Horreum
Horreum copied to clipboard
Published
20 hours ago •
Hyperfoil
Hyperfoil
Schema and Test UI code "sanitizes" imported JSON, causing server side validation to fail
Describe the bug
The auto-generated Typescript api code in the UI creates the following methods:
For Schemas import:
export function SchemaExportToJSON(value?: SchemaExport | null): any {
if (value == null) {
return value;
}
return {
'labels': value['labels'] == null ? undefined : ((value['labels'] as Array<any>).map(LabelToJSON)),
'transformers': value['transformers'] == null ? undefined : ((value['transformers'] as Array<any>).map(TransformerToJSON)),
'id': value['id'],
'uri': value['uri'],
'name': value['name'],
'description': value['description'],
'schema': value['schema'],
'token': value['token'],
'access': AccessToJSON(value['access']),
'owner': value['owner'],
};
}
The LabelToJSON function generated is:
export function LabelToJSON(value?: Label | null): any {
if (value == null) {
return value;
}
return {
'id': value['id'],
'name': value['name'],
'extractors': ((value['extractors'] as Array<any>).map(ExtractorToJSON)),
'function': value['_function'],
'filtering': value['filtering'],
'metrics': value['metrics'],
'schemaId': value['schemaId'],
'access': AccessToJSON(value['access']),
'owner': value['owner'],
};
}
For Test import:
export function TestExportToJSON(value?: TestExport | null): any {
if (value == null) {
return value;
}
return {
'variables': value['variables'] == null ? undefined : ((value['variables'] as Array<any>).map(VariableToJSON)),
'missingDataRules': value['missingDataRules'] == null ? undefined : ((value['missingDataRules'] as Array<any>).map(MissingDataRuleToJSON)),
'experiments': value['experiments'] == null ? undefined : ((value['experiments'] as Array<any>).map(ExperimentProfileToJSON)),
'actions': value['actions'] == null ? undefined : ((value['actions'] as Array<any>).map(ActionToJSON)),
'subscriptions': WatchToJSON(value['subscriptions']),
'datastore': DatastoreToJSON(value['datastore']),
'id': value['id'],
....
'access': AccessToJSON(value['access']),
'owner': value['owner'],
};
}
Which wraps the calls to the REST API:
const response = await this.request({
path: `/api/schema/import`,
method: 'POST',
headers: headerParameters,
query: queryParameters,
body: SchemaExportToJSON(requestParameters['schemaExport']),
}, initOverrides);
This creates a NEW JSON, which has been sanitized of incorrect keys, which is sent to the REST API.
Therefore, an invalid JSON segement, such as :
{
"name" : "kb_report_results_podLatencyQuantilesMeasurement_quantiles_Ready_P99",
"filtering" : true,
"metrics" : true,
"schemaId" : "221",
"acccess" : "PUBLIC",
"owner" : "ocp-perfscale-team",
"extractors" : [ {
"name" : "P99",
"path" : "$.results.podLatencyQuantilesMeasurement.quantiles.Ready.P99",
"isarray" : false
}
Is sent to the REST API as, notice the removed "acccess" and "extractors->path" keys;
{
"name" : "kb_report_results_podLatencyQuantilesMeasurement_quantiles_Ready_P99",
"filtering" : true,
"metrics" : true,
"schemaId" : "221",
"owner" : "ocp-perfscale-team",
"extractors" : [ {
"name" : "P99",
"isarray" : false
}
This new JSON does not cause the validation to fail.
The UI should pass the original, un-sanitized JSON to the REST API, for the API to validate the input
