Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🩹 Fix: handle un-matched open brackets in the query params #3121

Merged
merged 4 commits into from
Sep 6, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 17 additions & 4 deletions ctx.go
Original file line number Diff line number Diff line change
Expand Up @@ -1306,15 +1306,24 @@ func parseParamSquareBrackets(k string) (string, error) {
defer bytebufferpool.Put(bb)

kbytes := []byte(k)
openBracketsCount := 0

for i, b := range kbytes {
if b == '[' && kbytes[i+1] != ']' {
if err := bb.WriteByte('.'); err != nil {
return "", fmt.Errorf("failed to write: %w", err)
if b == '[' {
openBracketsCount++
if i+1 < len(kbytes) && kbytes[i+1] != ']' {
if err := bb.WriteByte('.'); err != nil {
return "", fmt.Errorf("failed to write: %w", err)
}
}
continue
}

if b == '[' || b == ']' {
if b == ']' {
openBracketsCount--
if openBracketsCount < 0 {
return "", errors.New("unmatched brackets")
}
continue
}

Expand All @@ -1323,6 +1332,10 @@ func parseParamSquareBrackets(k string) (string, error) {
}
}

if openBracketsCount > 0 {
return "", errors.New("unmatched brackets")
}

return bb.String(), nil
}

Expand Down
8 changes: 8 additions & 0 deletions ctx_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -4508,6 +4508,10 @@ func Test_Ctx_QueryParser(t *testing.T) {
utils.AssertEqual(t, nil, c.QueryParser(empty))
utils.AssertEqual(t, 0, len(empty.Hobby))

c.Request().URI().SetQueryString("id=1&name[=tom")
q = new(Query)
utils.AssertEqual(t, "unmatched brackets", c.QueryParser(q).Error())
Comment on lines +4511 to +4513
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Duplicate test for unmatched brackets in query parameters.

The test cases at lines 4511-4513 and 4797-4799 are duplicates, testing the same functionality of checking for unmatched brackets in query parameters. Consider consolidating these tests or ensuring they cover different scenarios to avoid redundancy in the test suite.

Also applies to: 4797-4799


type Query2 struct {
Bool bool
ID int
Expand Down Expand Up @@ -4790,6 +4794,10 @@ func Test_Ctx_QueryParser_Schema(t *testing.T) {
utils.AssertEqual(t, "doe", cq.Data[1].Name)
utils.AssertEqual(t, 12, cq.Data[1].Age)

c.Request().URI().SetQueryString("data[0][name]=john&data[0][age]=10&data[1]name]=doe&data[1][age]=12")
cq = new(CollectionQuery)
utils.AssertEqual(t, "unmatched brackets", c.QueryParser(cq).Error())

c.Request().URI().SetQueryString("data.0.name=john&data.0.age=10&data.1.name=doe&data.1.age=12")
cq = new(CollectionQuery)
utils.AssertEqual(t, nil, c.QueryParser(cq))
Expand Down
Loading