Remove leniency in msearch parsing (elastic#61771)

Extra characters after msearch request lines are currently ignored. This commit adds a check for extra chars and throws an exception if found. Fixes elastic#61771
limotova · Dec 9, 2023 · 936cb1a · 936cb1a
1 parent f74d18d
commit 936cb1a
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 3 deletions.
diff --git a/server/src/main/java/org/elasticsearch/action/search/MultiSearchRequest.java b/server/src/main/java/org/elasticsearch/action/search/MultiSearchRequest.java
@@ -28,6 +28,7 @@
 import org.elasticsearch.xcontent.ToXContent;
 import org.elasticsearch.xcontent.XContent;
 import org.elasticsearch.xcontent.XContentBuilder;
+import org.elasticsearch.xcontent.XContentParseException;
 import org.elasticsearch.xcontent.XContentParser;
 import org.elasticsearch.xcontent.XContentParserConfiguration;
 
@@ -243,6 +244,9 @@ public static void readMultiLineFormat(
                     XContentParser parser = xContent.createParser(parserConfig, stream)
                 ) {
                     Map<String, Object> source = parser.map();
+                    if (parser.nextToken() != null) {
+                        throw new XContentParseException(parser.getTokenLocation(), "Unexpected token after end of object");
+                    }
                     Object expandWildcards = null;
                     Object ignoreUnavailable = null;
                     Object ignoreThrottled = null;
@@ -304,6 +308,9 @@ public static void readMultiLineFormat(
             BytesReference bytes = data.slice(from, nextMarker - from);
             try (InputStream stream = bytes.streamInput(); XContentParser parser = xContent.createParser(parserConfig, stream)) {
                 consumer.accept(searchRequest, parser);
+                if (parser.nextToken() != null) {
+                    throw new XContentParseException(parser.getTokenLocation(), "Unexpected token after end of object");
+                }
             }
             // move pointers
             from = nextMarker + 1;

diff --git a/server/src/test/java/org/elasticsearch/action/search/MultiSearchRequestTests.java b/server/src/test/java/org/elasticsearch/action/search/MultiSearchRequestTests.java
@@ -30,6 +30,7 @@
 import org.elasticsearch.xcontent.NamedXContentRegistry;
 import org.elasticsearch.xcontent.ParseField;
 import org.elasticsearch.xcontent.XContentBuilder;
+import org.elasticsearch.xcontent.XContentParseException;
 import org.elasticsearch.xcontent.XContentParser;
 import org.elasticsearch.xcontent.XContentType;
 import org.elasticsearch.xcontent.json.JsonXContent;
@@ -87,7 +88,7 @@ public void testSimpleAdd() throws Exception {
 
     public void testFailWithUnknownKey() {
         final String requestContent = """
-            {"index":"test", "ignore_unavailable" : true, "unknown_key" : "open,closed"}}
+            {"index":"test", "ignore_unavailable" : true, "unknown_key" : "open,closed"}
             {"query" : {"match_all" :{}}}
             """;
         FakeRestRequest restRequest = new FakeRestRequest.Builder(xContentRegistry()).withContent(
@@ -103,7 +104,7 @@ public void testFailWithUnknownKey() {
 
     public void testSimpleAddWithCarriageReturn() throws Exception {
         final String requestContent = """
-            {"index":"test", "ignore_unavailable" : true, "expand_wildcards" : "open,closed"}}
+            {"index":"test", "ignore_unavailable" : true, "expand_wildcards" : "open,closed"}
             {"query" : {"match_all" :{}}}
             """;
         FakeRestRequest restRequest = new FakeRestRequest.Builder(xContentRegistry()).withContent(
@@ -121,7 +122,7 @@ public void testSimpleAddWithCarriageReturn() throws Exception {
 
     public void testDefaultIndicesOptions() throws IOException {
         final String requestContent = """
-            {"index":"test", "expand_wildcards" : "open,closed"}}
+            {"index":"test", "expand_wildcards" : "open,closed"}
             {"query" : {"match_all" :{}}}
             """;
         FakeRestRequest restRequest = new FakeRestRequest.Builder(xContentRegistry()).withContent(
@@ -542,6 +543,41 @@ public void testEqualsAndHashcode() {
         checkEqualsAndHashCode(createMultiSearchRequest(), MultiSearchRequestTests::copyRequest, MultiSearchRequestTests::mutate);
     }
 
+    public void testFailOnExtraCharacters() throws IOException {
+        try {
+            parseMultiSearchRequestFromString("""
+                {"index": "test"}{{{{{extra chars that shouldn't be here
+                { "query": {"match_all": {}}}
+                """, null);
+            fail("should have caught first line; extra open brackets");
+        } catch (XContentParseException e) {
+            assertEquals("[1:18] Unexpected token after end of object", e.getMessage());
+        }
+        try {
+            parseMultiSearchRequestFromString("""
+                {"index": "test"}
+                { "query": {"match_all": {}}}{{{{even more chars
+                """, null);
+            fail("should have caught second line");
+        } catch (XContentParseException e) {
+            assertEquals("[1:30] Unexpected token after end of object", e.getMessage());
+        }
+        try {
+            parseMultiSearchRequestFromString("""
+                {}
+                { "query": {"match_all": {}}}}}}different error message
+                """, null);
+            fail("should have caught second line; extra closing brackets");
+        } catch (XContentParseException e) {
+            assertEquals(
+                "[1:31] Unexpected close marker '}': expected ']' (for root starting at "
+                    + "[Source: (org.elasticsearch.common.io.stream.ByteBufferStreamInput); line: 1, column: 0])\n"
+                    + " at [Source: (org.elasticsearch.common.io.stream.ByteBufferStreamInput); line: 1, column: 31]",
+                e.getMessage()
+            );
+        }
+    }
+
     private static MultiSearchRequest mutate(MultiSearchRequest searchRequest) throws IOException {
         MultiSearchRequest mutation = copyRequest(searchRequest);
         List<CheckedRunnable<IOException>> mutators = new ArrayList<>();