[Kimchi-devel] [PATCH] [WoK] Fixing WoK match in search queries

[dhbarboza82 at gmail.com]

From: Daniel Henrique Barboza <dhbarboza82 at gmail.com>

Prior to this patch, supposing an example with the VMs API
of Kimchi, we could send a GET request like this:

/plugins/kimchi/vms?state=thisisnotrunning

and get as a answer all the VMs with state=running. The reason
was that WoK was doing a membership verification in the input
value even if the value isn't a list and, in this case,
'running' in 'thisisnotrunning' was returning True  and the
VM would be added to the returned results.

This also impacted regular expressions with negative lookahead.
Using the same API mentioned above, a search query like
'state=^(?!running).*$' would return all VMs because if
state was not 'running' it would match this regex and, if
it was 'running', it would match this membership rule because
'running' in '^(?!running).*$' returns True.

Signed-off-by: Daniel Henrique Barboza <dhbarboza82 at gmail.com>
---
 src/wok/control/base.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/wok/control/base.py b/src/wok/control/base.py
index f314d18..29b43ac 100644
--- a/src/wok/control/base.py
+++ b/src/wok/control/base.py
@@ -392,8 +392,9 @@ class Collection(object):
                 continue
 
             if all(key in res.data and
-                   (res.data[key] == val or res.data[key] in val or
-                    re.match(str(val), res.data[key]))
+                   (res.data[key] == val or
+                    re.match(str(val), res.data[key]) or
+                    (isinstance(val, list) and res.data[key] in val))
                    for key, val in fields_filter.iteritems()):
                 data.append(res.data)
         return data
-- 
2.5.5