Fix 0 length servicepath levels (#4503)

* Fix 0 length servicepath levels * updated FT and error message * updated code and added FT * updated FT and CNR
telefonicaid · Feb 14, 2024 · a0d75b3 · a0d75b3
1 parent a53dbdf
commit a0d75b3
Show file tree

Hide file tree

Showing 3 changed files with 328 additions and 1 deletion.
diff --git a/CHANGES_NEXT_RELEASE b/CHANGES_NEXT_RELEASE
@@ -1,3 +1,4 @@
+- Fix: service path levels with 0 length should not be allowed (#4495)
 - Fix: changed the default value of `-dbTimeout` to 0 to resolve conflict with `-dbURI` (#4496) 
 - Fix: wrong INFO startup log showing ORION_MONGO_TIMEOUT, ORION_IN_REQ_PAYLOAD_MAX_SIZE and ORION_OUT_REQ_MSG_MAX_SIZE env var values (#4496)
 - Fix: return 400 Bad Request when subject.entities exists but it is an empty array (#4499)
diff --git a/src/lib/rest/rest.cpp b/src/lib/rest/rest.cpp
@@ -704,6 +704,13 @@ int servicePathCheck(ConnectionInfo* ciP, const char* servicePath)
     return 1;
   }
 
+  if (servicePath[1] == '/')
+  {
+    OrionError oe(SccBadRequest, "empty component in ServicePath");
+    ciP->answer = oe.setStatusCodeAndSmartRender(ciP->apiVersion, &(ciP->httpStatusCode));
+    return 1;
+  }
+
   if (ciP->servicePathV.size() > 1)
   {
     if (ciP->verb == PATCH)
@@ -795,7 +802,7 @@ static char* removeTrailingSlash(std::string path)
   char* cpath = (char*) path.c_str();
 
   /* strlen(cpath) > 1 ensures that root service path "/" is not touched */
-  while ((strlen(cpath) > 1) && (cpath[strlen(cpath) - 1] == '/'))
+  if ((strlen(cpath) > 1) && (cpath[strlen(cpath) - 1] == '/'))
   {
     cpath[strlen(cpath) - 1] = 0;
   }

diff --git a/...es/4495_servicepath_levels_with_zero_length/4495_servicepath_levels_with_zero_length.test b/...es/4495_servicepath_levels_with_zero_length/4495_servicepath_levels_with_zero_length.test
@@ -0,0 +1,319 @@
+# Copyright 2024 Telefonica Investigacion y Desarrollo, S.A.U
+#
+# This file is part of Orion Context Broker.
+#
+# Orion Context Broker is free software: you can redistribute it and/or
+# modify it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# Orion Context Broker is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero
+# General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with Orion Context Broker. If not, see http://www.gnu.org/licenses/.
+#
+# For those usages not covered by this license please contact with
+# iot_support at tid dot es
+
+# VALGRIND_READY - to mark the test ready for valgrindTestSuite.sh
+
+--NAME--
+Servicapath with zero length levels are not allowed
+
+--SHELL-INIT--
+dbInit CB
+brokerStart CB
+
+--SHELL--
+
+#
+# 01. Create entity E1/T1/A1=1, with servicepath '/Level_1' (success case)
+# 02. GET /v2/entities/E1, with servicepath '/Level_1' to see E1/T1/A1=1
+# 03. Create entity E2/T2/A2=2, with servicepath '/Level_1/Level_2' (success case)
+# 04. GET /v2/entities/E2, with servicepath '/Level_1/Level_2' to see E2/T2/A2=2
+# 05. Create entity E3/T3/A3=3, with servicepath '//Level_1' (SP level with 0 length), see error
+# 06. Create entity E3/T3/A3=3, with servicepath '///Level_1///Level_2//' (SP level with 0 length), see error
+# 07. Create entity E3/T3/A3=3, with servicepath '/Level_1///Level_2' (SP level with 0 length), see error
+# 08. Create entity E3/T3/A3=3, with servicepath '/Level_1/Level_2//' (SP level with 0 length), see error
+# 09. Create entity E4/T4/A4=4, with servicepath '/Level_1/Level_2/' (success case)
+# 10. GET /v2/entities/E4, with servicepath '/Level_1/Level_2' (without slash) to see E4/T4/A4=4
+#
+
+
+echo "01. Create entity E1/T1/A1=1, with servicepath '/Level_1' (success case)"
+echo "========================================================================"
+payload='{
+    "id": "E1",
+    "type": "T1",
+    "A1": {
+      "value": 1,
+      "type": "Integer"
+    }
+}'
+orionCurl --url /v2/entities --payload "$payload" --servicePath /Level_1
+echo
+echo
+
+
+echo "02. GET /v2/entities/E1 with servicepath '/Level_1' to see E1/T1/A1=1"
+echo "====================================================================="
+orionCurl --url /v2/entities/E1 --servicePath /Level_1
+echo
+echo
+
+
+echo "03. Create entity E2/T2/A2=2, with servicepath '/Level_1/Level_2' (success case)"
+echo "================================================================================"
+payload='{
+    "id": "E2",
+    "type": "T2",
+    "A2": {
+      "value": 2,
+      "type": "Integer"
+    }
+}'
+orionCurl --url /v2/entities --payload "$payload" --servicePath /Level_1/Level_2
+echo
+echo
+
+
+echo "04. GET /v2/entities/E2, with servicepath '/Level_1/Level_2' to see E2/T2/A2=2"
+echo "=============================================================================="
+orionCurl --url /v2/entities/E2 --servicePath /Level_1/Level_2
+echo
+echo
+
+
+echo "05. Create entity E3/T3/A3=3, with servicepath '//Level_1' (SP level with 0 length), see 400 error"
+echo "=================================================================================================="
+payload='{
+    "id": "E3",
+    "type": "T3",
+    "A3": {
+      "value": 3,
+      "type": "Integer"
+    }
+}'
+orionCurl --url /v2/entities --payload "$payload" --servicePath //Level_1
+echo
+echo
+
+
+echo "06. Create entity E3/T3/A3=3, with servicepath '///Level_1///Level_2//' (SP level with 0 length), see 400 error"
+echo "==============================================================================================================="
+payload='{
+    "id": "E3",
+    "type": "T3",
+    "A3": {
+      "value": 3,
+      "type": "Integer"
+    }
+}'
+orionCurl --url /v2/entities --payload "$payload" --servicePath ///Level_1///Level_2//
+echo
+echo
+
+
+echo "07. Create entity E3/T3/A3=3, with servicepath '/Level_1///Level_2' (SP level with 0 length), see error"
+echo "======================================================================================================="
+payload='{
+    "id": "E3",
+    "type": "T3",
+    "A3": {
+      "value": 3,
+      "type": "Integer"
+    }
+}'
+orionCurl --url /v2/entities --payload "$payload" --servicePath /Level_1///Level_2
+echo
+echo
+
+
+echo "08. Create entity E3/T3/A3=3, with servicepath '/Level_1/Level_2//' (SP level with 0 length), see error"
+echo "======================================================================================================="
+payload='{
+    "id": "E3",
+    "type": "T3",
+    "A3": {
+      "value": 3,
+      "type": "Integer"
+    }
+}'
+orionCurl --url /v2/entities --payload "$payload" --servicePath /Level_1/Level_2//
+echo
+echo
+
+
+echo "09. Create entity E4/T4/A4=4, with servicepath '/Level_1/Level_2/' (success case)"
+echo "================================================================================="
+payload='{
+    "id": "E4",
+    "type": "T4",
+    "A4": {
+      "value": 4,
+      "type": "Integer"
+    }
+}'
+orionCurl --url /v2/entities --payload "$payload" --servicePath /Level_1/Level_2/
+echo
+echo
+
+
+echo "10. GET /v2/entities/E4, with servicepath '/Level_1/Level_2' (without slash) to see E4/T4/A4=4"
+echo "=============================================================================================="
+orionCurl --url /v2/entities/E4 --servicePath /Level_1/Level_2
+echo
+echo
+
+
+--REGEXPECT--
+01. Create entity E1/T1/A1=1, with servicepath '/Level_1' (success case)
+========================================================================
+HTTP/1.1 201 Created
+Date: REGEX(.*)
+Fiware-Correlator: REGEX([0-9a-f\-]{36})
+Location: /v2/entities/E1?type=T1
+Content-Length: 0
+
+
+
+02. GET /v2/entities/E1 with servicepath '/Level_1' to see E1/T1/A1=1
+=====================================================================
+HTTP/1.1 200 OK
+Date: REGEX(.*)
+Fiware-Correlator: REGEX([0-9a-f\-]{36})
+Content-Type: application/json
+Content-Length: 71
+
+{
+    "A1": {
+        "metadata": {},
+        "type": "Integer",
+        "value": 1
+    },
+    "id": "E1",
+    "type": "T1"
+}
+
+
+03. Create entity E2/T2/A2=2, with servicepath '/Level_1/Level_2' (success case)
+================================================================================
+HTTP/1.1 201 Created
+Date: REGEX(.*)
+Fiware-Correlator: REGEX([0-9a-f\-]{36})
+Location: /v2/entities/E2?type=T2
+Content-Length: 0
+
+
+
+04. GET /v2/entities/E2, with servicepath '/Level_1/Level_2' to see E2/T2/A2=2
+==============================================================================
+HTTP/1.1 200 OK
+Date: REGEX(.*)
+Fiware-Correlator: REGEX([0-9a-f\-]{36})
+Content-Type: application/json
+Content-Length: 71
+
+{
+    "A2": {
+        "metadata": {},
+        "type": "Integer",
+        "value": 2
+    },
+    "id": "E2",
+    "type": "T2"
+}
+
+
+05. Create entity E3/T3/A3=3, with servicepath '//Level_1' (SP level with 0 length), see 400 error
+==================================================================================================
+HTTP/1.1 400 Bad Request
+Date: REGEX(.*)
+Fiware-Correlator: REGEX([0-9a-f\-]{36})
+Content-Type: application/json
+Content-Length: 69
+
+{
+    "description": "empty component in ServicePath",
+    "error": "BadRequest"
+}
+
+
+06. Create entity E3/T3/A3=3, with servicepath '///Level_1///Level_2//' (SP level with 0 length), see 400 error
+===============================================================================================================
+HTTP/1.1 400 Bad Request
+Date: REGEX(.*)
+Fiware-Correlator: REGEX([0-9a-f\-]{36})
+Content-Type: application/json
+Content-Length: 69
+
+{
+    "description": "empty component in ServicePath",
+    "error": "BadRequest"
+}
+
+
+07. Create entity E3/T3/A3=3, with servicepath '/Level_1///Level_2' (SP level with 0 length), see error
+=======================================================================================================
+HTTP/1.1 400 Bad Request
+Date: REGEX(.*)
+Fiware-Correlator: REGEX([0-9a-f\-]{36})
+Content-Type: application/json
+Content-Length: 69
+
+{
+    "description": "empty component in ServicePath",
+    "error": "BadRequest"
+}
+
+
+08. Create entity E3/T3/A3=3, with servicepath '/Level_1/Level_2//' (SP level with 0 length), see error
+=======================================================================================================
+HTTP/1.1 400 Bad Request
+Date: REGEX(.*)
+Fiware-Correlator: REGEX([0-9a-f\-]{36})
+Content-Type: application/json
+Content-Length: 69
+
+{
+    "description": "empty component in ServicePath",
+    "error": "BadRequest"
+}
+
+
+09. Create entity E4/T4/A4=4, with servicepath '/Level_1/Level_2/' (success case)
+=================================================================================
+HTTP/1.1 201 Created
+Date: REGEX(.*)
+Fiware-Correlator: REGEX([0-9a-f\-]{36})
+Location: /v2/entities/E4?type=T4
+Content-Length: 0
+
+
+
+10. GET /v2/entities/E4, with servicepath '/Level_1/Level_2' (without slash) to see E4/T4/A4=4
+==============================================================================================
+HTTP/1.1 200 OK
+Date: REGEX(.*)
+Fiware-Correlator: REGEX([0-9a-f\-]{36})
+Content-Type: application/json
+Content-Length: 71
+
+{
+    "A4": {
+        "metadata": {},
+        "type": "Integer",
+        "value": 4
+    },
+    "id": "E4",
+    "type": "T4"
+}
+
+
+--TEARDOWN--
+brokerStop CB
+dbDrop CB
+