laforge has submitted this change. ( https://gerrit.osmocom.org/c/pysim/+/40466?usp=email )
(
5 is the latest approved patch-set. No files were changed between the latest approved patch-set and the submitted one. )Change subject: smdpp: verify request headers ......................................................................
smdpp: verify request headers
Change-Id: Ic1221bcb87a9975a013ab356266d3cb76d9241f1 --- M osmo-smdpp.py 1 file changed, 11 insertions(+), 2 deletions(-)
Approvals: Jenkins Builder: Verified dexter: Looks good to me, approved laforge: Looks good to me, but someone else must approve
diff --git a/osmo-smdpp.py b/osmo-smdpp.py index 9328b99..16c0386 100755 --- a/osmo-smdpp.py +++ b/osmo-smdpp.py @@ -54,6 +54,16 @@ request.setHeader('Content-Type', 'application/json;charset=UTF-8') request.setHeader('X-Admin-Protocol', 'gsma/rsp/v2.1.0')
+def validate_request_headers(request: IRequest): + """Validate mandatory HTTP headers according to SGP.22.""" + content_type = request.getHeader('Content-Type') + if not content_type or not content_type.startswith('application/json'): + raise ApiError('1.2.1', '2.1', 'Invalid Content-Type header') + + admin_protocol = request.getHeader('X-Admin-Protocol') + if admin_protocol and not admin_protocol.startswith('gsma/rsp/v'): + raise ApiError('1.2.2', '2.1', 'Unsupported X-Admin-Protocol version') + def build_status_code(subject_code: str, reason_code: str, subject_id: Optional[str], message: Optional[str]) -> Dict: r = {'subjectCode': subject_code, 'reasonCode': reason_code } if subject_id: @@ -179,8 +189,7 @@ functionality, such as JSON decoding/encoding and debug-printing.""" @functools.wraps(func) def _api_wrapper(self, request: IRequest): - # TODO: evaluate User-Agent + X-Admin-Protocol header - # TODO: reject any non-JSON Content-type + validate_request_headers(request)
content = json.loads(request.content.read()) print("Rx JSON: %s" % json.dumps(content))