diff options
| author | Wyllys Ingersoll <wyllys.ingersoll@evault.com> | 2013-12-10 14:20:52 -0500 |
|---|---|---|
| committer | Wyllys Ingersoll <wyllys.ingersoll@evault.com> | 2013-12-10 20:07:48 -0500 |
| commit | 7d02541047cd08787255695c4befcf4ab70a6002 (patch) | |
| tree | 4a99bc8b59fdd358817e714728a2fe358cea4099 | |
| parent | 020d1e05a6acf200231feb6b1c59995f69a5a1a8 (diff) | |
| download | python-barbicanclient-7d02541047cd08787255695c4befcf4ab70a6002.tar.gz | |
secrets.get should verify that the request is for a single secret
Added sanity checking to the requested URI path to make sure it is a
properly formed secret UUID value.
Change-Id: Ie6598303e502cd19458e0beef24d7fd032f9f14a
Closes-Bug: #1259654
| -rw-r--r-- | barbicanclient/secrets.py | 17 | ||||
| -rw-r--r-- | barbicanclient/test/test_client.py | 6 | ||||
| -rw-r--r-- | barbicanclient/test/test_client_secrets.py | 4 |
3 files changed, 24 insertions, 3 deletions
diff --git a/barbicanclient/secrets.py b/barbicanclient/secrets.py index a1e9b12..f8c0643 100644 --- a/barbicanclient/secrets.py +++ b/barbicanclient/secrets.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. import logging +import urlparse +import re from barbicanclient import base from barbicanclient.openstack.common.timeutils import parse_isotime @@ -35,7 +37,10 @@ class Secret(object): self.status = secret_dict.get('status') self.content_types = secret_dict.get('content_types') - self.created = parse_isotime(secret_dict.get('created')) + if secret_dict.get('created') is not None: + self.created = parse_isotime(secret_dict['created']) + else: + self.created = None if secret_dict.get('expiration') is not None: self.expiration = parse_isotime(secret_dict['expiration']) else: @@ -123,6 +128,16 @@ class SecretManager(base.BaseEntityManager): """ if not secret_ref: raise ValueError('secret_ref is required.') + try: + url = urlparse.urlparse(secret_ref) + parts = url.path.rstrip('/').split('/') + reuuid = re.compile(r'[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-' + '[0-9a-f]{4}-[0-9a-f]{12}', re.I) + if not reuuid.findall(parts[-1]): + raise ValueError('secret uuid format error.') + except: + raise ValueError('secret incorrectly specified.') + resp = self.api.get(secret_ref) return Secret(resp) diff --git a/barbicanclient/test/test_client.py b/barbicanclient/test/test_client.py index 8905264..623c2cd 100644 --- a/barbicanclient/test/test_client.py +++ b/barbicanclient/test/test_client.py @@ -117,7 +117,8 @@ class WhenTestingClientWithSession(unittest.TestCase): self.entity = 'dummy-entity' base = self.endpoint + self.tenant_id + "/" self.entity_base = base + self.entity + "/" - self.entity_href = self.entity_base + '1234' + self.entity_href = self.entity_base + \ + 'abcd1234-eabc-5678-9abc-abcdef012345' self.entity_name = 'name' self.entity_dict = {'name': self.entity_name} @@ -198,7 +199,8 @@ class BaseEntityResource(unittest.TestCase): self.entity = entity base = self.endpoint + self.tenant_id + "/" self.entity_base = base + self.entity + "/" - self.entity_href = self.entity_base + '1234' + self.entity_href = self.entity_base + \ + 'abcd1234-eabc-5678-9abc-abcdef012345' self.api = mock.MagicMock() self.api.base_url = base[:-1] diff --git a/barbicanclient/test/test_client_secrets.py b/barbicanclient/test/test_client_secrets.py index 2645314..1d2c28c 100644 --- a/barbicanclient/test/test_client_secrets.py +++ b/barbicanclient/test/test_client_secrets.py @@ -162,6 +162,10 @@ class WhenTestingSecrets(test_client.BaseEntityResource): self.assertEqual(10, params['limit']) self.assertEqual(5, params['offset']) + def test_should_fail_get_invalid_secret(self): + with self.assertRaises(ValueError): + self.manager.get('12345') + def test_should_fail_get_no_href(self): with self.assertRaises(ValueError): self.manager.get(None) |