couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rnew...@apache.org
Subject [16/50] chttpd commit: updated refs/heads/master to 58020ab
Date Thu, 28 Aug 2014 11:59:39 GMT
Validate _bulk_docs POST bodies

This patch supplies some necessary input validation that
couch_doc:from_json_obj/1 can't provide. It eliminates spurious HTTP
500s and stacktraces from _bulk_docs POST bodies of the following
invalid formats:

    {"docs": {"_id": "foo"}}
    {"_id": "foo"}

BugzID: 21746


Project: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/commit/b71d3112
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/tree/b71d3112
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/diff/b71d3112

Branch: refs/heads/master
Commit: b71d3112286ef00d458c1d858c437ee6a3432358
Parents: 440f5a0
Author: Benjamin Anderson <b@banjiewen.net>
Authored: Fri Aug 16 15:09:59 2013 -0700
Committer: Robert Newson <rnewson@apache.org>
Committed: Tue Jul 29 18:06:28 2014 +0100

----------------------------------------------------------------------
 src/chttpd_db.erl | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/blob/b71d3112/src/chttpd_db.erl
----------------------------------------------------------------------
diff --git a/src/chttpd_db.erl b/src/chttpd_db.erl
index 57b0c4f..7d27bd9 100644
--- a/src/chttpd_db.erl
+++ b/src/chttpd_db.erl
@@ -302,7 +302,14 @@ db_req(#httpd{method='POST',path_parts=[_,<<"_bulk_docs">>],
user_ctx=Ctx}=Req,
     couch_stats_collector:increment({httpd, bulk_requests}),
     couch_httpd:validate_ctype(Req, "application/json"),
     {JsonProps} = chttpd:json_body_obj(Req),
-    DocsArray = couch_util:get_value(<<"docs">>, JsonProps),
+    DocsArray = case couch_util:get_value(<<"docs">>, JsonProps) of
+    undefined ->
+        throw({bad_request, <<"POST body must include `docs` parameter.">>});
+    DocsArray0 when not is_list(DocsArray0) ->
+        throw({bad_request, <<"`docs` parameter must be an array.">>});
+    DocsArray0 ->
+        DocsArray0
+    end,
     W = case couch_util:get_value(<<"w">>, JsonProps) of
     Value when is_integer(Value) ->
         integer_to_list(Value);


Mime
View raw message