catarrh/pysim
1
0
Fork 0
mirror of https://gitea.osmocom.org/sim-card/pysim.git synced 2026-03-16 18:38:32 +03:00
Code Issues Packages Projects Releases Wiki Activity

smdpp: verify request headers

Browse Source 
Change-Id: Ic1221bcb87a9975a013ab356266d3cb76d9241f1
This commit is contained in:
Eric Wild
2025-06-13 19:59:17 +02:00
committed by Hoernchen
parent 9572cbdb61
commit 5316f2b1cc
1 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
osmo-smdpp.py
View File

@@ -54,6 +54,16 @@ def set_headers(request: IRequest):
request.setHeader('Content-Type', 'application/json;charset=UTF-8') request.setHeader('Content-Type', 'application/json;charset=UTF-8')
request.setHeader('X-Admin-Protocol', 'gsma/rsp/v2.1.0') request.setHeader('X-Admin-Protocol', 'gsma/rsp/v2.1.0')
def validate_request_headers(request: IRequest):
"""Validate mandatory HTTP headers according to SGP.22."""
content_type = request.getHeader('Content-Type')
if not content_type or not content_type.startswith('application/json'):
raise ApiError('1.2.1', '2.1', 'Invalid Content-Type header')
admin_protocol = request.getHeader('X-Admin-Protocol')
if admin_protocol and not admin_protocol.startswith('gsma/rsp/v'):
raise ApiError('1.2.2', '2.1', 'Unsupported X-Admin-Protocol version')
def build_status_code(subject_code: str, reason_code: str, subject_id: Optional[str], message: Optional[str]) -> Dict: def build_status_code(subject_code: str, reason_code: str, subject_id: Optional[str], message: Optional[str]) -> Dict:
r = {'subjectCode': subject_code, 'reasonCode': reason_code } r = {'subjectCode': subject_code, 'reasonCode': reason_code }
if subject_id: if subject_id:
@@ -179,8 +189,7 @@ class SmDppHttpServer:
functionality, such as JSON decoding/encoding and debug-printing.""" functionality, such as JSON decoding/encoding and debug-printing."""
@functools.wraps(func) @functools.wraps(func)
def _api_wrapper(self, request: IRequest): def _api_wrapper(self, request: IRequest):
# TODO: evaluate User-Agent + X-Admin-Protocol header validate_request_headers(request)
# TODO: reject any non-JSON Content-type
content = json.loads(request.content.read()) content = json.loads(request.content.read())
print("Rx JSON: %s" % json.dumps(content)) print("Rx JSON: %s" % json.dumps(content))