diff options
| author | Liam Mitchell <[email protected]> | 2026-03-09 19:45:28 -0700 |
|---|---|---|
| committer | GitHub Enterprise <[email protected]> | 2026-03-09 19:45:28 -0700 |
| commit | 1cdea42adf7ade0e1950c69bdef2ebf6832fdc59 (patch) | |
| tree | f49a67466d076930541c9d9e0fffeb4bc73a463f /src/zenserver/storage/projectstore/httpprojectstore.cpp | |
| parent | Merge pull request #710 from ue-foundation/lm/oidctoken-exe-path (diff) | |
| parent | Merge branch 'main' into lm/restrict-content-type (diff) | |
| download | zen-1cdea42adf7ade0e1950c69bdef2ebf6832fdc59.tar.xz zen-1cdea42adf7ade0e1950c69bdef2ebf6832fdc59.zip | |
Merge pull request #752 from ue-foundation/lm/restrict-content-type
Restrict content-type on POST requests to compact binary or JSON
Diffstat (limited to 'src/zenserver/storage/projectstore/httpprojectstore.cpp')
| -rw-r--r-- | src/zenserver/storage/projectstore/httpprojectstore.cpp | 28 |
1 files changed, 26 insertions, 2 deletions
diff --git a/src/zenserver/storage/projectstore/httpprojectstore.cpp b/src/zenserver/storage/projectstore/httpprojectstore.cpp index 661eeef5c..2fa10a292 100644 --- a/src/zenserver/storage/projectstore/httpprojectstore.cpp +++ b/src/zenserver/storage/projectstore/httpprojectstore.cpp @@ -666,6 +666,7 @@ HttpProjectService::HttpProjectService(CidStore& Store, AuthMgr& AuthMgr, OpenProcessCache& InOpenProcessCache, JobQueue& InJobQueue, + bool InRestrictContentTypes, const std::filesystem::path& InOidcTokenExePath, bool InAllowExternalOidcTokenExe) : m_Log(logging::Get("project")) @@ -676,6 +677,7 @@ HttpProjectService::HttpProjectService(CidStore& Store, , m_AuthMgr(AuthMgr) , m_OpenProcessCache(InOpenProcessCache) , m_JobQueue(InJobQueue) +, m_RestrictContentTypes(InRestrictContentTypes) , m_OidcTokenExePath(InOidcTokenExePath) , m_AllowExternalOidcTokenExe(InAllowExternalOidcTokenExe) { @@ -2006,6 +2008,14 @@ HttpProjectService::HandleOpLogRequest(HttpRouterRequest& Req) { return HttpReq.WriteResponse(HttpResponseCode::InsufficientStorage); } + + if (m_RestrictContentTypes && (HttpReq.RequestContentType() == HttpContentType::kText || + HttpReq.RequestContentType() == HttpContentType::kUnknownContentType)) + { + m_ProjectStats.BadRequestCount++; + return HttpReq.WriteResponse(HttpResponseCode::BadRequest, HttpContentType::kText, "Invalid request content type"); + } + std::filesystem::path OplogMarkerPath; if (CbObject Params = HttpReq.ReadPayloadObject()) { @@ -2296,6 +2306,13 @@ HttpProjectService::HandleProjectRequest(HttpRouterRequest& Req) return HttpReq.WriteResponse(HttpResponseCode::InsufficientStorage); } + if (m_RestrictContentTypes && (HttpReq.RequestContentType() == HttpContentType::kText || + HttpReq.RequestContentType() == HttpContentType::kUnknownContentType)) + { + m_ProjectStats.BadRequestCount++; + return HttpReq.WriteResponse(HttpResponseCode::BadRequest, HttpContentType::kText, "Invalid request content type"); + } + CbValidateError ValidateResult; if (CbObject Params = ValidateAndReadCompactBinaryObject(HttpReq.ReadPayload(), ValidateResult); ValidateResult == CbValidateError::None) @@ -2711,10 +2728,17 @@ HttpProjectService::HandleRpcRequest(HttpRouterRequest& Req) CbObject Cb; switch (PayloadContentType) { - case HttpContentType::kJSON: - case HttpContentType::kUnknownContentType: case HttpContentType::kText: + case HttpContentType::kUnknownContentType: + case HttpContentType::kJSON: { + if (m_RestrictContentTypes && + (PayloadContentType == HttpContentType::kText || PayloadContentType == HttpContentType::kUnknownContentType)) + { + m_ProjectStats.BadRequestCount++; + return HttpReq.WriteResponse(HttpResponseCode::BadRequest, HttpContentType::kText, "Invalid request content type"); + } + std::string JsonText(reinterpret_cast<const char*>(Payload.GetData()), Payload.GetSize()); Cb = LoadCompactBinaryFromJson(JsonText).AsObject(); if (!Cb) |