Merge "Handle invalid JSON filters from the input gracefully"

ceilometer/api/controllers/v2.py

@@ -1325,8 +1325,12 @@ class ValidatedComplexQuery(object):
         if self.original_query.filter is wtypes.Unset:
             self.filter_expr = None
         else:
-            self.filter_expr = json.loads(self.original_query.filter)
-            self._validate_filter(self.filter_expr)
+            try:
+                self.filter_expr = json.loads(self.original_query.filter)
+                self._validate_filter(self.filter_expr)
+            except (ValueError, jsonschema.exceptions.ValidationError) as e:
+                raise ClientSideError(_("Filter expression not valid: %s") %
+                                      e.message)
             self._replace_isotime_with_datetime(self.filter_expr)
             self._convert_operator_to_lower_case(self.filter_expr)
             self._normalize_field_names_for_db_model(self.filter_expr)
@@ -1336,8 +1340,12 @@ class ValidatedComplexQuery(object):
         if self.original_query.orderby is wtypes.Unset:
             self.orderby = None
         else:
-            self.orderby = json.loads(self.original_query.orderby)
-            self._validate_orderby(self.orderby)
+            try:
+                self.orderby = json.loads(self.original_query.orderby)
+                self._validate_orderby(self.orderby)
+            except (ValueError, jsonschema.exceptions.ValidationError) as e:
+                raise ClientSideError(_("Order-by expression not valid: %s") %
+                                      e.message)
             self._convert_orderby_to_lower_case(self.orderby)
             self._normalize_field_names_in_orderby(self.orderby)
 

ceilometer/tests/api/v2/test_complex_query_scenarios.py

@@ -210,6 +210,24 @@ class TestQueryMetersController(tests_api.FunctionalTest,
         for sample_item in data.json:
             self.assertIn(sample_item['resource_id'], set(["resource-id2"]))
 
+    def test_query_with_wrong_field_name(self):
+        data = self.post_json(self.url,
+                              params={"filter":
+                                      '{"=": {"unknown": "resource-id2"}}'},
+                              expect_errors=True)
+
+        self.assertEqual(400, data.status_int)
+        self.assertIn("is not valid under any of the given schemas", data.body)
+
+    def test_query_with_wrong_json(self):
+        data = self.post_json(self.url,
+                              params={"filter":
+                                      '{"=": "resource": "resource-id2"}}'},
+                              expect_errors=True)
+
+        self.assertEqual(400, data.status_int)
+        self.assertIn("Filter expression not valid", data.body)
+
     def test_query_with_field_name_user(self):
         data = self.post_json(self.url,
                               params={"filter":
@@ -257,7 +275,16 @@ class TestQueryMetersController(tests_api.FunctionalTest,
                               params={"orderby": '[{"project_id": ""}]'},
                               expect_errors=True)
 
-        self.assertEqual(500, data.status_int)
+        self.assertEqual(400, data.status_int)
+        self.assertIn("does not match '(?i)^asc$|^desc$'", data.body)
+
+    def test_query_with_wrong_json_in_orderby(self):
+        data = self.post_json(self.url,
+                              params={"orderby": '{"project_id": "desc"}]'},
+                              expect_errors=True)
+
+        self.assertEqual(400, data.status_int)
+        self.assertIn("Order-by expression not valid: Extra data", data.body)
 
     def test_filter_with_metadata(self):
         data = self.post_json(self.url,