tolgee-platform icon indicating copy to clipboard operation
tolgee-platform copied to clipboard
verified publisher icon tolgee

Invalid multipart/form-data query causes 500 instead of 400

Open cyyynthia opened this issue 3 years ago • 7 comments

curl -v -H 'x-api-key: tgpak_nyaaaaaaa...' -H 'content-type: multipart/form-data' -d 'zzz' https://app.tolgee.io/v2/projects/import

2022-09-24 13:07:25.128 ERROR 1 --- [nio-8080-exec-6] io.tolgee.ExceptionHandlers              : org.springframework.web.multipart.MultipartException: Failed to parse multipart servlet request; nested exception is java.io.IOException: org.apache.tomcat.util.http.fileupload.FileUploadException: the request was rejected because no multipart boundary was found
	at org.springframework.web.multipart.support.StandardMultipartHttpServletRequest.handleParseFailure(StandardMultipartHttpServletRequest.java:127)
	at org.springframework.web.multipart.support.StandardMultipartHttpServletRequest.parseRequest(StandardMultipartHttpServletRequest.java:115)
	at org.springframework.web.multipart.support.StandardMultipartHttpServletRequest.<init>(StandardMultipartHttpServletRequest.java:88)
	at org.springframework.web.multipart.support.StandardServletMultipartResolver.resolveMultipart(StandardServletMultipartResolver.java:122)
	at org.springframework.web.servlet.DispatcherServlet.checkMultipart(DispatcherServlet.java:1208)
	at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1042)
	at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:963)
	at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)
	(...)
Caused by: java.io.IOException: org.apache.tomcat.util.http.fileupload.FileUploadException: the request was rejected because no multipart boundary was found
	at org.apache.catalina.connector.Request.parseParts(Request.java:2977)
	(...)
Caused by: org.apache.tomcat.util.http.fileupload.FileUploadException: the request was rejected because no multipart boundary was found
	at org.apache.tomcat.util.http.fileupload.impl.FileItemIteratorImpl.init(FileItemIteratorImpl.java:189)
	(...)

cyyynthia avatar Sep 24 '22 13:09 cyyynthia

Here are a few more cases triggering a 500 instead of a 400 Bad Request:

  • Using \n instead of \r\n (and other forms of invalid multipart data)
  • Not having a files in the payload
    • Note: items without a filename are skipped and as such having only filename-less data in files does run into this scenaro
Here are some test payloads I used that might be useful for writing tests

content-type: multipart/form-data; boundary=boundawy

--boundawy
Content-Disposition: form-data; name="nya"

{"meow":"miaou"}
--boundawy--

--boundawy
Content-Disposition: form-data; name="files"

{"meow":"miaou"}
--boundawy--

--boundawy
Content-Disposition: form-data; name="files"; filename="fr-FR.json"

{"meow":"miaou"}

cyyynthia avatar Sep 24 '22 21:09 cyyynthia

Would it make sense to add MultipartException handler to ExceptionHandlers returning some generic error, or do you think we should also provide some describing error messages as well?

JanCizmar avatar Sep 29 '22 08:09 JanCizmar

The existing message is descriptive enough of the error I think. For incomplete requests (with missing fields), the message contains information about the fields that are missing which is valuable information.

That being said, for incomplete data it may be better to return STANDARD_VALIDATION: { ... } stuff like the other endpoints.

cyyynthia avatar Sep 29 '22 09:09 cyyynthia

Will look into it.

JanCizmar avatar Sep 29 '22 09:09 JanCizmar

This issue is stale because it has been open for 30 days with no activity.

github-actions[bot] avatar Mar 11 '23 01:03 github-actions[bot]

This issue is stale because it has been open for 30 days with no activity.

github-actions[bot] avatar Apr 11 '23 01:04 github-actions[bot]

This issue was closed because it has been inactive for 14 days since being marked as stale.

github-actions[bot] avatar Apr 25 '23 01:04 github-actions[bot]