From b31f4dc80ae0b6373e755c3115dba39dd9f4f0a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?John=20Arg=C3=A9rus?= Date: Thu, 12 Sep 2019 11:52:33 +0200 Subject: [PATCH] Handle malformed requests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: John Argérus --- w3c-visserver-api/src/vsscommandprocessor.cpp | 111 +++++++++++------- w3c-visserver-api/src/vssdatabase.cpp | 2 +- w3c-visserver-api/unit-test/w3cunittest.cpp | 8 +- 3 files changed, 72 insertions(+), 49 deletions(-) diff --git a/w3c-visserver-api/src/vsscommandprocessor.cpp b/w3c-visserver-api/src/vsscommandprocessor.cpp index 5fa0d8b..ca46b20 100644 --- a/w3c-visserver-api/src/vsscommandprocessor.cpp +++ b/w3c-visserver-api/src/vsscommandprocessor.cpp @@ -31,14 +31,28 @@ using namespace std; -string malFormedRequestResponse(uint32_t request_id, const string action) { +string malFormedRequestResponse(uint32_t request_id, const string action, string message) { jsoncons::json answer; answer["action"] = action; answer["requestId"] = request_id; jsoncons::json error; error["number"] = 400; - error["reason"] = "Request malformed"; - error["message"] = "Request malformed"; + error["reason"] = "Bad Request"; + error["message"] = message; + answer["error"] = error; + answer["timestamp"] = time(NULL); + stringstream ss; + ss << pretty_print(answer); + return ss.str(); +} + +string malFormedRequestResponse(string message) { + jsoncons::json answer; + jsoncons::json error; + + error["number"] = 400; + error["reason"] = "Bad Request"; + error["message"] = message; answer["error"] = error; answer["timestamp"] = time(NULL); stringstream ss; @@ -326,66 +340,75 @@ string vsscommandprocessor::processQuery(string req_json, wschannel &channel) { jsoncons::json root; string response; - root = jsoncons::json::parse(req_json); - string action = root["action"].as(); + try { + root = jsoncons::json::parse(req_json); + string action = root["action"].as(); - if (action == "authorize") { - string token = root["tokens"].as(); - uint32_t request_id = root["requestId"].as(); + if (action == "authorize") { + string token = root["tokens"].as(); + uint32_t request_id = root["requestId"].as(); #ifdef DEBUG - cout << "vsscommandprocessor::processQuery: authorize query with token = " - << token << " with request id " << request_id << endl; + cout << "vsscommandprocessor::processQuery: authorize query with token = " + << token << " with request id " << request_id << endl; #endif - response = processAuthorize(channel, request_id, token); - } else if (action == "unsubscribe") { - uint32_t request_id = root["requestId"].as(); - uint32_t subscribeID = root["subscriptionId"].as(); + response = processAuthorize(channel, request_id, token); + } else if (action == "unsubscribe") { + uint32_t request_id = root["requestId"].as(); + uint32_t subscribeID = root["subscriptionId"].as(); #ifdef DEBUG - cout - << "vsscommandprocessor::processQuery: unsubscribe query for sub ID = " - << subscribeID << " with request id " << request_id << endl; + cout << "vsscommandprocessor::processQuery: unsubscribe query for sub " + "ID = " + << subscribeID << " with request id " << request_id << endl; #endif - response = processUnsubscribe(request_id, subscribeID); - } else { - string path = root["path"].as(); - uint32_t request_id = root["requestId"].as(); + response = processUnsubscribe(request_id, subscribeID); + } else { + string path = root["path"].as(); + uint32_t request_id = root["requestId"].as(); - if (action == "get") { + if (action == "get") { #ifdef DEBUG - cout << "vsscommandprocessor::processQuery: get query for " << path - << " with request id " << request_id << endl; + cout << "vsscommandprocessor::processQuery: get query for " << path + << " with request id " << request_id << endl; #endif - response = processGet(channel, request_id, path); + response = processGet(channel, request_id, path); #ifdef JSON_SIGNING_ON - response = signer->sign(response); + response = signer->sign(response); #endif - } else if (action == "set") { - jsoncons::json value = root["value"]; + } else if (action == "set") { + jsoncons::json value = root["value"]; #ifdef DEBUG - cout << "vsscommandprocessor::processQuery: set query for " << path - << " with request id " << request_id << " value " - << pretty_print(value) << endl; + cout << "vsscommandprocessor::processQuery: set query for " << path + << " with request id " << request_id << " value " + << pretty_print(value) << endl; #endif - response = processSet(channel, request_id, path, value); - } else if (action == "subscribe") { + response = processSet(channel, request_id, path, value); + } else if (action == "subscribe") { #ifdef DEBUG - cout << "vsscommandprocessor::processQuery: subscribe query for " << path - << " with request id " << request_id << endl; + cout << "vsscommandprocessor::processQuery: subscribe query for " + << path << " with request id " << request_id << endl; #endif - response = - processSubscribe(channel, request_id, path, channel.getConnID()); - } else if (action == "getMetadata") { + response = + processSubscribe(channel, request_id, path, channel.getConnID()); + } else if (action == "getMetadata") { #ifdef DEBUG - cout << "vsscommandprocessor::processQuery: metadata query for " << path - << " with request id " << request_id << endl; + cout << "vsscommandprocessor::processQuery: metadata query for " + << path << " with request id " << request_id << endl; #endif - response = processGetMetaData(request_id, path); - } else { - cout << "vsscommandprocessor::processQuery: Unknown action " << action - << endl; + response = processGetMetaData(request_id, path); + } else { + cout << "vsscommandprocessor::processQuery: Unknown action " << action + << endl; + } } + } catch (jsoncons::json_parse_exception e) { + return malFormedRequestResponse(e.what()); + } catch (jsoncons::key_not_found e) { + return malFormedRequestResponse(e.what()); + } catch (jsoncons::not_an_object e) { + return malFormedRequestResponse(e.what()); } + return response; } diff --git a/w3c-visserver-api/src/vssdatabase.cpp b/w3c-visserver-api/src/vssdatabase.cpp index 7fbf358..a68f0da 100644 --- a/w3c-visserver-api/src/vssdatabase.cpp +++ b/w3c-visserver-api/src/vssdatabase.cpp @@ -620,7 +620,7 @@ jsoncons::json vssdatabase::getSignal(class wschannel& channel, string path) { // check Read access here. if (!accessValidator->checkReadAccess(channel, jPath)) { stringstream msg; - msg << "No read access to " << getReadablePath(jPath); + msg << "No read access to " << getReadablePath(jPath); throw noPermissionException(msg.str()); } rwMutex.lock(); diff --git a/w3c-visserver-api/unit-test/w3cunittest.cpp b/w3c-visserver-api/unit-test/w3cunittest.cpp index c7e7fb0..a55cc77 100755 --- a/w3c-visserver-api/unit-test/w3cunittest.cpp +++ b/w3c-visserver-api/unit-test/w3cunittest.cpp @@ -1779,7 +1779,7 @@ BOOST_AUTO_TEST_CASE(permission_basic_read_with_non_permitted_path, *utf::expect json expected = json::parse(R"({ "action":"get", - "error":{"message":"No read access to Vehicle.OBD.Speed","number":403,"reason":"Forbidden"}, + "error":{"message":"No read access to Vehicle.OBD.Speed","number":403,"reason":"Forbidden"}, "requestId":8756 })"); @@ -1830,7 +1830,7 @@ BOOST_AUTO_TEST_CASE(permission_basic_read_with_invalid_permission_valid_path) json expected = json::parse(R"({ "action":"get", - "error":{"message":"No read access to Vehicle.OBD.EngineSpeed","number":403,"reason":"Forbidden"}, + "error":{"message":"No read access to Vehicle.OBD.EngineSpeed","number":403,"reason":"Forbidden"}, "requestId":8756 })"); @@ -2040,7 +2040,7 @@ BOOST_AUTO_TEST_CASE(permission_basic_read_with_wildcard_write_permission) json expected = json::parse(R"({ "action":"get", - "error":{"message":"No read access to Vehicle.OBD.EngineSpeed","number":403,"reason":"Forbidden"}, + "error":{"message":"No read access to Vehicle.OBD.EngineSpeed","number":403,"reason":"Forbidden"}, "requestId":8756 })"); @@ -2456,7 +2456,7 @@ BOOST_AUTO_TEST_CASE(permission_basic_write_with_branch_permission) // because only write access in the token. json get_expected = json::parse(R"({ "action": "get", - "error":{"message":"No read access to Vehicle.OBD.Speed","number":403,"reason":"Forbidden"}, + "error":{"message":"No read access to Vehicle.OBD.Speed","number":403,"reason":"Forbidden"}, "requestId": 8756 })");