Clean up the valid API parameters

The MBS submission API endpoint should not accept every parameter
that is also a column on the ModuleBuild table. There are two
reasons for this. The first is that a user should be notified if
the supplied parameter is invalid, whereas it could get silently
ignored. The second reason is that a nefarious user could pass
in specially crafted API parameters causing MBS to do something
unexpected or undesired.

module_build_service/views.py

@@ -314,6 +314,19 @@ class ImportModuleAPI(MethodView):
 
 
 class BaseHandler(object):
+    valid_params = set([
+        'branch',
+        'buildrequire_overrides',
+        'modulemd',
+        'module_name',
+        'owner',
+        'rebuild_strategy',
+        'require_overrides',
+        'scmurl',
+        'scratch',
+        'srpms'
+    ])
+
     def __init__(self, request, data=None):
         self.username, self.groups = module_build_service.auth.get_user(request)
         self.data = data or _dict_from_request(request)
@@ -361,18 +374,7 @@ class BaseHandler(object):
                     raise ValidationError(invalid_override_msg)
 
     def validate_optional_params(self):
-        module_build_columns = set([col.key for col in models.ModuleBuild.__table__.columns])
-        other_params = set([
-            'branch',
-            'buildrequire_overrides',
-            'modulemd',
-            'module_name',
-            'rebuild_strategy',
-            'require_overrides',
-        ])
-        valid_params = other_params | module_build_columns
-
-        forbidden_params = [k for k in self.data if k not in valid_params]
+        forbidden_params = [k for k in self.data if k not in self.valid_params]
         if forbidden_params:
             raise ValidationError('The request contains unspecified parameters: {}'
                                   .format(", ".join(forbidden_params)))