
sushy_tools/tests/unit/emulator/test_main.py
View File

@@ -238,6 +238,33 @@ class ManagersTestCase(EmulatorTestCase):
self.assertEqual({'@odata.id': '/redfish/v1/Systems/xxx/VirtualMedia'}, self.assertEqual({'@odata.id': '/redfish/v1/Systems/xxx/VirtualMedia'},
response.json['VirtualMedia']) response.json['VirtualMedia'])
@patch_resource('managers')
def test_manager_resource_patch_valid_json(self, managers_mock):
managers_mock = managers_mock.return_value
managers_mock.set_datetime.return_value = None
payload = {
"DateTime": "2025-07-14T11:30:00+00:00",
"DateTimeLocalOffset": "+00:00"}
response = self.app.patch(
'/redfish/v1/Managers/xxxx-yyyy-zzzz',
json=payload)
self.assertEqual(204, response.status_code)
@patch_resource('managers')
def test_manager_resource_patch_invalid_json(self, managers_mock):
managers_mock = managers_mock.return_value
managers_mock.set_datetime.return_value = None
response = self.app.patch(
'/redfish/v1/Managers/xxxx-yyyy-zzzz',
data='not-json',
content_type='application/json')
self.assertEqual(400, response.status_code)
@patch_resource('managers') @patch_resource('managers')
def test_manager_resource_get_reduced_feature_set(self, managers_mock): def test_manager_resource_get_reduced_feature_set(self, managers_mock):
self.set_feature_set("vmedia") self.set_feature_set("vmedia")