summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDan Callaghan <dcallagh@redhat.com>2014-06-23 16:37:39 +1000
committerGerrit Code Review <gerrit@beaker-project.org>2014-06-24 02:16:32 +0000
commit7923883090b2a82dd43330a6e1cb4c2b666164f7 (patch)
tree211480b6fbff5b00a16f11b3a2b47d55f7c0833c
parent46e4ce1dcdce8a2608d62868922b57d41b554b1e (diff)
limit request bodies to 10MB in beaker-proxy
-rw-r--r--IntegrationTests/src/bkr/inttest/labcontroller/test_proxy.py17
-rw-r--r--LabController/src/bkr/labcontroller/main.py46
2 files changed, 42 insertions, 21 deletions
diff --git a/IntegrationTests/src/bkr/inttest/labcontroller/test_proxy.py b/IntegrationTests/src/bkr/inttest/labcontroller/test_proxy.py
index b3449d8..10d52a6 100644
--- a/IntegrationTests/src/bkr/inttest/labcontroller/test_proxy.py
+++ b/IntegrationTests/src/bkr/inttest/labcontroller/test_proxy.py
@@ -917,6 +917,23 @@ class LogUploadTest(LabControllerTestCase):
open(os.path.join(local_log_dir, 'empty-log'), 'r').read(),
'')
+ # https://bugzilla.redhat.com/show_bug.cgi?id=1003454
+ def test_large_xmlrpc_request_is_rejected(self):
+ s = xmlrpclib.ServerProxy(self.get_proxy_url())
+ try:
+ s.task_upload_file(123, 'debug', '.task_beah_raw', 4096, '', 1024,
+ 'a' * (1024 * 1024 * 10 + 1))
+ self.fail('should raise')
+ except xmlrpclib.ProtocolError as e:
+ self.assertEquals(e.errcode, 413)
+
+ # https://bugzilla.redhat.com/show_bug.cgi?id=1003454
+ def test_large_PUT_request_is_rejected(self):
+ upload_url = '%srecipes/%s/logs/asdf' % (self.get_proxy_url(),
+ self.recipe.id)
+ response = requests.put(upload_url, data='a' * (1024 * 1024 * 10 + 1))
+ self.assertEquals(response.status_code, 413)
+
class LogIndexTest(LabControllerTestCase):
def setUp(self):
diff --git a/LabController/src/bkr/labcontroller/main.py b/LabController/src/bkr/labcontroller/main.py
index fb035d2..638eeda 100644
--- a/LabController/src/bkr/labcontroller/main.py
+++ b/LabController/src/bkr/labcontroller/main.py
@@ -46,6 +46,9 @@ class XMLRPCDispatcher(SimpleXMLRPCDispatcher, XMLRPCDocGenerator):
logger.debug('Time: %s %s %s', datetime.utcnow() - start, str(method), str(params)[0:50])
return result
+class LimitedRequest(Request):
+ max_content_length = 10 * 1024 * 1024 # 10MB
+
class WSGIApplication(object):
def __init__(self, proxy):
@@ -95,30 +98,31 @@ class WSGIApplication(object):
endpoint=(self.proxy_http, 'do_result_log')),
])
- @Request.application
+ @LimitedRequest.application
def __call__(self, req):
- if req.path in ('/', '/RPC2', '/server'):
- if req.method == 'POST':
- # XML-RPC
- if req.content_type != 'text/xml':
- return BadRequest('XML-RPC requests must be text/xml')
- result = self.xmlrpc_dispatcher._marshaled_dispatch(req.data)
- return Response(response=result, content_type='text/xml')
- elif req.method in ('GET', 'HEAD'):
- # XML-RPC docs
- return Response(
- response=self.xmlrpc_dispatcher.generate_html_documentation(),
- content_type='text/html')
- else:
- return MethodNotAllowed()
try:
- (obj, attr), args = self.url_map.bind_to_environ(req.environ).match()
- if obj is self.proxy:
- # pseudo-XML-RPC
- result = getattr(obj, attr)(**args)
- return Response(response=repr(result), content_type='text/plain')
+ if req.path in ('/', '/RPC2', '/server'):
+ if req.method == 'POST':
+ # XML-RPC
+ if req.content_type != 'text/xml':
+ return BadRequest('XML-RPC requests must be text/xml')
+ result = self.xmlrpc_dispatcher._marshaled_dispatch(req.data)
+ return Response(response=result, content_type='text/xml')
+ elif req.method in ('GET', 'HEAD'):
+ # XML-RPC docs
+ return Response(
+ response=self.xmlrpc_dispatcher.generate_html_documentation(),
+ content_type='text/html')
+ else:
+ return MethodNotAllowed()
else:
- return getattr(obj, attr)(req, **args)
+ (obj, attr), args = self.url_map.bind_to_environ(req.environ).match()
+ if obj is self.proxy:
+ # pseudo-XML-RPC
+ result = getattr(obj, attr)(**args)
+ return Response(response=repr(result), content_type='text/plain')
+ else:
+ return getattr(obj, attr)(req, **args)
except HTTPException, e:
return e