Add middleware to limit size of HTTP requests.

Adds a new RequestBodySizeLimiter middleware to guard against
really large HTTP requests. The default max request size is 112k
although this limit is configurable via the 'max_request_body_size'
config parameter.

Change-Id: I76248feed5c77f678b8a43f364d4f1e0794ab910

2 files changed, 184 insertions, 0 deletions

diff --git a/openstack/common/middleware/sizelimit.py b/openstack/common/middleware/sizelimit.py
new file mode 100644
index 0000000..45de527
--- /dev/null
+++ b/openstack/common/middleware/sizelimit.py
@@ -0,0 +1,84 @@
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+
+# Copyright (c) 2012 Red Hat, Inc.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+"""
+Request Body limiting middleware.
+
+"""
+
+from oslo.config import cfg
+import webob.dec
+import webob.exc
+
+from openstack.common.gettextutils import _
+from openstack.common import wsgi
+
+
+#default request size is 112k
+max_req_body_size = cfg.IntOpt('max_request_body_size',
+                               deprecated_name='osapi_max_request_body_size',
+                               default=114688,
+                               help='the maximum body size '
+                                    'per each request(bytes)')
+
+CONF = cfg.CONF
+CONF.register_opt(max_req_body_size)
+
+
+class LimitingReader(object):
+    """Reader to limit the size of an incoming request."""
+    def __init__(self, data, limit):
+        """
+        :param data: Underlying data object
+        :param limit: maximum number of bytes the reader should allow
+        """
+        self.data = data
+        self.limit = limit
+        self.bytes_read = 0
+
+    def __iter__(self):
+        for chunk in self.data:
+            self.bytes_read += len(chunk)
+            if self.bytes_read > self.limit:
+                msg = _("Request is too large.")
+                raise webob.exc.HTTPRequestEntityTooLarge(explanation=msg)
+            else:
+                yield chunk
+
+    def read(self, i=None):
+        result = self.data.read(i)
+        self.bytes_read += len(result)
+        if self.bytes_read > self.limit:
+            msg = _("Request is too large.")
+            raise webob.exc.HTTPRequestEntityTooLarge(explanation=msg)
+        return result
+
+
+class RequestBodySizeLimiter(wsgi.Middleware):
+    """Limit the size of incoming requests."""
+
+    def __init__(self, *args, **kwargs):
+        super(RequestBodySizeLimiter, self).__init__(*args, **kwargs)
+
+    @webob.dec.wsgify(RequestClass=wsgi.Request)
+    def __call__(self, req):
+        if req.content_length > CONF.max_request_body_size:
+            msg = _("Request is too large.")
+            raise webob.exc.HTTPRequestEntityTooLarge(explanation=msg)
+        if req.content_length is None and req.is_body_readable:
+            limiter = LimitingReader(req.body_file,
+                                     CONF.max_request_body_size)
+            req.body_file = limiter
+        return self.application
diff --git a/tests/unit/middleware/test_sizelimit.py b/tests/unit/middleware/test_sizelimit.py
new file mode 100644
index 0000000..500f29d
--- /dev/null
+++ b/tests/unit/middleware/test_sizelimit.py
@@ -0,0 +1,100 @@
+# Copyright (c) 2012 Red Hat, Inc.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from oslo.config import cfg
+import StringIO
+import webob
+
+from openstack.common.middleware import sizelimit
+from tests import utils
+
+CONF = cfg.CONF
+MAX_REQUEST_BODY_SIZE = CONF.max_request_body_size
+
+
+class TestLimitingReader(utils.BaseTestCase):
+
+    def test_limiting_reader(self):
+        BYTES = 1024
+        bytes_read = 0
+        data = StringIO.StringIO("*" * BYTES)
+        for chunk in sizelimit.LimitingReader(data, BYTES):
+            bytes_read += len(chunk)
+
+        self.assertEquals(bytes_read, BYTES)
+
+        bytes_read = 0
+        data = StringIO.StringIO("*" * BYTES)
+        reader = sizelimit.LimitingReader(data, BYTES)
+        byte = reader.read(1)
+        while len(byte) != 0:
+            bytes_read += 1
+            byte = reader.read(1)
+
+        self.assertEquals(bytes_read, BYTES)
+
+    def test_limiting_reader_fails(self):
+        BYTES = 1024
+
+        def _consume_all_iter():
+            bytes_read = 0
+            data = StringIO.StringIO("*" * BYTES)
+            for chunk in sizelimit.LimitingReader(data, BYTES - 1):
+                bytes_read += len(chunk)
+
+        self.assertRaises(webob.exc.HTTPRequestEntityTooLarge,
+                          _consume_all_iter)
+
+        def _consume_all_read():
+            bytes_read = 0
+            data = StringIO.StringIO("*" * BYTES)
+            reader = sizelimit.LimitingReader(data, BYTES - 1)
+            byte = reader.read(1)
+            while len(byte) != 0:
+                bytes_read += 1
+                byte = reader.read(1)
+
+        self.assertRaises(webob.exc.HTTPRequestEntityTooLarge,
+                          _consume_all_read)
+
+
+class TestRequestBodySizeLimiter(utils.BaseTestCase):
+
+    def setUp(self):
+        super(TestRequestBodySizeLimiter, self).setUp()
+
+        @webob.dec.wsgify()
+        def fake_app(req):
+            return webob.Response(req.body)
+
+        self.middleware = sizelimit.RequestBodySizeLimiter(fake_app)
+        self.request = webob.Request.blank('/', method='POST')
+
+    def test_content_length_acceptable(self):
+        self.request.headers['Content-Length'] = MAX_REQUEST_BODY_SIZE
+        self.request.body = "0" * MAX_REQUEST_BODY_SIZE
+        response = self.request.get_response(self.middleware)
+        self.assertEqual(response.status_int, 200)
+
+    def test_content_length_too_large(self):
+        self.request.headers['Content-Length'] = MAX_REQUEST_BODY_SIZE + 1
+        self.request.body = "0" * (MAX_REQUEST_BODY_SIZE + 1)
+        response = self.request.get_response(self.middleware)
+        self.assertEqual(response.status_int, 413)
+
+    def test_request_too_large_no_content_length(self):
+        self.request.body = "0" * (MAX_REQUEST_BODY_SIZE + 1)
+        self.request.headers['Content-Length'] = None
+        response = self.request.get_response(self.middleware)
+        self.assertEqual(response.status_int, 413)