diff options
| author | Liam Mitchell <[email protected]> | 2026-02-11 18:08:07 -0800 |
|---|---|---|
| committer | Liam Mitchell <[email protected]> | 2026-02-11 18:08:07 -0800 |
| commit | 7455abd9e0121116fc002029d709a7cf410b4195 (patch) | |
| tree | 70491fe475fa578dfb539e93e399b4f080762553 /src | |
| parent | reduce lock time for project store gc precache and gc validate (#750) (diff) | |
| download | zen-7455abd9e0121116fc002029d709a7cf410b4195.tar.xz zen-7455abd9e0121116fc002029d709a7cf410b4195.zip | |
Restrict content-type on POST requests to compact binary or JSON
Diffstat (limited to 'src')
| -rw-r--r-- | src/zen/cmds/projectstore_cmd.cpp | 4 | ||||
| -rw-r--r-- | src/zenserver-test/projectstore-tests.cpp | 8 | ||||
| -rw-r--r-- | src/zenserver-test/zenserver-test.cpp | 2 | ||||
| -rw-r--r-- | src/zenserver/storage/projectstore/httpprojectstore.cpp | 17 |
4 files changed, 24 insertions, 7 deletions
diff --git a/src/zen/cmds/projectstore_cmd.cpp b/src/zen/cmds/projectstore_cmd.cpp index 4885fd363..519b68126 100644 --- a/src/zen/cmds/projectstore_cmd.cpp +++ b/src/zen/cmds/projectstore_cmd.cpp @@ -809,6 +809,7 @@ CreateOplogCommand::Run(const ZenCliOptions& GlobalOptions, int argc, char** arg } IoBuffer OplogPayload; + OplogPayload.SetContentType(ZenContentType::kCbObject); if (!m_GcPath.empty()) { OplogPayload = MakeCbObjectPayload([&](CbObjectWriter& Writer) { Writer.AddString("gcpath"sv, m_GcPath); }); @@ -1141,7 +1142,7 @@ ExportOplogCommand::Run(const ZenCliOptions& GlobalOptions, int argc, char** arg if (CreateOplog) { ZEN_CONSOLE_WARN("Creating zen remote oplog '{}/{}'", m_ZenProjectName, m_ZenOplogName); - if (HttpClient::Response Result = TargetHttp.Post(Url); !Result) + if (HttpClient::Response Result = TargetHttp.Post(Url, IoBuffer(), ZenContentType::kCbObject); !Result) { Result.ThrowError("failed creating zen remote oplog"sv); } @@ -1608,6 +1609,7 @@ ImportOplogCommand::Run(const ZenCliOptions& GlobalOptions, int argc, char** arg if (CreateOplog) { IoBuffer OplogPayload; + OplogPayload.SetContentType(ZenContentType::kCbObject); if (!m_GcPath.empty()) { OplogPayload = MakeCbObjectPayload([&](CbObjectWriter& Writer) { Writer.AddString("gcpath"sv, m_GcPath); }); diff --git a/src/zenserver-test/projectstore-tests.cpp b/src/zenserver-test/projectstore-tests.cpp index 735aef159..ead062628 100644 --- a/src/zenserver-test/projectstore-tests.cpp +++ b/src/zenserver-test/projectstore-tests.cpp @@ -86,7 +86,7 @@ TEST_CASE("project.basic") HttpClient Http{BaseUri}; { - auto Response = Http.Post(""sv); + auto Response = Http.Post(""sv, IoBuffer{}, ZenContentType::kCbObject); CHECK(Response.StatusCode == HttpResponseCode::Created); } @@ -441,7 +441,8 @@ TEST_CASE("project.remote") auto MakeOplog = [](std::string_view UrlBase, std::string_view ProjectName, std::string_view OplogName) { HttpClient Http{UrlBase}; - HttpClient::Response Response = Http.Post(fmt::format("/prj/{}/oplog/{}", ProjectName, OplogName), IoBuffer{}); + HttpClient::Response Response = + Http.Post(fmt::format("/prj/{}/oplog/{}", ProjectName, OplogName), IoBuffer{}, ZenContentType::kCbObject); CHECK(Response); }; @@ -891,7 +892,8 @@ TEST_CASE("project.rpcappendop") }; auto MakeOplog = [](HttpClient& Client, std::string_view ProjectName, std::string_view OplogName) { - HttpClient::Response Response = Client.Post(fmt::format("/prj/{}/oplog/{}", ProjectName, OplogName)); + HttpClient::Response Response = + Client.Post(fmt::format("/prj/{}/oplog/{}", ProjectName, OplogName), IoBuffer{}, ZenContentType::kCbObject); CHECK_MESSAGE(Response.IsSuccess(), Response.ErrorMessage("")); }; auto GetOplog = [](HttpClient& Client, std::string_view ProjectName, std::string_view OplogName) { diff --git a/src/zenserver-test/zenserver-test.cpp b/src/zenserver-test/zenserver-test.cpp index 9a42bb73d..61ce4cd17 100644 --- a/src/zenserver-test/zenserver-test.cpp +++ b/src/zenserver-test/zenserver-test.cpp @@ -86,7 +86,7 @@ main(int argc, char** argv) zen::logging::InitializeLogging(); - zen::logging::SetLogLevel(zen::logging::level::Debug); + // zen::logging::SetLogLevel(zen::logging::level::Debug); spdlog::set_formatter(std::make_unique<zen::logging::full_test_formatter>("test", std::chrono::system_clock::now())); std::filesystem::path ProgramBaseDir = GetRunningExecutablePath().parent_path(); diff --git a/src/zenserver/storage/projectstore/httpprojectstore.cpp b/src/zenserver/storage/projectstore/httpprojectstore.cpp index 416e2ed69..575bf4354 100644 --- a/src/zenserver/storage/projectstore/httpprojectstore.cpp +++ b/src/zenserver/storage/projectstore/httpprojectstore.cpp @@ -1866,6 +1866,14 @@ HttpProjectService::HandleOpLogRequest(HttpRouterRequest& Req) { return HttpReq.WriteResponse(HttpResponseCode::InsufficientStorage); } + + if (HttpReq.RequestContentType() == HttpContentType::kText || + HttpReq.RequestContentType() == HttpContentType::kUnknownContentType) + { + m_ProjectStats.BadRequestCount++; + return HttpReq.WriteResponse(HttpResponseCode::BadRequest, HttpContentType::kText, "Invalid request content type"); + } + std::filesystem::path OplogMarkerPath; if (CbObject Params = HttpReq.ReadPayloadObject()) { @@ -2156,6 +2164,13 @@ HttpProjectService::HandleProjectRequest(HttpRouterRequest& Req) return HttpReq.WriteResponse(HttpResponseCode::InsufficientStorage); } + if (HttpReq.RequestContentType() == HttpContentType::kText || + HttpReq.RequestContentType() == HttpContentType::kUnknownContentType) + { + m_ProjectStats.BadRequestCount++; + return HttpReq.WriteResponse(HttpResponseCode::BadRequest, HttpContentType::kText, "Invalid request content type"); + } + CbValidateError ValidateResult; if (CbObject Params = ValidateAndReadCompactBinaryObject(HttpReq.ReadPayload(), ValidateResult); ValidateResult == CbValidateError::None) @@ -2568,8 +2583,6 @@ HttpProjectService::HandleRpcRequest(HttpRouterRequest& Req) switch (PayloadContentType) { case HttpContentType::kJSON: - case HttpContentType::kUnknownContentType: - case HttpContentType::kText: { std::string JsonText(reinterpret_cast<const char*>(Payload.GetData()), Payload.GetSize()); Cb = LoadCompactBinaryFromJson(JsonText).AsObject(); |