From 27fc64eb566c8e7497fefee8df01571e21e25381 Mon Sep 17 00:00:00 2001 From: Wayne Witzel III Date: Wed, 8 Mar 2017 12:30:30 -0500 Subject: [PATCH] value_to_python should encode lookup fields as ascii --- awx/api/filters.py | 5 +++++ awx/main/tests/unit/api/test_filters.py | 10 ++++++++++ 2 files changed, 15 insertions(+) diff --git a/awx/api/filters.py b/awx/api/filters.py index e5c9c39264..47b54da9ab 100644 --- a/awx/api/filters.py +++ b/awx/api/filters.py @@ -148,6 +148,11 @@ class FieldLookupBackend(BaseFilterBackend): return field.to_python(value) def value_to_python(self, model, lookup, value): + try: + lookup = lookup.encode("ascii") + except UnicodeEncodeError: + raise ValueError("%r is not an allowed field name. Must be ascii encodable." % lookup) + field, new_lookup = self.get_field_from_lookup(model, lookup) # Type names are stored without underscores internally, but are presented and diff --git a/awx/main/tests/unit/api/test_filters.py b/awx/main/tests/unit/api/test_filters.py index 6570ada6f7..45eec0df1f 100644 --- a/awx/main/tests/unit/api/test_filters.py +++ b/awx/main/tests/unit/api/test_filters.py @@ -1,3 +1,5 @@ +# -*- coding: utf-8 -*- + import pytest from rest_framework.exceptions import PermissionDenied @@ -24,6 +26,14 @@ def test_valid_in(valid_value): assert 'foo' in value +def test_invalid_field(): + invalid_field = u"ヽヾ" + field_lookup = FieldLookupBackend() + with pytest.raises(ValueError) as excinfo: + field_lookup.value_to_python(WorkflowJobTemplate, invalid_field, 'foo') + assert 'is not an allowed field name. Must be ascii encodable.' in excinfo.value.message + + @pytest.mark.parametrize('lookup_suffix', ['', 'contains', 'startswith', 'in']) @pytest.mark.parametrize('password_field', Credential.PASSWORD_FIELDS) def test_filter_on_password_field(password_field, lookup_suffix):