linaro-license-protection

Merge lp:~dooferlad/linaro-license-protection/invalid-buildinfo-403 into lp:~linaro-automation/linaro-license-protection/trunk

invalid-buildinfo-403
Merge into trunk

Proposed by James Tunnicliffe on 2012-08-20

Status:	Merged
Approved by:	Stevan Radaković on 2012-08-20
Approved revision:	106
Merged at revision:	106
Proposed branch:	lp:~dooferlad/linaro-license-protection/invalid-buildinfo-403
Merge into:	lp:~linaro-automation/linaro-license-protection/trunk
Diff against target:	128 lines (+60/-4) 6 files modified license_protected_downloads/tests/test_views.py (+16/-0) license_protected_downloads/tests/testserver_root/build-info/broken-build-info/BUILD-INFO.txt (+13/-0) license_protected_downloads/tests/testserver_root/build-info/broken-build-info/test.txt (+1/-0) license_protected_downloads/views.py (+16/-4) sampleroot/build-info/broken-build-info/BUILD-INFO.txt (+13/-0) sampleroot/build-info/broken-build-info/test.txt (+1/-0)
To merge this branch:	bzr merge lp:~dooferlad/linaro-license-protection/invalid-buildinfo-403
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Stevan Radaković	code	2012-08-20	Approve on 2012-08-20
Review via email: mp+120417@code.launchpad.net

Revision history for this message

Stevan Radaković (stevanr) wrote on 2012-08-20:

Looks good.
Approve +1

review: Approve (code)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

James Tunnicliffe

Linaro Infrastructure

 === modified file 'license_protected_downloads/tests/test_views.py'
 --- license_protected_downloads/tests/test_views.py	2012-08-16 09:47:06 +0000
 +++ license_protected_downloads/tests/test_views.py	2012-08-20 15:43:35 +0000
@@ -395,5 +395,21 @@
          # Test that we use the "samsung" theme. This contains exynos.png
          self.assertContains(response, "exynos.png")
++    def test_broken_build_info_directory(self):
++        target_file = "build-info/broken-build-info"
++        url = urlparse.urljoin("http://testserver/", target_file)
++        response = self.client.get(url, follow=True)
++
++        # If a build-info file is invalid, we don't allow access
++        self.assertEqual(response.status_code, 403)
++
++    def test_broken_build_info_file(self):
++        target_file = "build-info/broken-build-info/test.txt"
++        url = urlparse.urljoin("http://testserver/", target_file)
++        response = self.client.get(url, follow=True)
++
++        # If a build-info file is invalid, we don't allow access
++        self.assertEqual(response.status_code, 403)
++
  if __name__ == '__main__':
      unittest.main()
 === added directory 'license_protected_downloads/tests/testserver_root/build-info/broken-build-info'
 === added file 'license_protected_downloads/tests/testserver_root/build-info/broken-build-info/BUILD-INFO.txt'
 --- license_protected_downloads/tests/testserver_root/build-info/broken-build-info/BUILD-INFO.txt	1970-01-01 00:00:00 +0000
 +++ license_protected_downloads/tests/testserver_root/build-info/broken-build-info/BUILD-INFO.txt	2012-08-20 15:43:35 +0000
@@ -0,0 +1,13 @@
++Format-Version: 0asdfk
++
++Files-Patternasdfjklh: *
++Build-Name: landing-snowball
++Theme: stericsson
++License-Type: protasdklfjasfected
++License-Text: <p>IMPORTANT — PLEASE READ THE FOLLOWING AGREEMENT CAREFULLY.</p>
++ <p>
++ This Agreement is a legally binding contract between you - either an
++ individual or a legal entity - (hereinafter referred to as "Licensee")
++ and ST-Ericsson SA, a company incorporated under the laws of
++ Switzerland (hereinafter referred to as "ST-Ericsson").
++ </p>
 === added file 'license_protected_downloads/tests/testserver_root/build-info/broken-build-info/test.txt'
 --- license_protected_downloads/tests/testserver_root/build-info/broken-build-info/test.txt	1970-01-01 00:00:00 +0000
 +++ license_protected_downloads/tests/testserver_root/build-info/broken-build-info/test.txt	2012-08-20 15:43:35 +0000
@@ -0,0 +1,1 @@
++This is protected with click-through Linaro license.
 === modified file 'license_protected_downloads/views.py'
 --- license_protected_downloads/views.py	2012-08-16 09:47:06 +0000
 +++ license_protected_downloads/views.py	2012-08-20 15:43:35 +0000
@@ -2,7 +2,6 @@
  import hashlib
  import mimetypes
  import os
--import os.path
  import re
  import time
  from mimetypes import guess_type
@@ -19,7 +18,7 @@
  from django.utils.encoding import smart_str
  import bzr_version
--from buildinfo import BuildInfo
++from buildinfo import BuildInfo, IncorrectDataFormatException
  from models import License
  from openid_auth import OpenIDAuth
  from BeautifulSoup import BeautifulSoup
@@ -134,8 +133,15 @@
      buildinfo_path = os.path.join(os.path.dirname(path), "BUILD-INFO.txt")
      open_eula_path = os.path.join(os.path.dirname(path), "OPEN-EULA.txt")
      eula_path = os.path.join(os.path.dirname(path), "EULA.txt")
++
      if os.path.isfile(buildinfo_path):
--        build_info = BuildInfo(path)
++        try:
++            build_info = BuildInfo(path)
++        except IncorrectDataFormatException:
++            # If we can't parse the BuildInfo, return [], which indicates no
++            # license in dir_list and will trigger a 403 error in file_server.
++            return []
++
          license_type = build_info.get("license-type")
          license_text = build_info.get("license-text")
          theme = build_info.get("theme")
@@ -250,7 +256,13 @@
      path = result[1]
      if BuildInfo.build_info_exists(path):
--        build_info = BuildInfo(path)
++        try:
++            build_info = BuildInfo(path)
++        except IncorrectDataFormatException:
++            # If we can't parse the BuildInfo. Return a HttpResponseForbidden.
++            return HttpResponseForbidden(
++                "Error parsing BUILD-INFO.txt")
++
          launchpad_teams = build_info.get("openid-launchpad-teams")
          if launchpad_teams:
              launchpad_teams = launchpad_teams.split(",")
 === added directory 'sampleroot/build-info/broken-build-info'
 === added file 'sampleroot/build-info/broken-build-info/BUILD-INFO.txt'
 --- sampleroot/build-info/broken-build-info/BUILD-INFO.txt	1970-01-01 00:00:00 +0000
 +++ sampleroot/build-info/broken-build-info/BUILD-INFO.txt	2012-08-20 15:43:35 +0000
@@ -0,0 +1,13 @@
++Format-Version: 0asdfk
++
++Files-Patternasdfjklh: *
++Build-Name: landing-snowball
++Theme: stericsson
++License-Type: protasdklfjasfected
++License-Text: <p>IMPORTANT — PLEASE READ THE FOLLOWING AGREEMENT CAREFULLY.</p>
++ <p>
++ This Agreement is a legally binding contract between you - either an
++ individual or a legal entity - (hereinafter referred to as "Licensee")
++ and ST-Ericsson SA, a company incorporated under the laws of
++ Switzerland (hereinafter referred to as "ST-Ericsson").
++ </p>
 === added file 'sampleroot/build-info/broken-build-info/test.txt'
 --- sampleroot/build-info/broken-build-info/test.txt	1970-01-01 00:00:00 +0000
 +++ sampleroot/build-info/broken-build-info/test.txt	2012-08-20 15:43:35 +0000
@@ -0,0 +1,1 @@
++This is protected with click-through Linaro license.

linaro-license-protection

Merge lp:~dooferlad/linaro-license-protection/invalid-buildinfo-403 into lp:~linaro-automation/linaro-license-protection/trunk

Commit message

Description of the change

Preview Diff

Subscribers