If an asset POST does not contain well-formed XML, return a 400 (Bad Request) HTTP status rather than simply dropping the request.

connector_plugin
Justin Clark-Casey (justincc) 2012-11-22 03:01:57 +00:00
parent 33a4f07c4e
commit 448811ccdd
2 changed files with 38 additions and 3 deletions

View File

@ -57,14 +57,23 @@ namespace OpenSim.Server.Handlers.Asset
public override byte[] Handle(string path, Stream request,
IOSHttpRequest httpRequest, IOSHttpResponse httpResponse)
{
AssetBase asset;
XmlSerializer xs = new XmlSerializer(typeof (AssetBase));
AssetBase asset = (AssetBase) xs.Deserialize(request);
try
{
asset = (AssetBase)xs.Deserialize(request);
}
catch (XmlException)
{
httpResponse.StatusCode = (int)HttpStatusCode.BadRequest;
return null;
}
string[] p = SplitParams(path);
if (p.Length > 1)
{
bool result =
m_AssetService.UpdateContent(p[1], asset.Data);
bool result = m_AssetService.UpdateContent(p[1], asset.Data);
xs = new XmlSerializer(typeof(bool));
return ServerUtils.SerializeResult(xs, result);

View File

@ -27,6 +27,7 @@
using System;
using System.IO;
using System.Net;
using System.Text;
using System.Xml;
using System.Xml.Serialization;
@ -38,6 +39,7 @@ using OpenSim.Server.Handlers.Asset;
using OpenSim.Services.AssetService;
using OpenSim.Services.Interfaces;
using OpenSim.Tests.Common;
using OpenSim.Tests.Common.Mock;
namespace OpenSim.Server.Handlers.Asset.Test
{
@ -80,5 +82,29 @@ namespace OpenSim.Server.Handlers.Asset.Test
Assert.That(retrievedAsset, Is.Not.Null);
}
[Test]
public void TestBadXmlAssetStoreRequest()
{
TestHelpers.InMethod();
IConfigSource config = new IniConfigSource();
config.AddConfig("AssetService");
config.Configs["AssetService"].Set("StorageProvider", "OpenSim.Tests.Common.dll");
AssetService assetService = new AssetService(config);
AssetServerPostHandler asph = new AssetServerPostHandler(assetService);
MemoryStream buffer = new MemoryStream();
byte[] badData = new byte[] { 0x48, 0x65, 0x6c, 0x6c, 0x6f };
buffer.Write(badData, 0, badData.Length);
buffer.Position = 0;
TestOSHttpResponse response = new TestOSHttpResponse();
asph.Handle(null, buffer, null, response);
Assert.That(response.StatusCode, Is.EqualTo((int)HttpStatusCode.BadRequest));
}
}
}