1. Atlassian Avatar Atlassian
  2. Tooling and Automation
  3. swagger-request-validator
  4. Issues

[Regression in 2.11.2] Request body is corrupted when body is not validated

Issue #312 resolved
Gediminas Rimša created an issue

Context: We have a file upload endpoint that accepts image uploads.

When com.atlassian.oai.validator.springmvc.OpenApiValidationService completes request validation and calls servletRequest.resetInputStream() the request body gets replaced by a fixed one-byte body.

Cause: com.atlassian.oai.validator.springmvc.ResettableRequestServletWrapper#resetInputStream has this code:

        } else if (servletInputStream instanceof WrappedOriginalServletInputStream) {
            final WrappedOriginalServletInputStream wrapped = (WrappedOriginalServletInputStream) servletInputStream;
            // At this point wrapped 
            this.servletInputStream = new CachedServletInputStream(wrapped.cachedContent, wrapped.chunkSize, wrapped.count);
            this.contentLength = wrapped.count;

If request body is not validated (e.g. it was image/gif), then at this point wrapped has the following attributes:

  • count = 1
  • cachedContent = 8KB byte arraywith only the first byte set

This makes the request content to become just one byte.

Comments (5)

  1. Sven Döring

    Yes, I can confirm. Haven't thought of that.

    The request body isn’t read anymore in the validation service. And the RequestBodyValidator only reads one byte to confirm the body is not empty. Only in case of JSON or form-data the whole body is read.

    Edit:
    Thanks for raising the issue. Apologies for the inconvenience. A fix is in progress.

  5. Sven Döring

    You’ll love it. Especially in your use case the validation will be considerably faster and more memory friendly.

  6. Log in to comment
Assignee
Type
bug
Priority
critical
Status
resolved
Votes
0
Watchers
1