Commit e4a6e145 authored by Volker Krause's avatar Volker Krause
Browse files

Improved input validation for sample data

parent 82e1fc8c
......@@ -98,6 +98,11 @@ class Sample
public static function insert(DataStore $db, $jsonData, Product $product)
{
$jsonObj = json_decode($jsonData);
if (!is_object($jsonObj))
throw new RESTException('Invalid sample data format.', 400);
if (property_exists($jsonObj, 'id') || property_exists($jsonObj, 'timestamp'))
throw new RESTException('Invalid sample data.', 400);
$sampleId = self::insertScalar($db, $jsonObj, $product);
foreach ($product->schema as $entry) {
......
......@@ -109,4 +109,27 @@ class SurveyTest extends PHPUnit_Extensions_Database_TestCase
$this->assertObjectHasAttribute('key1', $d01);
$this->assertObjectHasAttribute('key2', $d01);
}
public function testInvalidInsert_data()
{
return [
'empty' => [ '' ],
'array' => [ '[]' ],
'missing id' => [ '{ "timestamp": "2016-12-18 12:42:35" }' ],
'missing timestamp' => [ '{ "id": 42 }' ]
];
}
/**
* @dataProvider testInvalidInsert_data
* @expectedException RESTException
* @exceptedExceptionCode 400
*/
public function testInvalidInsert($input)
{
$p = Product::productByName(self::$db, 'org.kde.UnitTest');
$this->assertNotNull($p);
Sample::insert(self::$db, $input, $p);
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment