Mercurial > p > roundup > code
diff roundup/rest.py @ 8213:14e92a595828
fix(web) issue2551382 - 409 not 400 errors returned
invalid integer values for @verbose, @page_* values in rest uri's
generated a 409 (Update Conflict) error not a generic 400 error.
Found it when I was working on adding fuzz testing to check error
handling for query parameters in REST url's.
This also ads the tests in test_liveserver that found the error. Also
refactored tst_liveserver to allow resuse of session login method for
the new fuzz testing class as well.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Sun, 15 Dec 2024 01:57:42 -0500 |
| parents | d87350f56100 |
| children | 32aaf5dc562b |
line wrap: on
line diff
--- a/roundup/rest.py Sun Dec 15 01:35:51 2024 -0500 +++ b/roundup/rest.py Sun Dec 15 01:57:42 2024 -0500 @@ -811,10 +811,18 @@ value = form_field.value if key.startswith("@page_"): # serve the paging purpose key = key[6:] - value = int(value) + try: + value = int(value) + except ValueError as e: + raise UsageError("When using @page_%s: %s" % + (key, e.args[0])) page[key] = value elif key == "@verbose": - verbose = int(value) + try: + verbose = int(value) + except ValueError as e: + raise UsageError("When using @verbose: %s" % + (e.args[0])) elif key in ["@fields", "@attrs"]: f = value.split(",") if len(f) == 1: @@ -1129,7 +1137,11 @@ # used only if no @fields/@attrs protected = value.lower() == "true" elif key == "@verbose": - verbose = int(value) + try: + verbose = int(value) + except ValueError as e: + raise UsageError("When using @verbose: %s" % + (e.args[0])) result = {} if props is None: