diff --git a/search_service/api/table.py b/search_service/api/table.py index 560c409e..cd896461 100644 --- a/search_service/api/table.py +++ b/search_service/api/table.py @@ -160,10 +160,15 @@ def post(self) -> Iterable[Any]: msg = 'The search request payload is not available in the request' return {'message': msg}, HTTPStatus.BAD_REQUEST + query_term = args.get('query_term') # type: str + if ':' in query_term: + msg = 'The query term contains an invalid character' + return {'message': msg}, HTTPStatus.BAD_REQUEST + try: results = self.proxy.fetch_table_search_results_with_filter( search_request=search_request, - query_term=args.get('query_term'), + query_term=query_term, page_index=page_index, index=args['index'] ) diff --git a/setup.py b/setup.py index 0711e9d4..9fcbee4e 100644 --- a/setup.py +++ b/setup.py @@ -2,7 +2,7 @@ from setuptools import setup, find_packages -__version__ = '2.1.3' +__version__ = '2.1.4' requirements_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'requirements.txt') with open(requirements_path) as requirements_file: diff --git a/tests/unit/api/table/test_search_table_filter.py b/tests/unit/api/table/test_search_table_filter.py index 64c85457..16f52d55 100644 --- a/tests/unit/api/table/test_search_table_filter.py +++ b/tests/unit/api/table/test_search_table_filter.py @@ -48,3 +48,14 @@ def test_post_return_400_if_no_search_request(self, get_proxy, RequestParser) -> response = self.app.test_client().post(self.url) self.assertEqual(response.status_code, HTTPStatus.BAD_REQUEST) + + @patch('search_service.api.document.reqparse.RequestParser') + @patch('search_service.api.table.get_proxy_client') + def test_post_return_400_if_bad_query_term(self, get_proxy, RequestParser) -> None: + RequestParser().parse_args.return_value = dict(index=self.mock_index, + page_index=self.mock_page_index, + query_term='column:bad_syntax', + search_request=self.mock_search_request) + + response = self.app.test_client().post(self.url) + self.assertEqual(response.status_code, HTTPStatus.BAD_REQUEST)