From eb24769c91469a9b57344421061c8e366b8a8c2a Mon Sep 17 00:00:00 2001 From: Bartek Grzybowski Date: Thu, 16 Apr 2020 03:28:14 -0700 Subject: Fix invalid prefix check handling Should the URI prefix length in the request be incorrect and not contain two "/" the service would fail with "empty response" on client side due to unhandled "list index out of range" in the server process while trying to get the idName from pathlist[4] which throws IndexError. Prefix validation, id and class variable assignment are wrapped up in try-except clause to evaluate the prefix check correctly, catch the exception and return appropriate response to the client. Change-Id: If6333228fbdd3a8075ade55436c3ca9bb8a97caa Issue-ID: INT-1529 Signed-off-by: Bartek Grzybowski --- .../mocks/prov-mns-provider/src/ProvMnSProvider.py | 48 +++++++++++++--------- 1 file changed, 28 insertions(+), 20 deletions(-) (limited to 'test/mocks') diff --git a/test/mocks/prov-mns-provider/src/ProvMnSProvider.py b/test/mocks/prov-mns-provider/src/ProvMnSProvider.py index da445e223..d61b4494e 100644 --- a/test/mocks/prov-mns-provider/src/ProvMnSProvider.py +++ b/test/mocks/prov-mns-provider/src/ProvMnSProvider.py @@ -37,12 +37,14 @@ class ServerHTTP(BaseHTTPRequestHandler): request = urlparse(path) print("the PATH of the received GET request:" + request.path) pathlist = request.path.split('/') - if "/" + pathlist[1] + "/"+ pathlist[2] == prefix: - prefix_check = True - else: + prefix_check = True + try: + if "/" + pathlist[1] + "/"+ pathlist[2] != prefix: + prefix_check = False + className = pathlist[3] + idName = pathlist[4] + except IndexError: prefix_check = False - className = pathlist[3] - idName = pathlist[4] response = {} query_params = parse_qs(request.query) if self.headers['Authorization'] == authheader and prefix_check is True: @@ -100,12 +102,14 @@ class ServerHTTP(BaseHTTPRequestHandler): request = urlparse(path) print("the PATH of the received GET request:" + request.path) pathlist = request.path.split('/') - if "/" + pathlist[1] + "/"+ pathlist[2] == prefix: - prefix_check = True - else: + prefix_check = True + try: + if "/" + pathlist[1] + "/"+ pathlist[2] != prefix: + prefix_check = False + className = pathlist[3] + idName = pathlist[4] + except IndexError: prefix_check = False - className = pathlist[3] - idName = pathlist[4] response = {} query_params = parse_qs(request.query) if self.headers['Authorization'] == authheader and prefix_check is True: @@ -169,12 +173,14 @@ class ServerHTTP(BaseHTTPRequestHandler): request = urlparse(path) print("the PATH of the received DELETE request:" + request.path) pathlist = request.path.split('/') - if "/" + pathlist[1] + "/"+ pathlist[2] == prefix: - prefix_check = True - else: + prefix_check = True + try: + if "/" + pathlist[1] + "/"+ pathlist[2] != prefix: + prefix_check = False + className = pathlist[3] + idName = pathlist[4] + except IndexError: prefix_check = False - className = pathlist[3] - idName = pathlist[4] response = {} query_params = parse_qs(request.query) if self.headers['Authorization'] == authheader and prefix_check is True: @@ -221,12 +227,14 @@ class ServerHTTP(BaseHTTPRequestHandler): print("\n**************************** NEW PUT REQUEST ********************************") print("the PATH of the received PUT request:" + path) pathlist = path.split('/') - if "/" + pathlist[1] + "/"+ pathlist[2] == prefix: - prefix_check = True - else: + prefix_check = True + try: + if "/" + pathlist[1] + "/"+ pathlist[2] != prefix: + prefix_check = False + className = pathlist[3] + idName = pathlist[4] + except IndexError: prefix_check = False - className = pathlist[3] - idName = pathlist[4] response = {} if self.headers['Authorization'] == authheader and prefix_check is True: if className in SupportingFunctionList: -- cgit 1.2.3-korg