Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(cloud-function): sanitize pong/get input #11229

Merged
merged 1 commit into from
Jul 3, 2024
Merged

fix(cloud-function): sanitize pong/get input #11229

merged 1 commit into from
Jul 3, 2024

Conversation

caugner
Copy link
Contributor

@caugner caugner commented May 31, 2024
edited
Loading

Summary

(MP-1167)

Problem

We don't validate/sanitize the input on the /pong/get endpoint, causing HTTP 500 errors in our logs.

Solution

Validate and sanitize the input.

Screenshots

Before

% xh post http://localhost:5100/pong/get
HTTP/1.1 500 Internal Server Error
Connection: keep-alive
Content-Length: 49
Content-Type: text/html; charset=utf-8
Date: Fri, 31 May 2024 17:33:11 GMT
Keep-Alive: timeout=5
X-Google-Status: crash

Cannot read properties of null (reading 'filter')

% xh post http://localhost:5100/pong/get --json 'pong:="foo"' 
HTTP/1.1 500 Internal Server Error
Connection: keep-alive
Content-Length: 49
Content-Type: text/html; charset=utf-8
Date: Fri, 31 May 2024 17:32:54 GMT
Keep-Alive: timeout=5
X-Google-Status: crash

Cannot read properties of null (reading 'filter')

% xh post http://localhost:5100/pong/get --json 'pongs:=["foo"]'
HTTP/1.1 200 OK
Cache-Control: no-store
Connection: keep-alive
Content-Length: 2
Content-Type: application/json
Date: Fri, 31 May 2024 17:32:23 GMT
Keep-Alive: timeout=5

{}

% xh post http://localhost:5100/pong/get --json 'pongs:=["foo", "side"]'
HTTP/1.1 200 OK
Cache-Control: no-store
Connection: keep-alive
Content-Length: 2
Content-Type: application/json
Date: Fri, 31 May 2024 17:33:39 GMT
Keep-Alive: timeout=5

{}

After

% xh post http://localhost:5100/pong/get
HTTP/1.1 400 Bad Request
Cache-Control: no-store
Connection: keep-alive
Content-Length: 20
Content-Type: application/json
Date: Fri, 31 May 2024 17:34:05 GMT
Keep-Alive: timeout=5

{
    "status": "invalid"
}

% xh post http://localhost:5100/pong/get --json 'pongs:="foo"'
HTTP/1.1 400 Bad Request
Cache-Control: no-store
Connection: keep-alive
Content-Length: 20
Content-Type: application/json
Date: Fri, 31 May 2024 17:34:18 GMT
Keep-Alive: timeout=5

{
    "status": "invalid"
}

% xh post http://localhost:5100/pong/get --json 'pongs:=["foo"]'
HTTP/1.1 400 Bad Request
Cache-Control: no-store
Connection: keep-alive
Content-Length: 18
Content-Type: application/json
Date: Fri, 31 May 2024 17:34:31 GMT
Keep-Alive: timeout=5

{
    "status": "empty"
}

% xh post http://localhost:5100/pong/get --json 'pongs:=["side","newType"]'
HTTP/1.1 200 OK
Cache-Control: no-store
Connection: keep-alive
Content-Length: 28
Content-Type: application/json
Date: Fri, 31 May 2024 17:34:44 GMT
Keep-Alive: timeout=5

{
    "status": "geo_unsupported"
}

How did you test this change?

Ran npm i && npm start in /cloud-function, and the following commands in a separate terminal:

xh post http://localhost:5100/pong/get
xh post http://localhost:5100/pong/get --json 'pongs:="foo"'
xh post http://localhost:5100/pong/get --json 'pongs:=["foo"]'
xh post http://localhost:5100/pong/get --json 'pongs:=["side","newType"]'

@caugner caugner requested a review from a team as a code owner May 31, 2024 17:17
@caugner caugner marked this pull request as draft May 31, 2024 17:24
@caugner caugner force-pushed the MP-1167-sanitize-pong-get-input branch from 7fa983d to e5c44c9 Compare May 31, 2024 17:31
@caugner caugner marked this pull request as ready for review May 31, 2024 17:36
@github-actions github-actions bot added the idle label Jun 30, 2024
@caugner caugner merged commit a35254b into main Jul 3, 2024
13 checks passed
@caugner caugner deleted the MP-1167-sanitize-pong-get-input branch July 3, 2024 12:40
@github-actions github-actions bot mentioned this pull request Jul 3, 2024
Merged
ferdnyc pushed a commit to ferdnyc/yari that referenced this pull request Jul 13, 2024
@caugner @ferdnyc
fix(cloud-function): sanitize pong/get input (mdn#11229)
f0e3e32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
idle placement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@caugner