Validate CAP against the spec

This gives us some extra confidence that there aren’t any problems with the data we’re getting from the other service. It doesn’t address any specific problems we’ve seen, rather it seems like a sensible precaution to take.
2026-01-31 06:52:06 -05:00 · 2021-01-18 10:01:47 +00:00
parent 38f07db23e
commit 26871eeacc
6 changed files with 274 additions and 5 deletions
--- a/app/v2/broadcast/post_broadcast.py
+++ b/app/v2/broadcast/post_broadcast.py
@@ -8,6 +8,8 @@ from app.models import BROADCAST_TYPE, BroadcastMessage, BroadcastStatusType
 from app.schema_validation import validate
 from app.v2.broadcast import v2_broadcast_blueprint
 from app.v2.broadcast.broadcast_schemas import post_broadcast_schema
+from app.v2.errors import BadRequestError
+from app.xml_schemas import validate_xml


@v2_broadcast_blueprint.route("", methods=['POST'])
@@ -21,7 +23,13 @@ def create_broadcast():
    if request.content_type == 'application/json':
        broadcast_json = request.get_json()
    elif request.content_type == 'application/cap+xml':
-        broadcast_json = cap_xml_to_dict(request.get_data(as_text=True))
+        cap_xml = request.get_data(as_text=True)
+        if not validate_xml(cap_xml, 'CAP-v1.2.xsd'):
+            raise BadRequestError(
+                message=f'Request data is not valid CAP XML',
+                status_code=400,
+            )
+        broadcast_json = cap_xml_to_dict(cap_xml)
    else:
        raise BadRequestError(
            message=f'Content type {request.content_type} not supported',