From b75eb24c80d4c9188140c40a4ef5cb845b1fe567 Mon Sep 17 00:00:00 2001
From: Frank Sauerburger <frank@sauerburger.com>
Date: Sun, 28 Mar 2021 20:29:25 +0200
Subject: [PATCH] Protect hkp against empty query

Closes #33
---
 app/hkp/tests.py | 13 +++++++++++++
 app/hkp/views.py |  4 ++--
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/app/hkp/tests.py b/app/hkp/tests.py
index 51852c9..d521648 100644
--- a/app/hkp/tests.py
+++ b/app/hkp/tests.py
@@ -46,3 +46,16 @@ class CaseSensitivityTestCase(TestCase):
         """Check that the mixed case can be used to lookup a key"""
         response = self.client.get('/pks/lookup?op=get&search=abCD')
         self.assertEqual(response.status_code, 200)
+
+class NotImplemented(TestCase):
+    """Check that 501 is returned if the operation is not supported"""
+
+    def test_no_args(self):
+        """Check that 501 is returned for no arguemnts"""
+        response = self.client.get('/pks/lookup')
+        self.assertEqual(response.status_code, 501)
+
+    def test_not_get(self):
+        """Check that 501 is returned if op is not get"""
+        response = self.client.get('/pks/lookup?op=search')
+        self.assertEqual(response.status_code, 501)
diff --git a/app/hkp/views.py b/app/hkp/views.py
index fa6b84a..5436322 100644
--- a/app/hkp/views.py
+++ b/app/hkp/views.py
@@ -9,8 +9,8 @@ class HttpNotImplementedError(HttpResponse):
 
 @require_safe
 def lookup(request):
-    op = request.GET.get('op', None)
-    search = request.GET.get('search', None).lower()
+    op = request.GET.get('op', "").lower()
+    search = request.GET.get('search', "").lower()
     
     if op not in ["get"]:
         return HttpNotImplementedError("Not implemented")
-- 
GitLab