-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CUSTCOM-11 Prevent Parsing Null JSON Entities #49
CUSTCOM-11 Prevent Parsing Null JSON Entities #49
Conversation
Before this change, a null entity posted to an endpoint would be read if the content-type header was specified. This change makes sure that the entity isn't read, regardless of content-type header or discovered reader.
Don't merge yet, some Jersey tests fail with this new change. The test I've checked is as-per the first row of the table above, so just needs changing. I'm confident that none of the test failures are unexpected, but I just want to check before this is merged. |
Jersey tests failed even before on my computer, two modules, if I remember well. Is there more failures? |
I think that may be it, but I've only investigated the one in the e2e folder |
Hmmmmmmm .... so it is a wrong test or bad user feature request. Is it described somewhere in specs?
EDIT: Aha, we already know it ... test only needs to respond with correct HTTP code - No Content instead of OK. It is 2xx, so it is still "succesful". |
This reverts commit 7fef156, as it fails the tests by returning null from all empty data types (including streams, which should be empty rather than null).
Before this change, passing a null entity when the content-type header was application/json would cause an error to be thrown when being parsed as there is no first token. This commit prevents that happening by exiting early.
@@ -70,6 +74,9 @@ public Object readFrom(Class<Object> type, Type genericType, | |||
MediaType mediaType, | |||
MultivaluedMap<String, String> httpHeaders, | |||
InputStream entityStream) throws IOException, WebApplicationException { | |||
if (entityStream.available() == 0) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed in 2.30 in several commits, last is 1c3b8d5
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
entityStream.available() can return 0 also if came only headers and body is not buffered yet.
EntityInputStream.isEmpty would be correct.
See also: eclipse-ee4j#4275 and jakartaee/rest#795
So it seems we should simply accept implementation from Jersey 2.30 to stay compatible in future versions. |
I think the current 2.30 implementation is misleading and, should the specifications allow for it, there should be a clear distinction between an empty JSON object and a null stream. I'll wait for advice from @rdebusscher though. |
I'm closing this for reasons detailed in the Jira. This particular PR should not be reopened, but rather a new fix should be made if required taking into account the previously linked Jersey patches in 2.30. |
Truth table for the results:
EDIT: This table is now exactly the same before and after; I've limited the fix to JSON null entities. This is because my original commit also caused streams to return as null rather than empty, which broke all streaming.