From ff9c92c712be07f9fa39832debc2af7ee239515b Mon Sep 17 00:00:00 2001
From: John Perkins <john.perkins@rackspace.com>
Date: Wed, 8 Apr 2015 12:24:03 -0500
Subject: [PATCH] Non-json body on POST 500's

If the body of a POST request is not json, we get crashes.
This can happen when middleware sends along unexpected data.

Closes-bug #1441879

Change-Id: Ifac59476e4785b86bca6e2a54759f4271629a193
---
 neutron/api/v2/base.py                 | 33 ++++++++++++++------------
 neutron/tests/unit/api/v2/test_base.py |  8 +++++++
 2 files changed, 26 insertions(+), 15 deletions(-)

diff --git a/neutron/api/v2/base.py b/neutron/api/v2/base.py
index f0ab4e6f7..4e795cf2a 100644
--- a/neutron/api/v2/base.py
+++ b/neutron/api/v2/base.py
@@ -595,21 +595,24 @@ class Controller(object):
             raise webob.exc.HTTPBadRequest(_("Resource body required"))
 
         LOG.debug("Request body: %(body)s", {'body': body})
-        if collection in body:
-            if not allow_bulk:
-                raise webob.exc.HTTPBadRequest(_("Bulk operation "
-                                                 "not supported"))
-            if not body[collection]:
-                raise webob.exc.HTTPBadRequest(_("Resources required"))
-            bulk_body = [
-                Controller.prepare_request_body(
-                    context, item if resource in item else {resource: item},
-                    is_create, resource, attr_info, allow_bulk
-                ) for item in body[collection]
-            ]
-            return {collection: bulk_body}
-
-        res_dict = body.get(resource)
+        try:
+            if collection in body:
+                if not allow_bulk:
+                    raise webob.exc.HTTPBadRequest(_("Bulk operation "
+                                                     "not supported"))
+                if not body[collection]:
+                    raise webob.exc.HTTPBadRequest(_("Resources required"))
+                bulk_body = [
+                    Controller.prepare_request_body(
+                        context, item if resource in item
+                        else {resource: item}, is_create, resource, attr_info,
+                        allow_bulk) for item in body[collection]
+                ]
+                return {collection: bulk_body}
+            res_dict = body.get(resource)
+        except (AttributeError, TypeError):
+            msg = _("Body contains invalid data")
+            raise webob.exc.HTTPBadRequest(msg)
         if res_dict is None:
             msg = _("Unable to find '%s' in request body") % resource
             raise webob.exc.HTTPBadRequest(msg)
diff --git a/neutron/tests/unit/api/v2/test_base.py b/neutron/tests/unit/api/v2/test_base.py
index 6630781fe..ed9d50503 100644
--- a/neutron/tests/unit/api/v2/test_base.py
+++ b/neutron/tests/unit/api/v2/test_base.py
@@ -830,6 +830,14 @@ class JSONV2TestCase(APIv2TestBase, testlib_api.WebTestCase):
         data = {'whoa': None}
         self._test_create_failure_bad_request('networks', data)
 
+    def test_create_body_string_not_json(self):
+        data = 'a string'
+        self._test_create_failure_bad_request('networks', data)
+
+    def test_create_body_boolean_not_json(self):
+        data = True
+        self._test_create_failure_bad_request('networks', data)
+
     def test_create_no_resource(self):
         data = {}
         self._test_create_failure_bad_request('networks', data)
-- 
2.45.2