Fix bad field values might cause ugly server exception to be returned

2025-06-26 23:15:47 +00:00 · 2022-12-21 18:33:28 +02:00 · 2022-12-21 18:33:28 +02:00 · 54ce6c34c6
commit 54ce6c34c6
parent ae4c33fa0e
1 changed files with 110 additions and 95 deletions
--- a/apiserver/database/model/base.py
+++ b/apiserver/database/model/base.py
@ -20,7 +20,7 @@ from dateutil.parser import parse as parse_datetime
 from mongoengine import Q, Document, ListField, StringField, IntField
 from pymongo.command_cursor import CommandCursor

-from apiserver.apierrors import errors
+from apiserver.apierrors import errors, APIError
 from apiserver.apierrors.base import BaseError
 from apiserver.bll.redis_cache_manager import RedisCacheManager
 from apiserver.config_repo import config
@ -148,13 +148,15 @@ class GetMixin(PropsMixin):
            "or": (default_mongo_op, True),
        }

-        def __init__(self, legacy=False):
+        def __init__(self, field, legacy=False):
+            self._field = field
            self._current_op = None
            self._sticky = False
            self._support_legacy = legacy
            self.allow_empty = False

        def _get_op(self, v: str, translate: bool = False) -> Optional[str]:
+            try:
                op = (
                    v[len(self.op_prefix) :] if v and v.startswith(self.op_prefix) else None
                )
@ -162,6 +164,10 @@ class GetMixin(PropsMixin):
                    tup = self._ops.get(op, None)
                    return tup[0] if tup else None
                return op
+            except AttributeError:
+                raise errors.bad_request.FieldsValueError(
+                    "invalid value type, string expected", field=self._field, value=str(v)
+                )

        def _key(self, v) -> Optional[Union[str, bool]]:
            if v is None:
@ -347,6 +353,9 @@ class GetMixin(PropsMixin):
        parameters_options = parameters_options or cls.get_all_query_options
        dict_query = {}
        query = RegexQ()
+        field = None
+        # noinspection PyBroadException
+        try:
            if parameters:
                parameters = {
                    k: cls._get_fixed_field_value(k, v) for k, v in parameters.items()
@ -438,6 +447,12 @@ class GetMixin(PropsMixin):
                                RegexQ(),
                            )
                        query = query & q
+        except APIError:
+            raise
+        except Exception as ex:
+            raise errors.bad_request.FieldsValueError(
+                "failed parsing query field", error=str(ex), **({"field": field} if field else {})
+            )

        return query & RegexQ(**dict_query)

@ -486,7 +501,7 @@ class GetMixin(PropsMixin):
        if not isinstance(data, (list, tuple)):
            data = [data]

-        helper = cls.ListFieldBucketHelper(legacy=True)
+        helper = cls.ListFieldBucketHelper(field, legacy=True)
        global_op = helper.get_global_op(data)
        actions = helper.get_actions(data)