diff options
author | Jenkins <jenkins@review.openstack.org> | 2017-09-11 09:03:24 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2017-09-11 09:03:24 +0000 |
commit | d2862887eb7df503b2aecacc49df9bd4c1998426 (patch) | |
tree | 7c72658faed32d44f1e8b50fcf11d25329be0c54 /neutron/pecan_wsgi | |
parent | ca8650f65c6690093f75af06eced41be8bdf7f4a (diff) | |
parent | 444f802012d30d912f300ad05cdf201b8c48f347 (diff) | |
download | neutron-d2862887eb7df503b2aecacc49df9bd4c1998426.tar.gz |
Merge "Pecan: Add missing body validations"
Diffstat (limited to 'neutron/pecan_wsgi')
-rw-r--r-- | neutron/pecan_wsgi/controllers/resource.py | 11 | ||||
-rw-r--r-- | neutron/pecan_wsgi/controllers/utils.py | 9 | ||||
-rw-r--r-- | neutron/pecan_wsgi/hooks/body_validation.py | 12 | ||||
-rw-r--r-- | neutron/pecan_wsgi/hooks/notifier.py | 7 |
4 files changed, 29 insertions, 10 deletions
diff --git a/neutron/pecan_wsgi/controllers/resource.py b/neutron/pecan_wsgi/controllers/resource.py index 8737927229..2848a88f0b 100644 --- a/neutron/pecan_wsgi/controllers/resource.py +++ b/neutron/pecan_wsgi/controllers/resource.py @@ -15,7 +15,9 @@ from oslo_log import log as logging import pecan from pecan import request +import webob +from neutron._i18n import _ from neutron import manager from neutron.pecan_wsgi.controllers import utils @@ -70,6 +72,9 @@ class ItemController(utils.NeutronPecanController): @utils.when_delete(index) def delete(self): + if request.body: + msg = _("Request body is not supported in DELETE.") + raise webob.exc.HTTPBadRequest(msg) neutron_context = request.context['neutron_context'] deleter_args = [neutron_context, self.item] if 'parent_id' in request.context: @@ -145,7 +150,11 @@ class CollectionsController(utils.NeutronPecanController): @utils.when(index, method='POST') def post(self, *args, **kwargs): - # TODO(kevinbenton): emulated bulk! + if 'resources' not in request.context: + # user didn't specify any body, which is invalid for collections + msg = (_("Unable to find '%s' in request body") % + request.context['resource']) + raise webob.exc.HTTPBadRequest(msg) resources = request.context['resources'] pecan.response.status = 201 return self.create(resources) diff --git a/neutron/pecan_wsgi/controllers/utils.py b/neutron/pecan_wsgi/controllers/utils.py index 7cf6cd9f21..186ed7bda0 100644 --- a/neutron/pecan_wsgi/controllers/utils.py +++ b/neutron/pecan_wsgi/controllers/utils.py @@ -307,8 +307,8 @@ class ShimItemController(NeutronPecanController): shim_request = ShimRequest(request.context['neutron_context']) kwargs = request.context['uri_identifiers'] try: - kwargs['body'] = request.json - except ValueError: + kwargs['body'] = request.context['request_data'] + except KeyError: pass result = self.controller_update(shim_request, self.item, **kwargs) @@ -359,7 +359,7 @@ class ShimCollectionsController(NeutronPecanController): uri_identifiers = request.context['uri_identifiers'] args = [shim_request] if request.method == 'PUT': - args.append(request.json) + args.append(request.context.get('request_data')) result = controller_method(*args, **uri_identifiers) if not status: self._set_response_code(result, 'index') @@ -373,7 +373,8 @@ class ShimCollectionsController(NeutronPecanController): pecan.abort(405) shim_request = ShimRequest(request.context['neutron_context']) uri_identifiers = request.context['uri_identifiers'] - result = self.controller_create(shim_request, request.json, + result = self.controller_create(shim_request, + request.context.get('request_data'), **uri_identifiers) self._set_response_code(result, 'create') return result diff --git a/neutron/pecan_wsgi/hooks/body_validation.py b/neutron/pecan_wsgi/hooks/body_validation.py index 621d485a4a..2df06e56d8 100644 --- a/neutron/pecan_wsgi/hooks/body_validation.py +++ b/neutron/pecan_wsgi/hooks/body_validation.py @@ -16,7 +16,9 @@ from oslo_log import log from oslo_serialization import jsonutils from pecan import hooks +import webob.exc +from neutron._i18n import _ from neutron.api.v2 import base as v2_base from neutron.pecan_wsgi.hooks import utils @@ -37,13 +39,15 @@ class BodyValidationHook(hooks.PecanHook): if not resource: return + if not state.request.body: + return try: json_data = jsonutils.loads(state.request.body) + if not isinstance(json_data, dict): + raise ValueError() except ValueError: - LOG.debug("No JSON Data in %(method)s request for %(collection)s", - {'method': state.request.method, - 'collections': collection}) - return + msg = _("Body contains invalid data") + raise webob.exc.HTTPBadRequest(msg) # Raw data are consumed by member actions such as add_router_interface state.request.context['request_data'] = json_data if not (resource in json_data or collection in json_data): diff --git a/neutron/pecan_wsgi/hooks/notifier.py b/neutron/pecan_wsgi/hooks/notifier.py index dfff55b43e..84a3ac5d4d 100644 --- a/neutron/pecan_wsgi/hooks/notifier.py +++ b/neutron/pecan_wsgi/hooks/notifier.py @@ -47,7 +47,12 @@ class NotifierHook(hooks.PecanHook): if action in ('create', 'update'): # notifier just gets plain old body without any treatment other # than the population of the object ID being operated on - payload = state.request.json.copy() + try: + payload = state.request.json.copy() + if not payload: + return + except ValueError: + return if action == 'update': payload['id'] = state.request.context.get('resource_id') elif action == 'delete': |