Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix bug #1782, forbidden chars in ID PATCH v2 #1787

Merged
merged 2 commits into from
Feb 12, 2016
Merged

Fix bug #1782, forbidden chars in ID PATCH v2 #1787

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8a979cd
Fix bug #1782, forbidden chars in ID PATCH v2
crbrox Feb 11, 2016
297de23
Fix CNR line
crbrox Feb 12, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions CHANGES_NEXT_RELEASE
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,3 +16,5 @@
- Add: type param for POST entity in v2 (Issue #982, #984)
- Add: support for geo:point type as a way of specifying location attribute in NGSIv2 (Issue #1038)
- Add: type param for PUT entity in v2 (Issue #988, #992, #1000)
- Fix: not detecting forbidden chars in ID for PATH v2 (Issue #1782)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

in ID -> in entityID ?
PATH -> PATCH ?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed 297de23


8 changes: 7 additions & 1 deletion src/lib/serviceRoutinesV2/patchEntity.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@
#include "common/statistics.h"
#include "common/clockFunctions.h"
#include "common/errorMessages.h"

#include "parse/forbiddenChars.h"
#include "rest/ConnectionInfo.h"
#include "ngsi/ParseData.h"
#include "apiTypesV2/Entities.h"
Expand Down Expand Up @@ -71,6 +71,12 @@ std::string patchEntity
eP->id = compV[2];
eP->type = ciP->uriParam["type"];

if (forbiddenIdChars(ciP->apiVersion, eP->id.c_str() , NULL))
{
OrionError oe(SccBadRequest, "invalid character in URI");
return oe.render(ciP, "");
}

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems like something that should be done for all v2 requests (perhaps v1 also),
not only PATCH /v2/entities/{eid} ...
Should the check be on a higher level?
Somewhere in rest.cpp ...

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, it's only about the ID, not the whole path ...

NTC

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll check other 'paths' with ID for this point. If any is found, we can create an issue for all them and solve them in the same PR ...

// 01. Fill in UpdateContextRequest
parseDataP->upcr.res.fill(eP, "UPDATE");

Expand Down
60 changes: 60 additions & 0 deletions ...nctionalTest/cases/1782_forbidden_char_id_uri_patch/1782_forbidden_char_id_uri_patch.test
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
# Copyright 2016 Telefonica Investigacion y Desarrollo, S.A.U
#
# This file is part of Orion Context Broker.
#
# Orion Context Broker is free software: you can redistribute it and/or
# modify it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# Orion Context Broker is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero
# General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with Orion Context Broker. If not, see http://www.gnu.org/licenses/.
#
# For those usages not covered by this license please contact with
# iot_support at tid dot es

# VALGRIND_READY - to mark the test ready for valgrindTestSuite.sh

--NAME--
PATCH /v2/entities/E& forbidden chars in ID

--SHELL-INIT--
dbInit CB
brokerStart CB

--SHELL--

#
# 01. PATCH entity with forbidden char in ID
#

echo "01. PATCH entity with forbidden char in ID"
echo "=========================================="
payload='{ "attr1": 1 }'
orionCurl --url '/v2/entities/E&?options=keyValues' -X PATCH --payload "$payload" --json
echo
echo


--REGEXPECT--
01. PATCH entity with forbidden char in ID
==========================================
HTTP/1.1 400 Bad Request
Content-Length: 63
Content-Type: application/json
Date: REGEX(.*)

{
"description": "invalid character in URI",
"error": "BadRequest"
}


--TEARDOWN--
brokerStop CB
dbDrop CB