Handle invalid API JSON input gracefully
What does this MR do and why?
Return a 400 when user provides unparseable JSON input
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
How to set up and validate locally
curl http://localhost:3000/api/v4/projects -X POST -H 'Content-Type: application/json' -d '{"test":"random_\$escaped/symbols\;here"}'
Note that the exception only happens with Grape and only with strings like these because:
- Grape uses
oj
to parse the JSON body whileActionDispatch
uses the defaultJSON
library - This JSON string can be parsed by
JSON
but notoj
: https://github.com/ohler55/oj/issues/541 - Our
HandleMalformedStrings
middleware catches invalid request bodies that cannot be parsed byActionDispatch
. So this does not get caught and goes on to get parsed by Grape.
Related to #439248 (closed)
Edited by Heinrich Lee Yu