fix(matchexpressions): correct endpoint case for JSON ID request filt…

…er (#356) * fix(matchexpressions): correct endpoint case for JSON ID request filter * allow IDs in per-rule request paths do not allow IDs in rule creation POSTS, but do allow in modification PATCHes - the ID field will be ignored here anyway
cryostatio · Apr 9, 2024 · fbb3088 · fbb3088
1 parent 897944b
commit fbb3088
Showing 1 changed file with 16 additions and 3 deletions.
diff --git a/src/main/java/io/cryostat/JsonRequestFilter.java b/src/main/java/io/cryostat/JsonRequestFilter.java
@@ -19,7 +19,10 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.nio.charset.StandardCharsets;
+import java.util.HashMap;
+import java.util.Map;
 import java.util.Set;
+import java.util.regex.Pattern;
 
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
@@ -33,17 +36,18 @@
 public class JsonRequestFilter implements ContainerRequestFilter {
 
     static final Set<String> disallowedFields = Set.of("id");
-    static final Set<String> allowedPaths =
-            Set.of("/api/v2.2/discovery", "/api/beta/matchexpressions");
+    static final Set<String> allowedPathPatterns =
+            Set.of("/api/v2.2/discovery", "/api/v2/rules/[\\w]+", "/api/beta/matchExpressions");
 
+    private final Map<String, Pattern> compiledPatterns = new HashMap<>();
     private final ObjectMapper objectMapper = new ObjectMapper();
 
     @Override
     public void filter(ContainerRequestContext requestContext) throws IOException {
         if (requestContext.getMediaType() != null
                 && requestContext.getMediaType().isCompatible(MediaType.APPLICATION_JSON_TYPE)
                 && (requestContext.getUriInfo() != null
-                        && !allowedPaths.contains(requestContext.getUriInfo().getPath()))) {
+                        && !anyPatternMatch(requestContext.getUriInfo().getPath()))) {
             try (InputStream stream = requestContext.getEntityStream()) {
                 JsonNode rootNode = objectMapper.readTree(stream);
 
@@ -77,4 +81,13 @@ private boolean containsIdField(JsonNode node) {
         }
         return false;
     }
+
+    private boolean anyPatternMatch(String path) {
+        var match = false;
+        for (var p : allowedPathPatterns) {
+            var pattern = compiledPatterns.computeIfAbsent(p, Pattern::compile);
+            match |= pattern.matcher(path).matches();
+        }
+        return match;
+    }
 }