From 20fb97df97cdfcbc1d98a0b1f7d94806d996e274 Mon Sep 17 00:00:00 2001 From: Dan Prince Date: Fri, 15 Feb 2013 10:41:30 -0500 Subject: Updates to OSAPI sizelimit middleware. Updates the OSAPI sizelimit middleware so that we use avoid calling len on a request body which could cause a really large request to get buffered into memory. Also updates the middleware to return HTTP 413 which is a more correct error code in this case (previously it returned just 400). Fixes LP Bug #1131857. Change-Id: Id8bc5eeb0fba9482809edd12543a75163e1227e9 --- nova/tests/api/test_sizelimit.py | 59 ++++++++++++++++++++++++++++++++++++---- 1 file changed, 54 insertions(+), 5 deletions(-) (limited to 'nova/tests') diff --git a/nova/tests/api/test_sizelimit.py b/nova/tests/api/test_sizelimit.py index 862a0d65f..9e7a33d29 100644 --- a/nova/tests/api/test_sizelimit.py +++ b/nova/tests/api/test_sizelimit.py @@ -13,6 +13,7 @@ # under the License. from oslo.config import cfg +import StringIO import webob import nova.api.sizelimit @@ -22,6 +23,52 @@ CONF = cfg.CONF MAX_REQUEST_BODY_SIZE = CONF.osapi_max_request_body_size +class TestLimitingReader(test.TestCase): + + def test_limiting_reader(self): + BYTES = 1024 + bytes_read = 0 + data = StringIO.StringIO("*" * BYTES) + for chunk in nova.api.sizelimit.LimitingReader(data, BYTES): + bytes_read += len(chunk) + + self.assertEquals(bytes_read, BYTES) + + bytes_read = 0 + data = StringIO.StringIO("*" * BYTES) + reader = nova.api.sizelimit.LimitingReader(data, BYTES) + byte = reader.read(1) + while len(byte) != 0: + bytes_read += 1 + byte = reader.read(1) + + self.assertEquals(bytes_read, BYTES) + + def test_limiting_reader_fails(self): + BYTES = 1024 + + def _consume_all_iter(): + bytes_read = 0 + data = StringIO.StringIO("*" * BYTES) + for chunk in nova.api.sizelimit.LimitingReader(data, BYTES - 1): + bytes_read += len(chunk) + + self.assertRaises(webob.exc.HTTPRequestEntityTooLarge, + _consume_all_iter) + + def _consume_all_read(): + bytes_read = 0 + data = StringIO.StringIO("*" * BYTES) + reader = nova.api.sizelimit.LimitingReader(data, BYTES - 1) + byte = reader.read(1) + while len(byte) != 0: + bytes_read += 1 + byte = reader.read(1) + + self.assertRaises(webob.exc.HTTPRequestEntityTooLarge, + _consume_all_read) + + class TestRequestBodySizeLimiter(test.TestCase): def setUp(self): @@ -29,7 +76,7 @@ class TestRequestBodySizeLimiter(test.TestCase): @webob.dec.wsgify() def fake_app(req): - return webob.Response() + return webob.Response(req.body) self.middleware = nova.api.sizelimit.RequestBodySizeLimiter(fake_app) self.request = webob.Request.blank('/', method='POST') @@ -40,12 +87,14 @@ class TestRequestBodySizeLimiter(test.TestCase): response = self.request.get_response(self.middleware) self.assertEqual(response.status_int, 200) - def test_content_length_to_large(self): + def test_content_length_too_large(self): self.request.headers['Content-Length'] = MAX_REQUEST_BODY_SIZE + 1 + self.request.body = "0" * (MAX_REQUEST_BODY_SIZE + 1) response = self.request.get_response(self.middleware) - self.assertEqual(response.status_int, 400) + self.assertEqual(response.status_int, 413) - def test_request_to_large(self): + def test_request_too_large_no_content_length(self): self.request.body = "0" * (MAX_REQUEST_BODY_SIZE + 1) + self.request.headers['Content-Length'] = None response = self.request.get_response(self.middleware) - self.assertEqual(response.status_int, 400) + self.assertEqual(response.status_int, 413) -- cgit