almalinux/lorax
12
0
Fork 0
Code Issues Pull Requests Releases Activity

lorax-composer: Check for valid characters in the undo commit

Browse Source 
Return an error 400 with INVALID_CHARS if the commit characters are not
in the allowed list.
This commit is contained in:
Brian C. Lane 2020-05-28 09:39:23 -07:00
parent 564f78e629
commit 74f8cd4f34
2 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/pylorax/api/v0.py
View File

@ -507,6 +507,9 @@ def v0_blueprints_undo(blueprint_name, commit):
if VALID_BLUEPRINT_NAME.match(blueprint_name) is None: if VALID_BLUEPRINT_NAME.match(blueprint_name) is None:
return jsonify(status=False, errors=[{"id": INVALID_CHARS, "msg": "Invalid characters in API path"}]), 400 return jsonify(status=False, errors=[{"id": INVALID_CHARS, "msg": "Invalid characters in API path"}]), 400
if VALID_BLUEPRINT_NAME.match(commit) is None:
return jsonify(status=False, errors=[{"id": INVALID_CHARS, "msg": "Invalid characters in API path"}]), 400
branch = request.args.get("branch", "master") branch = request.args.get("branch", "master")
if VALID_API_STRING.match(branch) is None: if VALID_API_STRING.match(branch) is None:
return jsonify(status=False, errors=[{"id": INVALID_CHARS, "msg": "Invalid characters in branch argument"}]), 400 return jsonify(status=False, errors=[{"id": INVALID_CHARS, "msg": "Invalid characters in branch argument"}]), 400

3
tests/pylorax/test_server.py
View File

@ -1530,6 +1530,9 @@ class ServerAPIV0TestCase(unittest.TestCase):
resp = self.server.post("/api/v0/blueprints/undo/" + UTF8_TEST_STRING + "/deadbeef") resp = self.server.post("/api/v0/blueprints/undo/" + UTF8_TEST_STRING + "/deadbeef")
self.assertInputError(resp) self.assertInputError(resp)
resp = self.server.post("/api/v0/blueprints/undo/example-http-server/" + UTF8_TEST_STRING)
self.assertInputError(resp)
resp = self.server.post("/api/v0/blueprints/undo/example-http-server/deadbeef?branch=" + UTF8_TEST_STRING) resp = self.server.post("/api/v0/blueprints/undo/example-http-server/deadbeef?branch=" + UTF8_TEST_STRING)
self.assertInputError(resp) self.assertInputError(resp)