From d1eea7a720bb14f6781ec5abadbc27fafdf85e1e Mon Sep 17 00:00:00 2001 From: Monty Taylor Date: Wed, 28 Jun 2017 12:52:40 -0500 Subject: [PATCH] Make sure we don't fail open on bad input to validate Passing arbitrary dicts to validate does not validate that that's what we're sending to the API. Put in a validation check that the keys we're sending are the ones validate does something about. It's possible there is another param to validate we're not listing. If we hit a test that needs it, we can always add it. Change-Id: I75b24f4f640b7cf6ffebff494e1627569d74755a --- shade/tests/unit/base.py | 6 ++++++ shade/tests/unit/test_identity_roles.py | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/shade/tests/unit/base.py b/shade/tests/unit/base.py index 9da294d85..bbbcab7b0 100644 --- a/shade/tests/unit/base.py +++ b/shade/tests/unit/base.py @@ -535,6 +535,12 @@ class RequestsMockTestCase(BaseTestCase): key = '{method}|{uri}|{params}'.format( method=method, uri=uri, params=kw_params) validate = to_mock.pop('validate', {}) + valid_keys = set(['json', 'headers', 'params']) + invalid_keys = set(validate.keys()) - valid_keys + if invalid_keys: + raise TypeError( + "Invalid values passed to validate: {keys}".format( + keys=invalid_keys)) headers = structures.CaseInsensitiveDict(to_mock.pop('headers', {})) if 'content-type' not in headers: diff --git a/shade/tests/unit/test_identity_roles.py b/shade/tests/unit/test_identity_roles.py index 0767345e8..05db5ba3f 100644 --- a/shade/tests/unit/test_identity_roles.py +++ b/shade/tests/unit/test_identity_roles.py @@ -91,7 +91,7 @@ class TestIdentityRoles(base.RequestsMockTestCase): uri=self.get_mock_url(), status_code=200, json=role_data.json_response, - validate=role_data.json_request), + validate=dict(json=role_data.json_request)), dict(method='GET', uri=self.get_mock_url(append=[role_data.role_id]), status_code=200,