Skip to content
Snippets Groups Projects
Verified Commit b75eb24c authored by Frank Sauerburger's avatar Frank Sauerburger
Browse files

Protect hkp against empty query 

Closes #33
parent 0311fb53
No related branches found
No related tags found
No related merge requests found
Pipeline #9080 failed
Hide whitespace changes
Inline Side-by-side
app/hkp/tests.py
+ 13
0
View file @ b75eb24c
...@@ -46,3 +46,16 @@ class CaseSensitivityTestCase(TestCase): ...@@ -46,3 +46,16 @@ class CaseSensitivityTestCase(TestCase):
"""Check that the mixed case can be used to lookup a key""" """Check that the mixed case can be used to lookup a key"""
response = self.client.get('/pks/lookup?op=get&search=abCD') response = self.client.get('/pks/lookup?op=get&search=abCD')
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
class NotImplemented(TestCase):
"""Check that 501 is returned if the operation is not supported"""
def test_no_args(self):
"""Check that 501 is returned for no arguemnts"""
response = self.client.get('/pks/lookup')
self.assertEqual(response.status_code, 501)
def test_not_get(self):
"""Check that 501 is returned if op is not get"""
response = self.client.get('/pks/lookup?op=search')
self.assertEqual(response.status_code, 501)
app/hkp/views.py
+ 2
2
View file @ b75eb24c
...@@ -9,8 +9,8 @@ class HttpNotImplementedError(HttpResponse): ...@@ -9,8 +9,8 @@ class HttpNotImplementedError(HttpResponse):
@require_safe @require_safe
def lookup(request): def lookup(request):
op = request.GET.get('op', None) op = request.GET.get('op', "").lower()
search = request.GET.get('search', None).lower() search = request.GET.get('search', "").lower()
if op not in ["get"]: if op not in ["get"]:
return HttpNotImplementedError("Not implemented") return HttpNotImplementedError("Not implemented")
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment