External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-17 06:17:36 -02:30
Code Issues Packages Projects Releases Wiki Activity

sanitize request.DATA before passing to jobs

Browse Source
This commit is contained in:
Chris Meyers
2015-04-24 12:18:19 -04:00
parent aaf3a191e4
commit 0d26a700a6
2 changed files with 49 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
awx/api/serializers.py
View File

@@ -1696,50 +1696,69 @@ class JobLaunchSerializer(BaseSerializer):
can_start_without_user_input = serializers.Field(source='can_start_without_user_input') can_start_without_user_input = serializers.Field(source='can_start_without_user_input')
variables_needed_to_start = serializers.Field(source='variables_needed_to_start') variables_needed_to_start = serializers.Field(source='variables_needed_to_start')
credential_id = serializers.IntegerField(write_only=True, required=False) credential_id = serializers.IntegerField(write_only=True, required=False)
credential = serializers.IntegerField(write_only=True, required=False) credential_needed_to_start = serializers.SerializerMethodField('get_credential_needed_to_start')
credential_id = serializers.IntegerField(write_only=True, required=False) survey_enabled = serializers.SerializerMethodField('get_survey_enabled')
extra_vars = serializers.CharField(write_only=True, required=False)
class Meta: class Meta:
model = JobTemplate model = JobTemplate
fields = ('can_start_without_user_input', 'passwords_needed_to_start', 'extra_vars', fields = ('can_start_without_user_input', 'passwords_needed_to_start', 'extra_vars',
'ask_variables_on_launch', 'survey_enabled', 'variables_needed_to_start', 'ask_variables_on_launch', 'survey_enabled', 'variables_needed_to_start',
'credential_id', 'credential') 'credential_id', 'credential', 'credential_needed_to_start',)
read_only_fields = ('ask_variables_on_launch',)
write_only_fields = ('credential','extra_vars',)
def cred_valid(self, obj): def cred_valid(self, obj):
if obj.credential is not None: if obj.credential is not None:
return obj.credential.active return obj.credential.active
return False return False
def to_native(self, obj): def get_credential_needed_to_start(self, obj):
res = super(JobLaunchSerializer, self).to_native(obj)
if obj: if obj:
res['credential_needed_to_start'] = not self.cred_valid(obj) return not self.cred_valid(obj)
res['survey_enabled'] = obj.survey_enabled and 'spec' in obj.survey_spec return True
return res
def get_survey_enabled(self, obj):
if obj:
return obj.survey_enabled and 'spec' in obj.survey_spec
return False
def validate_extra_vars(self, attrs, source):
extra_vars = attrs.get(source, {})
if not extra_vars:
return attrs
try:
extra_vars = literal_eval(extra_vars)
attrs['extra_vars'] = extra_vars
except Exception:
if not isinstance(extra_vars, dict):
raise serializers.ValidationError("Invalid format. JSON expected.")
return attrs
def validate_variables_needed_to_start(self, attrs, source):
obj = self.context.get('obj')
if self.get_survey_enabled(obj):
validation_errors = obj.survey_variable_validation(attrs.get('extra_vars', {}))
if validation_errors:
raise serializers.ValidationError(validation_errors)
return attrs
def validate(self, attrs): def validate(self, attrs):
obj = self.context.get('obj') obj = self.context.get('obj')
if obj.survey_enabled and 'spec' in obj.survey_spec: data = self.context.get('data')
try: sanitary_fields = ('credential', 'credential_id', 'extra_vars')
extra_vars = literal_eval(attrs.get('extra_vars', {})) if not self.cred_valid(obj) and (attrs.get('credential', None) is None and attrs.get('credential_id', None) is None):
except Exception: raise serializers.ValidationError(dict(errors=["Credential not provided"]))
if not isinstance(extra_vars, dict):
raise serializers.ValidationError({
'extra_vars': "Invalid format. JSON expected."
})
validation_errors = obj.survey_variable_validation(extra_vars)
if validation_errors:
raise serializers.ValidationError({
'variables_needed_to_start': validation_errors
})
if not self.cred_valid(obj) and ('credential' not in attrs and 'credential_id' not in attrs):
raise serializers.ValidationError({'errors': ["Credential not provided"]})
if obj.job_type != PERM_INVENTORY_SCAN and (obj.project is None or not obj.project.active): if obj.job_type != PERM_INVENTORY_SCAN and (obj.project is None or not obj.project.active):
raise serializers.ValidationError({'errors': ["Job Template Project is missing or undefined"]}) raise serializers.ValidationError(dict(errors=["Job Template Project is missing or undefined"]))
if obj.inventory is None or not obj.inventory.active: if obj.inventory is None or not obj.inventory.active:
return serializers.ValidationError({'errors': ["Job Template Inventory is missing or undefined"]}) raise serializers.ValidationError(dict(errors=["Job Template Inventory is missing or undefined"]))
data.clear()
for field in sanitary_fields:
if field in attrs:
data[field] = attrs[field]
return attrs return attrs
class ScheduleSerializer(BaseSerializer): class ScheduleSerializer(BaseSerializer):

4
awx/api/views.py
View File

@@ -1445,7 +1445,9 @@ class JobTemplateLaunch(RetrieveAPIView, GenericAPIView):
if not request.user.can_access(self.model, 'start', obj): if not request.user.can_access(self.model, 'start', obj):
raise PermissionDenied() raise PermissionDenied()
serializer = self.serializer_class(data=request.DATA, context={'obj': obj}) # Note: is_valid() may modify request.DATA
# It will remove any key/value pair who's key is not credential, credential_id, or extra_vars
serializer = self.serializer_class(data=request.DATA, context={'obj': obj, 'data': request.DATA})
if not serializer.is_valid(): if not serializer.is_valid():
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)