You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by rn...@apache.org on 2014/08/28 13:59:39 UTC

[16/50] chttpd commit: updated refs/heads/master to 58020ab

Validate _bulk_docs POST bodies

This patch supplies some necessary input validation that
couch_doc:from_json_obj/1 can't provide. It eliminates spurious HTTP
500s and stacktraces from _bulk_docs POST bodies of the following
invalid formats:

    {"docs": {"_id": "foo"}}
    {"_id": "foo"}

BugzID: 21746


Project: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/commit/b71d3112
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/tree/b71d3112
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/diff/b71d3112

Branch: refs/heads/master
Commit: b71d3112286ef00d458c1d858c437ee6a3432358
Parents: 440f5a0
Author: Benjamin Anderson <b...@banjiewen.net>
Authored: Fri Aug 16 15:09:59 2013 -0700
Committer: Robert Newson <rn...@apache.org>
Committed: Tue Jul 29 18:06:28 2014 +0100

----------------------------------------------------------------------
 src/chttpd_db.erl | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/blob/b71d3112/src/chttpd_db.erl
----------------------------------------------------------------------
diff --git a/src/chttpd_db.erl b/src/chttpd_db.erl
index 57b0c4f..7d27bd9 100644
--- a/src/chttpd_db.erl
+++ b/src/chttpd_db.erl
@@ -302,7 +302,14 @@ db_req(#httpd{method='POST',path_parts=[_,<<"_bulk_docs">>], user_ctx=Ctx}=Req,
     couch_stats_collector:increment({httpd, bulk_requests}),
     couch_httpd:validate_ctype(Req, "application/json"),
     {JsonProps} = chttpd:json_body_obj(Req),
-    DocsArray = couch_util:get_value(<<"docs">>, JsonProps),
+    DocsArray = case couch_util:get_value(<<"docs">>, JsonProps) of
+    undefined ->
+        throw({bad_request, <<"POST body must include `docs` parameter.">>});
+    DocsArray0 when not is_list(DocsArray0) ->
+        throw({bad_request, <<"`docs` parameter must be an array.">>});
+    DocsArray0 ->
+        DocsArray0
+    end,
     W = case couch_util:get_value(<<"w">>, JsonProps) of
     Value when is_integer(Value) ->
         integer_to_list(Value);