diff --git a/api/http/api.go b/api/http/api.go index bf936fea904..0c83192b72c 100644 --- a/api/http/api.go +++ b/api/http/api.go @@ -433,6 +433,11 @@ func (self *HttpServer) createDatabase(w libhttp.ResponseWriter, r *libhttp.Requ if err != nil { return libhttp.StatusBadRequest, err.Error() } + if !isValidDbName(createRequest.Name) { + m := "Unable to create database without name" + log.Error(m) + return libhttp.StatusBadRequest, m + } err = self.coordinator.CreateDatabase(user, createRequest.Name) if err != nil { log.Error("Cannot create database %s. Error: %s", createRequest.Name, err) @@ -443,6 +448,10 @@ func (self *HttpServer) createDatabase(w libhttp.ResponseWriter, r *libhttp.Requ }) } +func isValidDbName(name string) bool { + return strings.TrimSpace(name) != "" +} + func (self *HttpServer) dropDatabase(w libhttp.ResponseWriter, r *libhttp.Request) { self.tryAsClusterAdmin(w, r, func(user User) (int, interface{}) { name := r.URL.Query().Get(":name") diff --git a/api/http/api_test.go b/api/http/api_test.go index bc540027300..62b624fcc76 100644 --- a/api/http/api_test.go +++ b/api/http/api_test.go @@ -639,6 +639,23 @@ func (self *ApiSuite) TestCreateDatabase(c *C) { c.Assert(self.coordinator.db, Equals, "foo") } +func (self *ApiSuite) TestCreateDatabaseNameFailures(c *C) { + data := map[string]string{ + `{"name": ""}`: "Unable to create database without name", + `{}`: "Unable to create database without name", + `{"not_name": "bar"}`: "Unable to create database without name", + `{"name": " "}`: "Unable to create database without name"} + for k, v := range data { + addr := self.formatUrl("/db?u=root&p=root") + resp, err := libhttp.Post(addr, "application/json", bytes.NewBufferString(k)) + c.Assert(err, IsNil) + m, err := ioutil.ReadAll(resp.Body) + c.Assert(err, IsNil) + c.Assert(v, Equals, string(m)) + c.Assert(resp.StatusCode, Equals, libhttp.StatusBadRequest) + } +} + func (self *ApiSuite) TestDropDatabase(c *C) { addr := self.formatUrl("/db/foo?u=root&p=root") req, err := libhttp.NewRequest("DELETE", addr, nil)