Fixes #106 - validate that PUT requests contain valid JSON

tburch · tburch · commit a4871b45920c · 2025-02-17T10:47:33.000-07:00
diff --git a/src/main/kotlin/jsonblob/api/http/ApiController.kt b/src/main/kotlin/jsonblob/api/http/ApiController.kt
@@ -169,17 +169,21 @@ class ApiController(
     }
 
     private fun update(blobId: String, json: String): JsonBlob? {
-        val resolver = idResolvers.firstOrNull { it.handles(blobId) }
-        return if (resolver != null) {
-            val created = resolver.resolveTimestamp(blobId)
-            val jsonBlob = JsonBlob(
-                id = blobId,
-                json = json,
-                created = created
-            )
-            jsonBlobStore.write(jsonBlob)
+        if (JsonCleaner.validJson(json)) {
+            val resolver = idResolvers.firstOrNull { it.handles(blobId) }
+            return if (resolver != null) {
+                val created = resolver.resolveTimestamp(blobId)
+                val jsonBlob = JsonBlob(
+                    id = blobId,
+                    json = json,
+                    created = created
+                )
+                jsonBlobStore.write(jsonBlob)
+            } else {
+                null
+            }
         } else {
-            null
+            throw HttpStatusException(HttpStatus.BAD_REQUEST, "Invalid JSON")
         }
     }
 
diff --git a/src/test/kotlin/jsonblob/api/http/ApiTest.kt b/src/test/kotlin/jsonblob/api/http/ApiTest.kt
@@ -8,23 +8,19 @@ import io.micronaut.http.HttpResponse
 import io.micronaut.http.MediaType
 import io.micronaut.http.client.HttpClient
 import io.micronaut.http.client.annotation.Client
+import io.micronaut.http.client.exceptions.HttpClientResponseException
 import io.micronaut.test.extensions.junit5.annotation.MicronautTest
 import io.micronaut.test.support.TestPropertyProvider
-import jsonblob.config.S3ClientBuilderListener
 import jsonblob.core.compression.compressor.GZIPBlobCompressor
 import jsonblob.core.id.Type1UUIDJsonBlobHandler
 import jsonblob.core.store.JsonBlobStore
 import mu.KotlinLogging
 import org.assertj.core.api.Assertions.assertThat
-import org.junit.jupiter.api.AfterAll
-import org.junit.jupiter.api.BeforeAll
+import org.assertj.core.api.Assertions.assertThatThrownBy
 import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.TestInstance
 import org.skyscreamer.jsonassert.JSONAssert.assertEquals
-import org.testcontainers.containers.localstack.LocalStackContainer
 import org.testcontainers.shaded.com.google.common.io.Files
-import org.testcontainers.utility.DockerImageName
-import software.amazon.awssdk.services.s3.S3Client
 import java.util.UUID
 import javax.inject.Inject
 
@@ -140,10 +136,12 @@ class ApiTest: TestPropertyProvider {
 
     @Test
     fun `blob is not created on bad API PUT`() {
-        val resp = client
-            .toBlocking()
-            .exchange(PUT("/api/jsonBlob/${UUID.randomUUID()}", json).contentType(MediaType.APPLICATION_JSON_TYPE), String::class.java)
-        assertThat(resp.code()).isEqualTo(400)
+        assertThatThrownBy {
+            client
+                .toBlocking()
+                .exchange(PUT("/api/jsonBlob/${UUID.randomUUID()}", json).contentType(MediaType.APPLICATION_JSON_TYPE), String::class.java)
+
+        }.isInstanceOf(HttpClientResponseException::class.java)
     }
 
     @Test
