Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[REST API] Requests with unconsumed bodies should be rejected. #65242

Closed
cuff-links opened this issue Nov 18, 2020 · 2 comments
Closed

[REST API] Requests with unconsumed bodies should be rejected. #65242

cuff-links opened this issue Nov 18, 2020 · 2 comments
Labels
>bug :Core/Infra/REST API REST infrastructure and utilities Team:Core/Infra Meta label for core/infra team

Comments

@cuff-links
Copy link

cuff-links commented Nov 18, 2020
edited by jakelandis
Loading

Summary

This is a regression of #37504.

Environment

Kibana: 7.x (7.11)
Elasticsearch: 7.x (7.11)

How To Test

Run the following command in console.

PUT test/_doc/1
{}
DELETE /test
{
  "query" : {
    "term" :  {
      "field" : "value"
    }
  }
}

The above is no longer rejected.

Another example (which found this regression):

POST /latency/_forcemerge
{
  "only_expunge_deletes": true,
  "max_num_segments": 1
}

Which since #37504 should not be allowed. (related: #30792)

Screenie

http://g.recordit.co/bUGDVNyJue.gif
@cuff-links cuff-links added >bug :Core/Infra/REST API REST infrastructure and utilities labels Nov 18, 2020
@elasticmachine elasticmachine added the Team:Core/Infra Meta label for core/infra team label Nov 18, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-core-infra (Team:Core/Infra)

@jakelandis
Copy link
Contributor

This might be due the description in #44902 which states that content is consumed when we check the content length.

@rjernst rjernst added the needs:triage Requires assignment of a team area label label Dec 3, 2020
@jaymode jaymode removed the needs:triage Requires assignment of a team area label label Dec 8, 2020
@jaymode jaymode mentioned this issue Dec 8, 2020
Merged
jaymode added a commit that referenced this issue Dec 14, 2020
@jaymode @tlrx
RestController should not consume request content (#66043)
7096856 
The change #37504 modifies the BaseRestHandler to make it reject all requests
that have an unconsumed body. The notion of consumed or unconsumed body
 is carried by the RestRequest object and its contentConsumed attribute, which
 is set to true when the content() or content(true) methods are used.

In our REST layer, we usually expect the RestHandlers to consume the request
content when needed, but it appears that the RestController always consumes
 the content upfront.

This commit changes the content() method used by the RestController so that it
does not mark the content as consumed.

Backport of #44902
Closes #65242

Co-authored-by: Tanguy Leroux <tlrx.dev@gmail.com>
@jaymode jaymode closed this as completed Dec 14, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
>bug :Core/Infra/REST API REST infrastructure and utilities Team:Core/Infra Meta label for core/infra team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@rjernst @jakelandis @cuff-links @jaymode @elasticmachine