prism icon indicating copy to clipboard operation
prism copied to clipboard
verified publisher icon stoplightio

Request with multi part crash prism

Open LasneF opened this issue 10 months ago • 0 comments

given an endpoint describe as follow

Context

during testing it

Current Behavior

given the following curl command

curl -v --request POST 'http://127.0.0.1:4010/trades/batch' --header 'Authorization: Bearer e' --form '{"inputBy" : true}";type=application/json'

take care the command line is wrong due to typo about " , anyway prism should not crash

Prism crash with the following stack trace

D:\tools\nodeJS\node_modules@stoplight\prism-cli\node_modules\parse-multipart-data\src\multipart.ts:166 const b = JSON.parse(k[1].trim()) ^ TypeError: Cannot read properties of undefined (reading 'trim') at obj (D:\tools\nodeJS\node_modules@stoplight\prism-cli\node_modules\parse-multipart-data\src\multipart.ts:166:31) at process (D:\tools\nodeJS\node_modules@stoplight\prism-cli\node_modules\parse-multipart-data\src\multipart.ts:181:13) at Object.parse (D:\tools\nodeJS\node_modules@stoplight\prism-cli\node_modules\parse-multipart-data\src\multipart.ts:86:11)
at parseMultipartFormDataParams (D:\tools\nodeJS\node_modules@stoplight\prism-cli\node_modules@stoplight\prism-http\dist\validator\validators\body.js:91:29) at deserializeAndValidate (D:\tools\nodeJS\node_modules@stoplight\prism-cli\node_modules@stoplight\prism-http\dist\validator\validators\body.js:120:11) at D:\tools\nodeJS\node_modules@stoplight\prism-cli\node_modules@stoplight\prism-http\dist\validator\validators\body.js:154:664 at D:\tools\nodeJS\node_modules@stoplight\prism-cli\node_modules\fp-ts\lib\Either.js:66:101 at D:\tools\nodeJS\node_modules@stoplight\prism-cli\node_modules\fp-ts\lib\function.js:366:46 at pipe (D:\tools\nodeJS\node_modules@stoplight\prism-cli\node_modules\fp-ts\lib\function.js:303:20) at D:\tools\nodeJS\node_modules@stoplight\prism-cli\node_modules@stoplight\prism-http\dist\validator\validators\body.js:154:476

Expected Behavior

No crash ; proper validation (here fail due to invalid data sent)

Possible Workaround/Solution

nothing

Steps to Reproduce

use this buggy curl command

curl -v --request POST 'http://127.0.0.1:8080/trades/batch' --header 'Authorization: Bearer e' --form '{";=application/json'

that produces this kind of data

POST http://127.0.0.1:4010/trades/batch HTTP/1.1 Host: 127.0.0.1:4010 User-Agent: curl/8.10.1 Accept: / Authorization: Bearer e Content-Length: 168 Content-Type: multipart/form-data; boundary=------------------------wILHrY4muGoammzsaeCWsh Raw

--------------------------wILHrY4muGoammzsaeCWsh Content-Disposition: form-data; name="{%22;" application/json --------------------------wILHrY4muGoammzsaeCWsh--

Environment

  • Version used: prism 5.1.12.1
  • Operating System and version : Windows

LasneF avatar Mar 04 '25 14:03 LasneF