Prevent exception for invalidly encoded parameters

An exception occurs in the WebOb library when it tries to decode a
parameter that is not valid UTF8. To avoid this let's wrap the section
using the WebOb code and raise a ValidationError so the user gets
proper feedback instead of a UnknownError and a server 500 response.

Change-Id: I6781770a6c5b317eaef84064ef61b9c838d22bc2
Closes-Bug: 1485694

1 files changed, 11 insertions, 3 deletions

diff --git a/keystone/common/wsgi.py b/keystone/common/wsgi.py
index 5aa7c10fd..0dee954b4 100644
--- a/keystone/common/wsgi.py
+++ b/keystone/common/wsgi.py
@@ -197,7 +197,15 @@ class Application(BaseApplication):
 
         # allow middleware up the stack to provide context, params and headers.
         context = req.environ.get(CONTEXT_ENV, {})
-        context['query_string'] = dict(req.params.items())
+
+        try:
+            context['query_string'] = dict(req.params.items())
+        except UnicodeDecodeError as e:
+            # The webob package throws UnicodeError when a request cannot be
+            # decoded. Raise ValidationError instead to avoid an UnknownError.
+            msg = _('Query string is not UTF-8 encoded')
+            raise exception.ValidationError(msg)
+
         context['headers'] = dict(req.headers.items())
         context['path'] = req.environ['PATH_INFO']
         scheme = (None if not CONF.secure_proxy_ssl_header
@@ -213,8 +221,8 @@ class Application(BaseApplication):
         context['host_url'] = req.host_url
         params = req.environ.get(PARAMS_ENV, {})
         # authentication and authorization attributes are set as environment
-        # values by the container and processed by the pipeline.  the complete
-        # set is not yet know.
+        # values by the container and processed by the pipeline. The complete
+        # set is not yet known.
         context['environment'] = req.environ
         context['accept_header'] = req.accept
         req.environ = None