Skip to content
This repository has been archived by the owner on Nov 10, 2022. It is now read-only.

Commit

Permalink
Handle malformed requests
Browse files Browse the repository at this point in the history 
Signed-off-by: John Argérus <john.argerus@se.bosch.com>
  • Loading branch information
@argerus @daschubert
argerus authored and daschubert committed Sep 25, 2019
1 parent 55bb3a4 commit b31f4dc
Show file tree
Hide file tree
Showing 3 changed files with 72 additions and 49 deletions.
111 changes: 67 additions & 44 deletions w3c-visserver-api/src/vsscommandprocessor.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,14 +31,28 @@

using namespace std;

string malFormedRequestResponse(uint32_t request_id, const string action) {
string malFormedRequestResponse(uint32_t request_id, const string action, string message) {
jsoncons::json answer;
answer["action"] = action;
answer["requestId"] = request_id;
jsoncons::json error;
error["number"] = 400;
error["reason"] = "Request malformed";
error["message"] = "Request malformed";
error["reason"] = "Bad Request";
error["message"] = message;
answer["error"] = error;
answer["timestamp"] = time(NULL);
stringstream ss;
ss << pretty_print(answer);
return ss.str();
}

string malFormedRequestResponse(string message) {
jsoncons::json answer;
jsoncons::json error;

error["number"] = 400;
error["reason"] = "Bad Request";
error["message"] = message;
answer["error"] = error;
answer["timestamp"] = time(NULL);
stringstream ss;
Expand Down Expand Up @@ -326,66 +340,75 @@ string vsscommandprocessor::processQuery(string req_json,
wschannel &channel) {
jsoncons::json root;
string response;
root = jsoncons::json::parse(req_json);
string action = root["action"].as<string>();
try {
root = jsoncons::json::parse(req_json);
string action = root["action"].as<string>();

if (action == "authorize") {
string token = root["tokens"].as<string>();
uint32_t request_id = root["requestId"].as<int>();
if (action == "authorize") {
string token = root["tokens"].as<string>();
uint32_t request_id = root["requestId"].as<int>();
#ifdef DEBUG
cout << "vsscommandprocessor::processQuery: authorize query with token = "
<< token << " with request id " << request_id << endl;
cout << "vsscommandprocessor::processQuery: authorize query with token = "
<< token << " with request id " << request_id << endl;
#endif
response = processAuthorize(channel, request_id, token);
} else if (action == "unsubscribe") {
uint32_t request_id = root["requestId"].as<int>();
uint32_t subscribeID = root["subscriptionId"].as<int>();
response = processAuthorize(channel, request_id, token);
} else if (action == "unsubscribe") {
uint32_t request_id = root["requestId"].as<int>();
uint32_t subscribeID = root["subscriptionId"].as<int>();
#ifdef DEBUG
cout
<< "vsscommandprocessor::processQuery: unsubscribe query for sub ID = "
<< subscribeID << " with request id " << request_id << endl;
cout << "vsscommandprocessor::processQuery: unsubscribe query for sub "
"ID = "
<< subscribeID << " with request id " << request_id << endl;
#endif
response = processUnsubscribe(request_id, subscribeID);
} else {
string path = root["path"].as<string>();
uint32_t request_id = root["requestId"].as<int>();
response = processUnsubscribe(request_id, subscribeID);
} else {
string path = root["path"].as<string>();
uint32_t request_id = root["requestId"].as<int>();

if (action == "get") {
if (action == "get") {
#ifdef DEBUG
cout << "vsscommandprocessor::processQuery: get query for " << path
<< " with request id " << request_id << endl;
cout << "vsscommandprocessor::processQuery: get query for " << path
<< " with request id " << request_id << endl;
#endif

response = processGet(channel, request_id, path);
response = processGet(channel, request_id, path);
#ifdef JSON_SIGNING_ON
response = signer->sign(response);
response = signer->sign(response);
#endif
} else if (action == "set") {
jsoncons::json value = root["value"];
} else if (action == "set") {
jsoncons::json value = root["value"];
#ifdef DEBUG
cout << "vsscommandprocessor::processQuery: set query for " << path
<< " with request id " << request_id << " value "
<< pretty_print(value) << endl;
cout << "vsscommandprocessor::processQuery: set query for " << path
<< " with request id " << request_id << " value "
<< pretty_print(value) << endl;
#endif
response = processSet(channel, request_id, path, value);
} else if (action == "subscribe") {
response = processSet(channel, request_id, path, value);
} else if (action == "subscribe") {
#ifdef DEBUG
cout << "vsscommandprocessor::processQuery: subscribe query for " << path
<< " with request id " << request_id << endl;
cout << "vsscommandprocessor::processQuery: subscribe query for "
<< path << " with request id " << request_id << endl;
#endif
response =
processSubscribe(channel, request_id, path, channel.getConnID());
} else if (action == "getMetadata") {
response =
processSubscribe(channel, request_id, path, channel.getConnID());
} else if (action == "getMetadata") {
#ifdef DEBUG
cout << "vsscommandprocessor::processQuery: metadata query for " << path
<< " with request id " << request_id << endl;
cout << "vsscommandprocessor::processQuery: metadata query for "
<< path << " with request id " << request_id << endl;
#endif
response = processGetMetaData(request_id, path);
} else {
cout << "vsscommandprocessor::processQuery: Unknown action " << action
<< endl;
response = processGetMetaData(request_id, path);
} else {
cout << "vsscommandprocessor::processQuery: Unknown action " << action
<< endl;
}
}
} catch (jsoncons::json_parse_exception e) {
return malFormedRequestResponse(e.what());
} catch (jsoncons::key_not_found e) {
return malFormedRequestResponse(e.what());
} catch (jsoncons::not_an_object e) {
return malFormedRequestResponse(e.what());
}


return response;
}
2 changes: 1 addition & 1 deletion w3c-visserver-api/src/vssdatabase.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -620,7 +620,7 @@ jsoncons::json vssdatabase::getSignal(class wschannel& channel, string path) {
// check Read access here.
if (!accessValidator->checkReadAccess(channel, jPath)) {
stringstream msg;
msg << "No read access to " << getReadablePath(jPath);
msg << "No read access to " << getReadablePath(jPath);
throw noPermissionException(msg.str());
}
rwMutex.lock();
Expand Down
8 changes: 4 additions & 4 deletions w3c-visserver-api/unit-test/w3cunittest.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1779,7 +1779,7 @@ BOOST_AUTO_TEST_CASE(permission_basic_read_with_non_permitted_path, *utf::expect

json expected = json::parse(R"({
"action":"get",
"error":{"message":"No read access to Vehicle.OBD.Speed","number":403,"reason":"Forbidden"},
"error":{"message":"No read access to Vehicle.OBD.Speed","number":403,"reason":"Forbidden"},
"requestId":8756
})");

Expand Down Expand Up @@ -1830,7 +1830,7 @@ BOOST_AUTO_TEST_CASE(permission_basic_read_with_invalid_permission_valid_path)

json expected = json::parse(R"({
"action":"get",
"error":{"message":"No read access to Vehicle.OBD.EngineSpeed","number":403,"reason":"Forbidden"},
"error":{"message":"No read access to Vehicle.OBD.EngineSpeed","number":403,"reason":"Forbidden"},
"requestId":8756
})");

Expand Down Expand Up @@ -2040,7 +2040,7 @@ BOOST_AUTO_TEST_CASE(permission_basic_read_with_wildcard_write_permission)

json expected = json::parse(R"({
"action":"get",
"error":{"message":"No read access to Vehicle.OBD.EngineSpeed","number":403,"reason":"Forbidden"},
"error":{"message":"No read access to Vehicle.OBD.EngineSpeed","number":403,"reason":"Forbidden"},
"requestId":8756
})");

Expand Down Expand Up @@ -2456,7 +2456,7 @@ BOOST_AUTO_TEST_CASE(permission_basic_write_with_branch_permission)
// because only write access in the token.
json get_expected = json::parse(R"({
"action": "get",
"error":{"message":"No read access to Vehicle.OBD.Speed","number":403,"reason":"Forbidden"},
"error":{"message":"No read access to Vehicle.OBD.Speed","number":403,"reason":"Forbidden"},
"requestId": 8756
})");

Expand Down

0 comments on commit b31f4dc

Please sign in to comment.