MXS-1220: Add more validation checks to request JSON

The requests that send a body should define at least a `data` member. Added a simple test that checks that bad requests are rejected. This test should be expanded to check that the returned error body contains the correct members.
2017-05-18 15:18:59 +03:00
parent 75e7ac35ed
commit e3c4bd7f72
3 changed files with 38 additions and 5 deletions
--- a/include/maxscale/config.h
+++ b/include/maxscale/config.h
@ -37,6 +37,7 @@ MXS_BEGIN_DECLS
 #define MAX_ADMIN_HOST_LEN      1024
 /** JSON Pointers to key parts of JSON objects */
 #define MXS_JSON_PTR_DATA       "/data"
 #define MXS_JSON_PTR_ID         "/data/id"
 #define MXS_JSON_PTR_PARAMETERS "/data/attributes/parameters"
--- a/server/core/config_runtime.cc
+++ b/server/core/config_runtime.cc
@ -843,6 +843,12 @@ static inline const char* string_or_null(json_t* json, const char* path)
    return rval;
 }
 /** Check that the body at least defies a data member */
 static bool is_valid_resource_body(json_t* json)
 {
    return mxs_json_pointer(json, MXS_JSON_PTR_DATA);
 }
 static bool server_contains_required_fields(json_t* json)
 {
    json_t* id = mxs_json_pointer(json, MXS_JSON_PTR_ID);
@ -911,7 +917,8 @@ SERVER* runtime_create_server_from_json(json_t* json)
 {
    SERVER* rval = NULL;
-    if (server_contains_required_fields(json))
+    if (is_valid_resource_body(json) &&
        server_contains_required_fields(json))
    {
        const char* name = json_string_value(mxs_json_pointer(json, MXS_JSON_PTR_ID));
        const char* address = json_string_value(mxs_json_pointer(json, MXS_JSON_PTR_PARAM_ADDRESS));
@ -987,7 +994,8 @@ bool runtime_alter_server_from_json(SERVER* server, json_t* new_json)
    Closer<json_t*> old_json(server_to_json(server, ""));
    ss_dassert(old_json.get());
-    if (server_to_object_relations(server, old_json.get(), new_json))
+    if (is_valid_resource_body(new_json) &&
        server_to_object_relations(server, old_json.get(), new_json))
    {
        rval = true;
        json_t* parameters = mxs_json_pointer(new_json, MXS_JSON_PTR_PARAMETERS);
@ -1043,7 +1051,8 @@ static bool validate_monitor_json(json_t* json)
    bool rval = false;
    json_t* value;
-    if ((value = mxs_json_pointer(json, MXS_JSON_PTR_ID)) && json_is_string(value) &&
+    if (is_valid_resource_body(json) &&
        (value = mxs_json_pointer(json, MXS_JSON_PTR_ID)) && json_is_string(value) &&
        (value = mxs_json_pointer(json, MXS_JSON_PTR_MODULE)) && json_is_string(value))
    {
        set<string> relations;
@ -1158,7 +1167,8 @@ bool runtime_alter_monitor_from_json(MXS_MONITOR* monitor, json_t* new_json)
    Closer<json_t*> old_json(monitor_to_json(monitor, ""));
    ss_dassert(old_json.get());
-    if (object_to_server_relations(monitor->name, old_json.get(), new_json))
+    if (is_valid_resource_body(new_json) &&
        object_to_server_relations(monitor->name, old_json.get(), new_json))
    {
        rval = true;
        bool changed = false;
@ -1223,7 +1233,8 @@ bool runtime_alter_service_from_json(SERVICE* service, json_t* new_json)
    Closer<json_t*> old_json(service_to_json(service, ""));
    ss_dassert(old_json.get());
-    if (object_to_server_relations(service->name, old_json.get(), new_json))
+    if (is_valid_resource_body(new_json) &&
        object_to_server_relations(service->name, old_json.get(), new_json))
    {
        bool changed = false;
        json_t* parameters = mxs_json_pointer(new_json, MXS_JSON_PTR_PARAMETERS);
--- a/server/core/test/rest-api/test/errors.js
+++ b/server/core/test/rest-api/test/errors.js
@ -0,0 +1,21 @@
 require("../utils.js")()
 describe("Errors", function()
 {
    before(startMaxScale)
    it("error on invalid PUT request", function()
    {
        return request.put(base_url + "/servers/server1", { json: {this_is: "a test"}})
               .should.be.rejected
    })
    it("error on invalid POST request", function()
    {
        return request.post(base_url + "/servers", { json: {this_is: "a test"}})
               .should.be.rejected
    })
    after(stopMaxScale)
 });