From ac2b3fbede362348b94c3e759ff90a15f0fef62a Mon Sep 17 00:00:00 2001
From: Daniil Baturin <daniil@baturin.org>
Date: Mon, 17 Jun 2019 19:59:16 +0200
Subject: [HTTP API] T1431: make the value field optional and add better
validation.
---
src/services/vyos-http-api-server | 26 +++++++++++++++++++++++---
1 file changed, 23 insertions(+), 3 deletions(-)
(limited to 'src/services')
diff --git a/src/services/vyos-http-api-server b/src/services/vyos-http-api-server
index 7b9e3d671..45723010a 100755
--- a/src/services/vyos-http-api-server
+++ b/src/services/vyos-http-api-server
@@ -96,16 +96,36 @@ def configure():
error_msg = None
try:
for c in commands:
+ # Missing op or path is a show stopper
+ if not ('op' in c):
+ raise ConfigSessionError("Malformed command \"{0}\": missing \"op\" field".format(json.dumps(c)))
+ if not ('path' in c):
+ raise ConfigSessionError("Malformed command \"{0}\": missing \"path\" field".format(json.dumps(c)))
+ # Missing value is fine, substitute for empty string
+ if not ('value' in c):
+ value = ""
+
op = c['op']
path = c['path']
value = c['value']
- # Account for null values
+ # Type checking
+ if not isinstance(path, list):
+ raise ConfigSessionError("Malformed command \"{0}\": \"path\" field must be a list".format(json.dumps(c)))
+
+ if not isinstance(value, str):
+ raise ConfigSessionError("Malformed command \"{0}\": \"value\" field must be a string".format(json.dumps(c)))
+
+ # Account for the case when value field is present and set to null
if not value:
value = ""
- # For vyos.config calls
- cfg_path = " ".join(path + [value]).strip()
+ # For vyos.configsessios calls that have no separate value arguments,
+ # and for type checking too
+ try:
+ cfg_path = " ".join(path + [value]).strip()
+ except TypeError:
+ raise ConfigSessionError("Malformed command \"{0}\": \"path\" field must be a list of strings".format(json.dumps(c)))
if op == 'set':
# XXX: it would be nice to do a strict check for "path already exists",
--
cgit v1.2.3