From 60a2bf977733f2570a22b58cf650e97dabddc7fd Mon Sep 17 00:00:00 2001 From: Rohan Kanade Date: Fri, 23 Aug 2013 03:15:12 -0700 Subject: [PATCH] Fix quota update validation for non-int types Fixes lp bug #1215301 Change-Id: I4bf813579c128844884138ba49f074f81f96790a --- cinder/api/contrib/quotas.py | 6 +++++- cinder/tests/api/contrib/test_quotas.py | 5 +++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/cinder/api/contrib/quotas.py b/cinder/api/contrib/quotas.py index 81d51ce55..892861763 100644 --- a/cinder/api/contrib/quotas.py +++ b/cinder/api/contrib/quotas.py @@ -58,6 +58,10 @@ class QuotaSetsController(object): return dict(quota_set=result) def _validate_quota_limit(self, limit): + if not isinstance(limit, int): + msg = _("Quota limit must be specified as an integer value.") + raise webob.exc.HTTPBadRequest(explanation=msg) + # NOTE: -1 is a flag value for unlimited if limit < -1: msg = _("Quota limit must be -1 or greater.") @@ -89,8 +93,8 @@ class QuotaSetsController(object): project_id = id for key in body['quota_set'].keys(): if key in QUOTAS: + self._validate_quota_limit(body['quota_set'][key]) value = int(body['quota_set'][key]) - self._validate_quota_limit(value) try: db.quota_update(context, project_id, key, value) except exception.ProjectQuotaNotFound: diff --git a/cinder/tests/api/contrib/test_quotas.py b/cinder/tests/api/contrib/test_quotas.py index 7bef4f241..549ec1223 100644 --- a/cinder/tests/api/contrib/test_quotas.py +++ b/cinder/tests/api/contrib/test_quotas.py @@ -86,6 +86,11 @@ class QuotaSetsControllerTest(test.TestCase): result = self.controller.update(self.req, 'foo', body) self.assertDictMatch(result, make_body(tenant_id=None)) + def test_update_invalid_key_value(self): + body = {'quota_set': {'gigabytes': "should_be_int"}} + self.assertRaises(webob.exc.HTTPBadRequest, self.controller.update, + self.req, 'foo', body) + def test_update_bad_quota_limit(self): body = {'quota_set': {'gigabytes': -1000}} self.assertRaises(webob.exc.HTTPBadRequest, self.controller.update, -- 2.45.2