Protect against generating empty patch

If a user attempts to generate a patch without specifying any packages, raise an exception to avoid malformed patches. Additionally, very small files (like a patch with no packages) appear to be handled differently by the API handler, passing a cStringIO object for small files and a file object for files that are about 1K or larger. For robustness, the upload handler is updated to do a hasattr('fileno') check in order to protect against an unhandled exception for small files. Change-Id: Ie1e730a183a27850ba8567f31aea603459b59d45 Closes-Bug: 1803022 Signed-off-by: Don Penney <don.penney@windriver.com>
2019-03-14 13:57:16 -04:00 · 2019-03-14 13:57:16 -04:00 · 8055fcbe51
parent 2fc8ef2f21
commit 8055fcbe51
2 changed files with 24 additions and 17 deletions
--- a/cgcs-patch/cgcs-patch/cgcs_patch/api/controllers/root.py
+++ b/cgcs-patch/cgcs-patch/cgcs_patch/api/controllers/root.py
@ -96,24 +96,28 @@ class PatchAPIController(object):
            return dict(error="Error: No file uploaded")

        fn = '/scratch/' + os.path.basename(fileitem.filename)
-        # This technique cannot copy a very large file. It
-        # requires a lot of memory as all data from the
-        # source file is read into memory then written to
-        # the destination file one chunk
-        # open(fn, 'wb').write(fileitem.file.read())

-        # Copying file by chunks using OS system calls
-        # requires much less memory. A larger chunk
-        # size can be used to improve the copy speed;
-        # currently 64K chunk size is selected
-        dst = os.open(fn, os.O_WRONLY | os.O_CREAT)
-        src = fileitem.file.fileno()
-        size = 64 * 1024
-        n = size
-        while n >= size:
-            s = os.read(src, size)
-            n = os.write(dst, s)
-        os.close(dst)
+        if hasattr(fileitem.file, 'fileno'):
+            # This technique cannot copy a very large file. It
+            # requires a lot of memory as all data from the
+            # source file is read into memory then written to
+            # the destination file one chunk
+            # open(fn, 'wb').write(fileitem.file.read())
+
+            # Copying file by chunks using OS system calls
+            # requires much less memory. A larger chunk
+            # size can be used to improve the copy speed;
+            # currently 64K chunk size is selected
+            dst = os.open(fn, os.O_WRONLY | os.O_CREAT)
+            src = fileitem.file.fileno()
+            size = 64 * 1024
+            n = size
+            while n >= size:
+                s = os.read(src, size)
+                n = os.write(dst, s)
+            os.close(dst)
+        else:
+            open(fn, 'wb').write(fileitem.file.read())

        try:
            result = pc.patch_import_api([fn])
--- a/cgcs-patch/cgcs-patch/cgcs_patch/patch_functions.py
+++ b/cgcs-patch/cgcs-patch/cgcs_patch/patch_functions.py
@ -763,6 +763,9 @@ class PatchFile:
        if self.meta.sw_version is None or self.meta.sw_version == '':
            raise MetadataFail("The release version must be specified in the sw_version field")

+        if not self.rpmlist:
+            raise MetadataFail("Cannot generate empty patch")
+
        patchfile = "%s/%s.patch" % (outdir, self.meta.id)

        # Create a temporary working directory