Skip to content

Commit

Permalink
Fix bug #1782, forbidden chars in ID PATCH v2
Browse files Browse the repository at this point in the history
  • Loading branch information
crbrox committed Feb 11, 2016
1 parent 20f0c02 commit 8a979cd
Show file tree
Hide file tree
Showing 3 changed files with 69 additions and 1 deletion.
2 changes: 2 additions & 0 deletions CHANGES_NEXT_RELEASE
Original file line number Diff line number Diff line change
Expand Up @@ -16,3 +16,5 @@
- Add: type param for POST entity in v2 (Issue #982, #984)
- Add: support for geo:point type as a way of specifying location attribute in NGSIv2 (Issue #1038)
- Add: type param for PUT entity in v2 (Issue #988, #992, #1000)
- Fix: not detecting forbidden chars in ID for PATH v2 (Issue #1782)

8 changes: 7 additions & 1 deletion src/lib/serviceRoutinesV2/patchEntity.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@
#include "common/statistics.h"
#include "common/clockFunctions.h"
#include "common/errorMessages.h"

#include "parse/forbiddenChars.h"
#include "rest/ConnectionInfo.h"
#include "ngsi/ParseData.h"
#include "apiTypesV2/Entities.h"
Expand Down Expand Up @@ -71,6 +71,12 @@ std::string patchEntity
eP->id = compV[2];
eP->type = ciP->uriParam["type"];

if (forbiddenIdChars(ciP->apiVersion, eP->id.c_str() , NULL))
{
OrionError oe(SccBadRequest, "invalid character in URI");
return oe.render(ciP, "");
}

// 01. Fill in UpdateContextRequest
parseDataP->upcr.res.fill(eP, "UPDATE");

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
# Copyright 2016 Telefonica Investigacion y Desarrollo, S.A.U
#
# This file is part of Orion Context Broker.
#
# Orion Context Broker is free software: you can redistribute it and/or
# modify it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# Orion Context Broker is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero
# General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with Orion Context Broker. If not, see http://www.gnu.org/licenses/.
#
# For those usages not covered by this license please contact with
# iot_support at tid dot es

# VALGRIND_READY - to mark the test ready for valgrindTestSuite.sh

--NAME--
PATCH /v2/entities/E& forbidden chars in ID

--SHELL-INIT--
dbInit CB
brokerStart CB

--SHELL--

#
# 01. PATCH entity with forbidden char in ID
#

echo "01. PATCH entity with forbidden char in ID"
echo "=========================================="
payload='{ "attr1": 1 }'
orionCurl --url '/v2/entities/E&?options=keyValues' -X PATCH --payload "$payload" --json
echo
echo


--REGEXPECT--
01. PATCH entity with forbidden char in ID
==========================================
HTTP/1.1 400 Bad Request
Content-Length: 63
Content-Type: application/json
Date: REGEX(.*)

{
"description": "invalid character in URI",
"error": "BadRequest"
}


--TEARDOWN--
brokerStop CB
dbDrop CB

0 comments on commit 8a979cd

Please sign in to comment.