Skip to content

Commit

Permalink
api: ensure ACL role upsert decode error returns a 400 status code. (#…
Browse files Browse the repository at this point in the history 
…15253)
  • Loading branch information
@jrasell
jrasell committed Nov 18, 2022
1 parent c495cd9 commit faabc2b
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 1 deletion.
22 changes: 22 additions & 0 deletions .semgrep/http_endpoint.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
rules:
- id: "http-endpoint-request-decode-error-code"
patterns:
- pattern: |
if err := decodeBody(...); err != nil {
return nil, CodedError(...)
}
- pattern-not-inside: |
if err := decodeBody(...); err != nil {
return nil, CodedError(400, ...)
}
- pattern-not-inside: |
if err := decodeBody(...); err != nil {
return nil, CodedError(http.StatusBadRequest, ...)
}
message: "HTTP endpoint request decode should return http.StatusBadRequest"
languages:
- "go"
severity: "ERROR"
paths:
include:
- "command/agent/*_endpoint.go"
2 changes: 1 addition & 1 deletion command/agent/acl_endpoint.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -477,7 +477,7 @@ func (s *HTTPServer) aclRoleUpsertRequest(
// Decode the ACL role.
var aclRole structs.ACLRole
if err := decodeBody(req, &aclRole); err != nil {
return nil, CodedError(http.StatusInternalServerError, err.Error())
return nil, CodedError(http.StatusBadRequest, err.Error())
}

// Ensure the request path ID matches the ACL role ID that was decoded.
Expand Down

0 comments on commit faabc2b

Please sign in to comment.