feat(plugins/request-validator): added a new configuration field `con…

…tent_type_parameter_validation` to control content-type parameters validation (#9384) * feat(plugins/request-validator): added a new configuration field `content_type_parameter_validation` to determine whether to enable Content-Type parameters validation. * Update kong/clustering/compat/removed_fields.lua FTI-5979
Kong · Jun 11, 2024 · 17149f5 · 17149f5
1 parent d967e5a
commit 17149f5
Show file tree

Hide file tree

Showing 6 changed files with 134 additions and 4 deletions.
diff --git a/...elog/unreleased/kong-ee/request-validator-new-field-content-type-parameter-validation.yml b/...elog/unreleased/kong-ee/request-validator-new-field-content-type-parameter-validation.yml
@@ -0,0 +1,3 @@
+message: "**Request-Validator**: Added a new configuration field `content_type_parameter_validation` to determine whether to enable Content-Type parameters validation."
+type: bugfix
+scope: Plugin
diff --git a/kong/clustering/compat/checkers.lua b/kong/clustering/compat/checkers.lua
@@ -38,6 +38,33 @@ end
 
 
 local compatible_checkers = {
+  {
+    3007001000, --[[3.7.1.0]]
+    function(config_table, dp_version, log_suffix)
+      local has_update
+
+      local dp_version_num = version_num(dp_version)
+
+      for _, plugin in ipairs(config_table.plugins or {}) do
+        if plugin.name == 'request-validator' then
+          local config = plugin.config
+          if config.content_type_parameter_validation ~= nil then
+            if dp_version_num < 3006001005 or
+              dp_version_num >= 3007000000 then
+              -- remove config.content_type_parameter_validation when DP version in intervals (, 3615), [3700, 3710)
+              config.content_type_parameter_validation = nil
+              has_update = true
+              log_warn_message('configures ' .. plugin.name .. ' plugin with content_type_parameter_validation',
+                'will be removed.',
+                dp_version, log_suffix)
+            end
+          end
+        end
+      end
+
+      return has_update
+    end
+  },
   { 3007000000, -- [[ 3.7.0.0 ]]
     function(config_table, dp_version, log_suffix)
       local has_update

diff --git a/plugins-ee/request-validator/kong/plugins/request-validator/handler.lua b/plugins-ee/request-validator/kong/plugins/request-validator/handler.lua
@@ -80,8 +80,13 @@ do
     allowed = false
     local type, sub_type, params = parse_mime_type(content_type)
     for _, parsed in ipairs(conf.parsed_list) do
-      if (type == parsed.type or parsed.type == "*")
-        and (sub_type == parsed.sub_type or parsed.sub_type == "*") then
+      if (type == parsed.type or parsed.type == "*") and
+         (sub_type == parsed.sub_type or parsed.sub_type == "*") then
+        if not plugin_config.content_type_parameter_validation then
+          allowed = true
+          break
+        end
+
         local params_match = true
         for key, value1 in pairs(parsed.params or EMPTY) do
           local value2 = (params or EMPTY)[key]

diff --git a/plugins-ee/request-validator/kong/plugins/request-validator/schema.lua b/plugins-ee/request-validator/kong/plugins/request-validator/schema.lua
@@ -164,6 +164,10 @@ return {
             default = false,
             required = true,
           }},
+          { content_type_parameter_validation = { description = "Determines whether to enable parameters validation of request content-type.", type = "boolean",
+            default = true,
+            required = true,
+          }}
         },
         entity_checks = {
           { at_least_one_of = { "body_schema", "parameter_schema" } },

diff --git a/plugins-ee/request-validator/spec/02-access_kong_spec.lua b/plugins-ee/request-validator/spec/02-access_kong_spec.lua
@@ -689,6 +689,49 @@ for _, strategy in strategies() do
         assert.res_status(200, res)
       end)
 
+      it("should skip content-type parameters validation when content_type_parameter_validation = false", function()
+        local schema = [[
+          [
+            {
+              "f1": {
+                "type": "string",
+                "required": true
+              }
+            }
+          ]
+        ]]
+
+        add_plugin(admin_client, {
+          body_schema = schema,
+          allowed_content_types = { "application/json; charset=UTF-8" },
+          content_type_parameter_validation = false,
+        }, 201)
+
+        local res = assert(proxy_client:send {
+          method = "GET",
+          path = "/status/200",
+          headers = {
+            ["Content-Type"] = "application/json",
+          },
+          body = {
+            f1 = "value!"
+          }
+        })
+        assert.res_status(200, res)
+
+        local res = assert(proxy_client:send {
+          method = "GET",
+          path = "/status/200",
+          headers = {
+            ["Content-Type"] = "application/json; boundary=something",
+          },
+          body = {
+            f1 = "value!"
+          }
+        })
+        assert.res_status(200, res)
+      end)
+
       it("validates nested records", function()
         local schema = [[
           [

diff --git a/spec-ee/02-integration/14-hybrid_mode/04-config-compat_spec.lua b/spec-ee/02-integration/14-hybrid_mode/04-config-compat_spec.lua
@@ -130,7 +130,7 @@ describe("CP/DP config compat #" .. strategy, function()
       "plugins",
       "clustering_data_planes",
     }, { 'graphql-rate-limiting-advanced', 'ai-rate-limiting-advanced', 'rate-limiting-advanced', 'openid-connect',
-        'oas-validation', 'mtls-auth', 'application-registration', "jwt-signer" })
+        'oas-validation', 'mtls-auth', 'application-registration', "jwt-signer", "request-validator" })
 
     PLUGIN_LIST = helpers.get_plugins_list()
 
@@ -154,7 +154,7 @@ describe("CP/DP config compat #" .. strategy, function()
         [[
           bundled,graphql-rate-limiting-advanced,ai-rate-limiting-advanced,rate-limiting-advanced,
           openid-connect,oas-validation,mtls-auth,application-registration,
-          jwt-signer
+          jwt-signer,request-validator
         ]],
     }))
   end)
@@ -626,6 +626,54 @@ describe("CP/DP config compat #" .. strategy, function()
   end)
 
 
+  describe("request-validator for content_type_parameter_validation", function()
+    local case_sanity = {
+      plugin = "request-validator",
+      label = "w/ content_type_parameter_validation",
+      pending = false,
+      config = {
+        version = "draft4",
+        body_schema = '{"name": {"type": "string"}}',
+        content_type_parameter_validation = true,
+      },
+      status = STATUS.NORMAL,
+      validator = function(config)
+        return config.content_type_parameter_validation == true
+      end
+    }
+
+    it(fmt("%s - %s", case_sanity.plugin, case_sanity.label), function()
+      do_assert(case_sanity, "3.6.1.5")
+    end)
+
+    it(fmt("%s - %s", case_sanity.plugin, case_sanity.label), function()
+      do_assert(case_sanity, "3.7.1.0")
+    end)
+
+    local case = {
+      plugin = "request-validator",
+      label = "w/ api_spec_encoded unsupported",
+      pending = false,
+      config = {
+        version = "draft4",
+        body_schema = '{"name": {"type": "string"}}',
+        content_type_parameter_validation = true,
+      },
+      status = STATUS.NORMAL,
+      validator = function(config)
+        return config.content_type_parameter_validation == nil
+      end
+    }
+
+    it(fmt("%s - %s", case.plugin, case.label), function()
+      do_assert(case, "3.6.1.4")
+    end)
+
+    it(fmt("%s - %s", case.plugin, case.label), function()
+      do_assert(case, "3.7.0.0")
+    end)
+  end)
+
 end)
 
 end -- each strategy