honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Make query parsing stricter by requiring each parser to stop at END_OBJECT token 

Instead of being lenient in QueryParseContext#parseInnerQueryBuilder we check that the token where the parser stopped reading was END_OBJECT, and throw error otherwise. This is a best effort to verify that the parsers read a whole object rather than stepping out in the middle of it due to malformed queries.
This commit is contained in:
javanna 2016-08-03 20:55:00 +02:00 committed by Luca Cavanna
parent 43fee1d7fa
commit 0ac7dd6137
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
core/src/main/java/org/elasticsearch/index/query/QueryParseContext.java
View File

@ -115,10 +115,11 @@ public class QueryParseContext implements ParseFieldMatcherSupplier {
@SuppressWarnings("unchecked") @SuppressWarnings("unchecked")
Optional<QueryBuilder> result = (Optional<QueryBuilder>) indicesQueriesRegistry.lookup(queryName, parseFieldMatcher, Optional<QueryBuilder> result = (Optional<QueryBuilder>) indicesQueriesRegistry.lookup(queryName, parseFieldMatcher,
parser.getTokenLocation()).fromXContent(this); parser.getTokenLocation()).fromXContent(this);
if (parser.currentToken() == XContentParser.Token.END_OBJECT) { if (parser.currentToken() != XContentParser.Token.END_OBJECT) {
// if we are at END_OBJECT, move to the next one... throw new ParsingException(parser.getTokenLocation(),
parser.nextToken(); "[" + queryName + "] malformed query, expected [END_OBJECT] but found [" + parser.currentToken() + "]");
} }
parser.nextToken();
return result; return result;
} }