Commit 270beab5 authored by Christos Stavrakakis's avatar Christos Stavrakakis
Browse files

plankton: Validate parameters and catch assertions

parent e9dc3344
......@@ -63,6 +63,8 @@ from operator import itemgetter
from django.conf import settings
from django.utils import importlib
from pithos.backends.base import NotAllowedError, VersionNotExists
from synnefo.util.text import uenc
logger = logging.getLogger(__name__)
......@@ -100,10 +102,14 @@ def create_url(account, container, name):
def split_url(url):
"""Returns (accout, container, object) from a url string"""
t = url.split('/', 4)
assert t[0] == "pithos:", "Invalid url"
assert len(t) == 5, "Invalid url"
return t[2:5]
try:
assert(isinstance(url, basestring))
t = url.split('/', 4)
assert t[0] == "pithos:", "Invalid url"
assert len(t) == 5, "Invalid url"
return t[2:5]
except AssertionError:
raise InvalidLocation("Invalid location '%s" % url)
def format_timestamp(t):
......@@ -205,7 +211,8 @@ class ImageBackend(object):
"""Update object's metadata."""
account, container, name = split_url(image_url)
prefixed = [(PLANKTON_PREFIX + k, v) for k, v in meta.items()
prefixed = [(PLANKTON_PREFIX + uenc(k), uenc(v))
for k, v in meta.items()
if k in PLANKTON_META or k.startswith(PROPERTY_PREFIX)]
prefixed = dict(prefixed)
......@@ -484,6 +491,10 @@ class InvalidMetadata(ImageBackendError):
pass
class InvalidLocation(ImageBackendError):
pass
def image_to_dict(image_url, meta, permissions):
"""Render an image to a dictionary"""
account, container, name = split_url(image_url)
......
......@@ -42,9 +42,10 @@ from django.http import HttpResponse
from snf_django.lib import api
from snf_django.lib.api import faults
from synnefo.lib.text import uenc
from synnefo.plankton.utils import image_backend
from synnefo.plankton.backend import split_url
from synnefo.util.text import uenc
from synnefo.plankton.backend import split_url, InvalidLocation
FILTERS = ('name', 'container_format', 'disk_format', 'status', 'size_min',
'size_max')
......@@ -139,18 +140,21 @@ def add_image(request):
params = _get_image_headers(request)
log.debug('add_image %s', params)
assert 'name' in params
assert set(params.keys()).issubset(set(ADD_FIELDS))
if not set(params.keys()).issubset(set(ADD_FIELDS)):
raise faults.BadRequest("Invalid parameters")
name = params.pop('name')
if len(uenc(name)) < 1:
if name is None:
raise faults.BadRequest("Image 'name' parameter is required")
elif len(uenc(name)) == 0:
raise faults.BadRequest("Invalid image name")
location = params.pop('location', None)
if location is None:
raise faults.BadRequest("'location' parameter is required")
try:
split_url(location)
except AssertionError:
except InvalidLocation:
raise faults.BadRequest("Invalid location '%s'" % location)
if location:
......@@ -284,8 +288,10 @@ def list_images(request, detail=False):
params.setdefault('sort_key', 'created_at')
params.setdefault('sort_dir', 'desc')
assert params['sort_key'] in SORT_KEY_OPTIONS
assert params['sort_dir'] in SORT_DIR_OPTIONS
if not params['sort_key'] in SORT_KEY_OPTIONS:
raise faults.BadRequest("Invalid 'sort_key'")
if not params['sort_dir'] in SORT_DIR_OPTIONS:
raise faults.BadRequest("Invalid 'sort_dir'")
if 'size_max' in filters:
try:
......@@ -367,7 +373,8 @@ def update_image(request, image_id):
meta = _get_image_headers(request)
log.debug('update_image %s', meta)
assert set(meta.keys()).issubset(set(UPDATE_FIELDS))
if not set(meta.keys()).issubset(set(UPDATE_FIELDS)):
raise faults.BadRequest("Invalid metadata")
with image_backend(request.user_uniq) as backend:
image = backend.update_metadata(image_id, meta)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment