aboutsummaryrefslogtreecommitdiff
path: root/src/zenserver/storage
diff options
context:
space:
mode:
authorLiam Mitchell <[email protected]>2026-02-11 18:08:07 -0800
committerLiam Mitchell <[email protected]>2026-02-11 18:08:07 -0800
commit7455abd9e0121116fc002029d709a7cf410b4195 (patch)
tree70491fe475fa578dfb539e93e399b4f080762553 /src/zenserver/storage
parentreduce lock time for project store gc precache and gc validate (#750) (diff)
downloadzen-7455abd9e0121116fc002029d709a7cf410b4195.tar.xz
zen-7455abd9e0121116fc002029d709a7cf410b4195.zip
Restrict content-type on POST requests to compact binary or JSON
Diffstat (limited to 'src/zenserver/storage')
-rw-r--r--src/zenserver/storage/projectstore/httpprojectstore.cpp17
1 files changed, 15 insertions, 2 deletions
diff --git a/src/zenserver/storage/projectstore/httpprojectstore.cpp b/src/zenserver/storage/projectstore/httpprojectstore.cpp
index 416e2ed69..575bf4354 100644
--- a/src/zenserver/storage/projectstore/httpprojectstore.cpp
+++ b/src/zenserver/storage/projectstore/httpprojectstore.cpp
@@ -1866,6 +1866,14 @@ HttpProjectService::HandleOpLogRequest(HttpRouterRequest& Req)
{
return HttpReq.WriteResponse(HttpResponseCode::InsufficientStorage);
}
+
+ if (HttpReq.RequestContentType() == HttpContentType::kText ||
+ HttpReq.RequestContentType() == HttpContentType::kUnknownContentType)
+ {
+ m_ProjectStats.BadRequestCount++;
+ return HttpReq.WriteResponse(HttpResponseCode::BadRequest, HttpContentType::kText, "Invalid request content type");
+ }
+
std::filesystem::path OplogMarkerPath;
if (CbObject Params = HttpReq.ReadPayloadObject())
{
@@ -2156,6 +2164,13 @@ HttpProjectService::HandleProjectRequest(HttpRouterRequest& Req)
return HttpReq.WriteResponse(HttpResponseCode::InsufficientStorage);
}
+ if (HttpReq.RequestContentType() == HttpContentType::kText ||
+ HttpReq.RequestContentType() == HttpContentType::kUnknownContentType)
+ {
+ m_ProjectStats.BadRequestCount++;
+ return HttpReq.WriteResponse(HttpResponseCode::BadRequest, HttpContentType::kText, "Invalid request content type");
+ }
+
CbValidateError ValidateResult;
if (CbObject Params = ValidateAndReadCompactBinaryObject(HttpReq.ReadPayload(), ValidateResult);
ValidateResult == CbValidateError::None)
@@ -2568,8 +2583,6 @@ HttpProjectService::HandleRpcRequest(HttpRouterRequest& Req)
switch (PayloadContentType)
{
case HttpContentType::kJSON:
- case HttpContentType::kUnknownContentType:
- case HttpContentType::kText:
{
std::string JsonText(reinterpret_cast<const char*>(Payload.GetData()), Payload.GetSize());
Cb = LoadCompactBinaryFromJson(JsonText).AsObject();
generated by cgit v1.2.3 (git 2.25.1) at 2026-04-23 07:21:16 +0000