Validate API input

[valentijnscholten]

Current Behavior

My log is full of these logs:

2023-02-06 09:30:42,873 ERROR [GlobalExceptionHandler] Uncaught internal server error
				  java.lang.IllegalArgumentException: Invalid UUID string: 	
				  java.base/java.util.UUID.fromString1(Unknown Source)
				  java.base/java.util.UUID.fromString(Unknown Source)
				  alpine.persistence.AbstractAlpineQueryManager.getObjectByUuid(AbstractAlpineQueryManager.java:563)
				  org.dependencytrack.resources.v1.BomResource.uploadBom(BomResource.java:259)
				  jdk.internal.reflect.GeneratedMethodAccessor199.invoke(Unknown Source)
				  java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
				  java.base/java.lang.reflect.Method.invoke(Unknown Source)

Of course this is clearly a mistake by the user/client, but this shouldn't result in a 500 error and also not in log messages at ERROR level. The response to the client is Uncaught internal server error, which doesn't help the client.

Proposed Behavior

• validate input fields like uuid for having the correct format
• supply validation errors (4xx) to the client in case of errors
• ideally log some info about what is wrong (without exposing too much internal/sensitive details)

Checklist

• I have read and understand the contributing guidelines
• I have checked the existing issues for whether this enhancement was already requested

[nscuro]

The suggestion I posted in #840 (comment) somewhat fits into this.

If we could define requests and their formats in the OpenAPI spec, the generated code would also have syntactic validation.

[nscuro]

Should be fixed in v4.11 via #3590, #3590, and #3659

[github-actions]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.