[tor-commits] [oonib/master] Refuse creating new reports if the policy is violated.

art at torproject.org art at torproject.org
Wed Sep 11 09:13:52 UTC 2013 

commit 98356357980bf134c3af9b02ba5b01bb570b60a2
Author: Arturo Filastò <art at fuffa.org>
Date:   Mon Aug 19 15:00:02 2013 +0200

    Refuse creating new reports if the policy is violated.
    
    * Move all errors into a dedicated module
    * Add missing __init__.py for nettest handler
---
 oonib/errors.py          |   40 ++++++++++++++++++++++++++++++++++++++++
 oonib/handlers.py        |    3 ---
 oonib/report/handlers.py |   39 ++++++++++++++++++++++++++++++---------
 3 files changed, 70 insertions(+), 12 deletions(-)

diff --git a/oonib/errors.py b/oonib/errors.py
new file mode 100644
index 0000000..24a06fc
--- /dev/null
+++ b/oonib/errors.py
@@ -0,0 +1,40 @@
+from cyclone.web import HTTPError
+
+class OONIBError(HTTPError):
+    pass
+
+class InvalidInputHash(OONIBError):
+    status_code = 400
+    log_message = 'invalid-input-hash'
+
+class InvalidNettestName(OONIBError):
+    status_code = 400
+    log_message = 'invalid-nettest-name'
+
+class InputHashNotProvided(OONIBError):
+    status_code = 400
+    log_message = 'input-hash-not-provided'
+
+class InvalidRequestField(OONIBError):
+    def __init__(self, field_name):
+        self.status_code = 400
+        self.log_message = "invalid-request-field %s" % field_name
+
+class MissingRequestField(OONIBError):
+    def __init__(self, field_name):
+        self.status_code = 400
+        self.log_message = "missing-request-field %s" % field_name
+
+class MissingReportHeaderKey(OONIBError):
+    def __init__(self, key):
+        self.status_code = 406
+        self.log_message = "missing-report-header-key %s" % key
+
+class InvalidReportHeader(OONIBError):
+    def __init__(self, key):
+        self.status_code = 406
+        self.log_message = "invalid-report-header %s" % key
+
+class ReportNotFound(OONIBError):
+    status_code = 404
+    log_message = "report-not-found"
diff --git a/oonib/handlers.py b/oonib/handlers.py
index 515e8c2..033a69f 100644
--- a/oonib/handlers.py
+++ b/oonib/handlers.py
@@ -15,6 +15,3 @@ class OONIBHandler(web.RequestHandler):
             self.set_header("Content-Type", "application/json")
         else:
             web.RequestHandler.write(self, chunk)
-
-class OONIBError(web.HTTPError):
-    pass
diff --git a/oonib/nettest/__init__.py b/oonib/nettest/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/oonib/report/handlers.py b/oonib/report/handlers.py
index 05949e6..6dd5ec4 100644
--- a/oonib/report/handlers.py
+++ b/oonib/report/handlers.py
@@ -3,7 +3,9 @@ import string
 import time
 import yaml
 
+from oonib import errors as e
 from oonib.handlers import OONIBHandler
+from oonib.policy.handlers import Policy
 
 from datetime import datetime
 from oonib import randomStr, otime, config, log
@@ -121,6 +123,14 @@ class NewReportHandlerFile(OONIBHandler):
     Responsible for creating and updating reports by writing to flat file.
     """
 
+    def checkPolicy(self):
+        policy = Policy()
+        if not self.inputHash in policy.input.values():
+            raise e.InvalidInputHash
+        if self.testName not in policy.nettest.keys():
+            raise e.InvalidNettestName
+        # XXX add support for version checking too.
+
     def post(self):
         """
         Creates a new report with the input
@@ -164,16 +174,27 @@ class NewReportHandlerFile(OONIBHandler):
         try:
             report_data = parseNewReportRequest(self.request.body)
         except InvalidRequestField, e:
-            raise OONIBError(400, "Invalid Request Field %s" % e)
+            raise e.InvalidRequestField(e)
         except MissingField, e:
-            raise OONIBError(400, "Missing Request Field %s" % e)
+            raise e.MissingRequestField(e)
+
+        log.debug("Parsed this data %s" % report_data)
 
-        print "Parsed this data %s" % report_data
         software_name = report_data['software_name']
         software_version = report_data['software_version']
-        test_name = report_data['test_name']
-        test_version = report_data['test_version']
+
         probe_asn = report_data['probe_asn']
+
+        self.testName = report_data['test_name']
+        self.testVersion = report_data['test_version']
+       
+        if config.main.policy_file:
+            try:
+                self.inputHash = report_data['input_hash']
+            except KeyError:
+                raise e.InputHashNotProvided
+            self.checkPolicy()
+
         content = yaml.safe_load(report_data['content'])
         content['backend_version'] = config.backend_version
 
@@ -181,10 +202,10 @@ class NewReportHandlerFile(OONIBHandler):
             report_header = validate_report_header(content)
 
         except MissingReportHeaderKey, key:
-            raise OONIBError(406, "Missing report header key %s" % key)
+            raise e.MissingReportHeaderKey(key)
 
         except InvalidReportHeader, key:
-            raise OONIBError(406, "Invalid report header %s" % key)
+            raise e.InvalidReportHeaderKey(key)
 
         report_header = yaml.dump(report_header)
         content = "---\n" + report_header + '...\n'
@@ -245,7 +266,7 @@ class NewReportHandlerFile(OONIBHandler):
                 fdesc.setNonBlocking(fd.fileno())
                 fdesc.writeToFD(fd.fileno(), data)
         except IOError as e:
-            OONIBError(404, "Report not found")
+            e.OONIBError(404, "Report not found")
 
 class ReportNotFound(Exception):
     pass
@@ -281,7 +302,7 @@ class CloseReportHandlerFile(OONIBHandler):
         try:
             close_report(report_id)
         except ReportNotFound:
-            OONIBError(404, "Report not found")
+            e.ReportNotFound
 
 class PCAPReportHandler(OONIBHandler):
     def get(self):

More information about the tor-commits mailing list