[aws|compute] Test for more invalid security group request input when mocking.

2022-11-09 13:51:43 -05:00 · 2011-10-28 14:59:58 -03:00 · 2011-10-28 14:59:58 -03:00 · f3697b6fe7
commit f3697b6fe7
parent 99704bd415
3 changed files with 46 additions and 0 deletions
--- a/lib/fog/aws/requests/compute/authorize_security_group_ingress.rb
+++ b/lib/fog/aws/requests/compute/authorize_security_group_ingress.rb
@ -91,6 +91,8 @@ module Fog
            group_name = options.delete('GroupName')
          end

+          verify_permission_options(options)
+
          response = Excon::Response.new
          group = self.data[:security_groups][group_name]

@ -131,6 +133,24 @@ module Fog

        private

+        def verify_permission_options(options)
+          if options.empty?
+            raise Fog::Compute::AWS::Error.new("InvalidRequest => The request received was invalid.")
+          end
+          if options['IpProtocol'] && !['tcp', 'udp', 'icmp'].include?(options['IpProtocol'])
+            raise Fog::Compute::AWS::Error.new("InvalidPermission.Malformed => Unsupported IP protocol \"#{options['IpProtocol']}\"  - supported: [tcp, udp, icmp]")
+          end
+          if options['IpProtocol'] && (!options['FromPort'] || !options['ToPort'])
+            raise Fog::Compute::AWS::Error.new("InvalidPermission.Malformed => TCP/UDP port (-1) out of range")
+          end
+          if options.has_key?('IpPermissions')
+            if !options['IpPermissions'].is_a?(Array) || options['IpPermissions'].empty?
+              raise Fog::Compute::AWS::Error.new("InvalidRequest => The request received was invalid.")
+            end
+            options['IpPermissions'].each {|p| verify_permission_options(p) }
+          end
+        end
+
        def normalize_permissions(options)
          normalized_permissions = []

--- a/lib/fog/aws/requests/compute/revoke_security_group_ingress.rb
+++ b/lib/fog/aws/requests/compute/revoke_security_group_ingress.rb
@ -68,6 +68,8 @@ module Fog
            group_name = options.delete('GroupName')
          end

+          verify_permission_options(options)
+
          response = Excon::Response.new
          group = self.data[:security_groups][group_name]

--- a/tests/aws/requests/compute/security_group_tests.rb
+++ b/tests/aws/requests/compute/security_group_tests.rb
@ -301,6 +301,30 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
      Fog::Compute[:aws].delete_security_group(@other_security_group.name)
    end

+    broken_params = [
+      {},
+      { "IpProtocol" => "what" },
+      { "IpProtocol" => "tcp" },
+      { "IpProtocol" => "what", "FromPort" => 1, "ToPort" => 1 },
+    ]
+    broken_params += broken_params.map do |broken_params_item|
+      { "IpPermissions" => [broken_params_item] }
+    end
+    broken_params += [
+      { "IpPermissions" => [] },
+      { "IpPermissions" => nil }
+    ]
+
+    broken_params.each do |broken_params_item|
+      tests("#authorize_security_group_ingress('fog_security_group', #{broken_params_item.inspect})").raises(Fog::Compute::AWS::Error) do
+        Fog::Compute[:aws].authorize_security_group_ingress('fog_security_group', broken_params_item)
+      end
+
+      tests("#revoke_security_group_ingress('fog_security_group', #{broken_params_item.inspect})").raises(Fog::Compute::AWS::Error) do
+        Fog::Compute[:aws].revoke_security_group_ingress('fog_security_group', broken_params_item)
+      end
+    end
+
    tests("#revoke_security_group_ingress('not_a_group_name', {'FromPort' => 80, 'IpProtocol' => 'tcp', 'toPort' => 80})").raises(Fog::Compute::AWS::NotFound) do
      Fog::Compute[:aws].revoke_security_group_ingress(
        'not_a_group_name',