[Regression in 2.11.2] Request body is corrupted when body is not validated
Issue #312
resolved
Context: We have a file upload endpoint that accepts image uploads.
When com.atlassian.oai.validator.springmvc.OpenApiValidationService
completes request validation and calls servletRequest.resetInputStream()
the request body gets replaced by a fixed one-byte body.
Cause: com.atlassian.oai.validator.springmvc.ResettableRequestServletWrapper#resetInputStream
has this code:
} else if (servletInputStream instanceof WrappedOriginalServletInputStream) {
final WrappedOriginalServletInputStream wrapped = (WrappedOriginalServletInputStream) servletInputStream;
// At this point wrapped
this.servletInputStream = new CachedServletInputStream(wrapped.cachedContent, wrapped.chunkSize, wrapped.count);
this.contentLength = wrapped.count;
If request body is not validated (e.g. it was image/gif
), then at this point wrapped
has the following attributes:
count
= 1cachedContent
= 8KB byte arraywith only the first byte set
This makes the request content to become just one byte.
Comments (5)
-
-
PR #186 has been added.
-
- changed status to resolved
Available in v2.11.3
-
reporter Thank you both for a quick fix and release.
-
You’ll love it. Especially in your use case the validation will be considerably faster and more memory friendly.
- Log in to comment
Yes, I can confirm. Haven't thought of that.
The request body isn’t read anymore in the validation service. And the RequestBodyValidator only reads one byte to confirm the body is not empty. Only in case of JSON or form-data the whole body is read.
Edit:
Thanks for raising the issue. Apologies for the inconvenience. A fix is in progress.