almalinux/lorax
13
0
Fork 0
Code Issues Pull Requests Releases Activity

lorax-composer: Check compose/status for invalid characters

Browse Source
This commit is contained in:
Brian C. Lane 2020-05-28 14:23:57 -07:00
parent 9a76c20c6b
commit 019cac8a7c
2 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/pylorax/api/v0.py
View File

@ -1649,6 +1649,11 @@ def v0_compose_status(uuids):
status = request.args.get("status", None)
compose_type = request.args.get("type", None)
# Check the arguments for invalid characters
for a in [blueprint, status, compose_type]:
if a is not None and VALID_API_STRING.match(a) is None:
return jsonify(status=False, errors=[{"id": INVALID_CHARS, "msg": "Invalid characters in API path"}]), 400
results = []
errors = []

9
tests/pylorax/test_server.py
View File

@ -1638,6 +1638,15 @@ class ServerAPIV0TestCase(unittest.TestCase):
resp = self.server.get("/api/v0/compose/status/" + UTF8_TEST_STRING)
self.assertInputError(resp)
resp = self.server.get("/api/v0/compose/status/*?blueprint=" + UTF8_TEST_STRING)
self.assertInputError(resp)
resp = self.server.get("/api/v0/compose/status/*?status=" + UTF8_TEST_STRING)
self.assertInputError(resp)
resp = self.server.get("/api/v0/compose/status/*?type=" + UTF8_TEST_STRING)
self.assertInputError(resp)
def test_compose_cancel_input(self):
"""Test the compose/cancel input character checking"""
resp = self.server.delete("/api/v0/compose/cancel/" + UTF8_TEST_STRING)