From bf6d42b2e9e98c69a7bff818b583045d12ce58e0 Mon Sep 17 00:00:00 2001 From: wangxiyuan Date: Thu, 9 Nov 2017 16:03:03 +0800 Subject: [PATCH] Add input type check zaqar raises 500 erro when create message with integer format body. Because that json.loads() doesn't check the "integer like" string. Change-Id: Icafa829fa5f5ce3afcafc40f46c39ea8adcc836d Cloese-bug: 1731170 --- zaqar/tests/unit/transport/wsgi/v2_0/test_messages.py | 2 +- zaqar/transport/utils.py | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/zaqar/tests/unit/transport/wsgi/v2_0/test_messages.py b/zaqar/tests/unit/transport/wsgi/v2_0/test_messages.py index d7adcd35c..2faf04422 100644 --- a/zaqar/tests/unit/transport/wsgi/v2_0/test_messages.py +++ b/zaqar/tests/unit/transport/wsgi/v2_0/test_messages.py @@ -325,7 +325,7 @@ class TestMessagesMongoDB(base.V2Base): self.assertEqual(falcon.HTTP_400, self.srmock.status) - @ddt.data(None, '[', '[]', '{}', '.') + @ddt.data(None, '[', '[]', '{}', '.', '123') def test_post_bad_message(self, document): self.simulate_post(self.queue_path + '/messages', body=document, diff --git a/zaqar/transport/utils.py b/zaqar/transport/utils.py index ce69181fc..9757ddf3e 100644 --- a/zaqar/transport/utils.py +++ b/zaqar/transport/utils.py @@ -45,7 +45,10 @@ def read_json(stream, len): """ try: content = encodeutils.safe_decode(stream.read(len), 'utf-8') - return json.loads(content, parse_int=_json_int) + result = json.loads(content, parse_int=_json_int) + if not isinstance(result, dict) and not isinstance(result, list): + raise MalformedJSON() + return result except UnicodeDecodeError as ex: raise MalformedJSON(ex) except ValueError as ex: