Skip to content

Commit

Permalink
fix(plugins/grpc-gateway):handle json decode error safely(#10028)
Browse files Browse the repository at this point in the history
  • Loading branch information
beardnick committed May 1, 2024
1 parent 7a1d8d2 commit f9e1cb8
Show file tree
Hide file tree
Showing 3 changed files with 24 additions and 3 deletions.
7 changes: 5 additions & 2 deletions kong/plugins/grpc-gateway/deco.lua
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
-- Copyright (c) Kong Inc. 2020

local cjson = require "cjson"
local cjson = require "cjson.safe".new()
local buffer = require "string.buffer"
local pb = require "pb"
local grpc_tools = require "kong.tools.grpc"
Expand Down Expand Up @@ -227,7 +227,10 @@ function deco:upstream(body)
local body_variable = self.endpoint.body_variable
if body_variable then
if body and #body > 0 then
local body_decoded = decode_json(body)
local body_decoded, err = decode_json(body)
if err then
return nil, err
end
if body_variable ~= "*" then
--[[
// For HTTP methods that allow a request body, the `body` field
Expand Down
2 changes: 1 addition & 1 deletion kong/plugins/grpc-gateway/handler.lua
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,7 @@ function grpc_gateway:body_filter(conf)
if not ret or #ret == 0 then
if ngx_arg[2] then
-- it's eof and we still cannot decode, fall through
ret = deco:get_raw_downstream_body()
ret = dec:get_raw_downstream_body()
else
-- clear output if we cannot decode, it could be body is not complete yet
ret = nil
Expand Down
18 changes: 18 additions & 0 deletions spec/03-plugins/28-grpc-gateway/01-proxy_spec.lua
Original file line number Diff line number Diff line change
Expand Up @@ -208,6 +208,24 @@ for _, strategy in helpers.each_strategy() do
assert.equal(400, res.status)
end)

test("invalid json", function()
local res, _ = proxy_client:post("/bounce", {
headers = { ["Content-Type"] = "application/json" },
body = [[{"message":"invalid}]]
})
assert.equal(400, res.status)
assert.same(res:read_body(),"Expected value but found unexpected end of string at character 21")
end)

test("field type mismatch", function()
local res, _ = proxy_client:post("/bounce", {
headers = { ["Content-Type"] = "application/json" },
body = [[{"message":1}]]
})
assert.equal(400, res.status)
assert.same(res:read_body(),"failed to encode payload")
end)

describe("regression", function()
test("empty array in json #10801", function()
local req_body = { array = {}, nullable = "ahaha" }
Expand Down

0 comments on commit f9e1cb8

Please sign in to comment.