From 7a70bc33aca8428f38c70c6b85bba29977a41aaf Mon Sep 17 00:00:00 2001
From: vijaya-erukala <vijaya_erukala@persistent.co.in>
Date: Thu, 20 Sep 2012 12:08:57 +0530
Subject: Handle invalid xml request to return BadRequest

Handled ExpatError,LookupError to return BadRequest
if the user inputs the invalid xml

fixes bug 1032092

Change-Id: I7374532d91e3d7675bc80730031a195f50bb2abc
---
 nova/api/openstack/wsgi.py                       | 11 ++++++++++-
 nova/tests/api/openstack/compute/test_servers.py | 24 ++++++++++++++++++++++++
 2 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/nova/api/openstack/wsgi.py b/nova/api/openstack/wsgi.py
index 33db3e714..a7a3823e9 100644
--- a/nova/api/openstack/wsgi.py
+++ b/nova/api/openstack/wsgi.py
@@ -881,8 +881,17 @@ class Resource(wsgi.Application):
         #            function.  If we try to audit __call__(), we can
         #            run into troubles due to the @webob.dec.wsgify()
         #            decorator.
-        return self._process_stack(request, action, action_args,
+        try:
+            return self._process_stack(request, action, action_args,
                                    content_type, body, accept)
+        except expat.ExpatError:
+            msg = _("Invalid XML in request body")
+            return Fault(webob.exc.HTTPBadRequest(explanation=msg))
+        except LookupError as e:
+        #NOTE(Vijaya Erukala): XML input such as
+        #                      <?xml version="1.0" encoding="TF-8"?>
+        #                      raises LookupError: unknown encoding: TF-8
+            return Fault(webob.exc.HTTPBadRequest(explanation=unicode(e)))
 
     def _process_stack(self, request, action, action_args,
                        content_type, body, accept):
diff --git a/nova/tests/api/openstack/compute/test_servers.py b/nova/tests/api/openstack/compute/test_servers.py
index b90866813..cc1c59304 100644
--- a/nova/tests/api/openstack/compute/test_servers.py
+++ b/nova/tests/api/openstack/compute/test_servers.py
@@ -959,6 +959,30 @@ class ServersControllerTest(test.TestCase):
         self.assertEqual(res_dict['server']['accessIPv4'], '0.0.0.0')
         self.assertEqual(res_dict['server']['accessIPv6'], 'beef::0123')
 
+    def test_update_server_invalid_xml_raises_lookup(self):
+        req = fakes.HTTPRequest.blank('/v2/fake/servers/%s' % FAKE_UUID)
+        req.method = 'PUT'
+        req.content_type = 'application/xml'
+        #xml request which raises LookupError
+        req.body = """<?xml version="1.0" encoding="TF-8"?>
+            <metadata
+            xmlns="http://docs.openstack.org/compute/api/v1.1"
+            key="Label"></meta>"""
+        res = req.get_response(fakes.wsgi_app())
+        self.assertEqual(res.status_int, 400)
+
+    def test_update_server_invalid_xml_raises_expat(self):
+        req = fakes.HTTPRequest.blank('/v2/fake/servers/%s' % FAKE_UUID)
+        req.method = 'PUT'
+        req.content_type = 'application/xml'
+        #xml request which raises ExpatError
+        req.body = """<?xml version="1.0" encoding="UTF-8"?>
+            <metadata
+            xmlns="http://docs.openstack.org/compute/api/v1.1"
+            key="Label"></meta>"""
+        res = req.get_response(fakes.wsgi_app())
+        self.assertEqual(res.status_int, 400)
+
     def test_update_server_name(self):
         self.stubs.Set(nova.db, 'instance_get',
                 fakes.fake_instance_get(name='server_test'))
-- 
cgit