[NXP-32041] ES passthrough should not accept malformed JSON - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 2021, 2023.1
Fix Version/s: 2023.3, 2021.44
Component/s: Rest API

Tags:
- SupCom
- noRNS
- nxplatform
Backlog priority:
900
Sprint:
nxplatform #96
Story Points:
3

Description

A command like this one will return 200, note that the content-type header is included:

curl -u Administrator:Administrator -X GET localhost:8080/nuxeo/site/es/_all/_search -d '{"query":{"simple_query_string":{"query":"video"}}}junk' -H content-type:application/json

Likewise using a payload like "{\"query\": {\"match_all\": {}junk"}} in TestSearchRequestFilter will not result in an error.

Client has security concerns and needs this to be rectified.

Attachments

Activity

People

Assignee:

Kevin Leturc

Reporter:

Harlan Brown

Participants:

Harlan Brown, Jenkins, Kevin Leturc

Votes:

0 Vote for this issue

Watchers:

3 Start watching this issue

Dates

Created:

2023-08-28 14:00

Updated:

2023-10-19 08:34

Resolved:

2023-09-19 07:58