diff options
author | Vinod Mangalpally <vinod.mang@rackspace.com> | 2014-03-06 14:13:02 -0600 |
---|---|---|
committer | Vinod Mangalpally <vinod.mang@rackspace.com> | 2014-03-06 14:13:02 -0600 |
commit | 2d1babed861e02a37b34cc82a2a89b424f763783 (patch) | |
tree | d4476229403facb3d160a9f1fadb7047e55c2632 | |
parent | 120191f9cdb099e91d78a2628a5d366418ab138f (diff) | |
download | designate-2d1babed861e02a37b34cc82a2a89b424f763783.tar.gz |
Ensure that URL is valid while validating UUID
utils.validate_uuid() assumes that any URL after a valid first level
(like zones) is correct. Consequently it calls the function with
incorrect number of arguments.
We now check that the URL is correct by validating the number of
arguments the function expects against the number of arguments provided.
Get, patch and delete go through this code and return a 404. For the
same URL, POST however returns a 405. The 405 is returned by Pecan.
Change-Id: I004c8af2ae0af3c8467f4140c5855ea75966d0e7
Closes-Bug: 1288834
-rw-r--r-- | designate/tests/test_api/test_v2/test_zones.py | 11 | ||||
-rw-r--r-- | designate/utils.py | 9 |
2 files changed, 20 insertions, 0 deletions
diff --git a/designate/tests/test_api/test_v2/test_zones.py b/designate/tests/test_api/test_v2/test_zones.py index fc5260e5..3c1312e6 100644 --- a/designate/tests/test_api/test_v2/test_zones.py +++ b/designate/tests/test_api/test_v2/test_zones.py @@ -113,6 +113,17 @@ class ApiV2ZonesTest(ApiV2TestCase): 'unsupported_content_type', 415, self.client.post, '/zones', headers={'Content-type': 'test/goat'}) + def test_zone_invalid_url(self): + url = '/zones/2fdadfb1-cf96-4259-ac6b-bb7b6d2ff980/invalid' + self._assert_exception('not_found', 404, self.client.get, url, + headers={'Accept': 'application/json'}) + self._assert_exception('not_found', 404, self.client.patch_json, url) + self._assert_exception('not_found', 404, self.client.delete, url) + + # Pecan returns a 405 for post + response = self.client.post(url, status=405) + self.assertEqual(405, response.status_int) + def test_get_zones(self): response = self.client.get('/zones/') diff --git a/designate/utils.py b/designate/utils.py index df1d4cef..b14bb922 100644 --- a/designate/utils.py +++ b/designate/utils.py @@ -265,6 +265,15 @@ def validate_uuid(*check): def inner(f): def wrapper(*args, **kwargs): arg_spec = inspect.getargspec(f).args + + # Ensure that we have the exact number of parameters that the + # function expects. This handles URLs like + # /v2/zones/<UUID - valid or invalid>/invalid + # get, patch and delete return a 404, but Pecan returns a 405 + # for a POST at the same URL + if (len(arg_spec) != len(args)): + raise exceptions.NotFound() + for name in check: pos = arg_spec.index(name) if not is_uuid_like(args[pos]): |